STEEL PARTNERS HOLDINGS L.P. 10-K Cybersecurity GRC - 2024-03-08

Page last updated on April 11, 2024

STEEL PARTNERS HOLDINGS L.P. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-08 07:54:17 EST.

Filings

10-K filed on 2024-03-08

STEEL PARTNERS HOLDINGS L.P. filed an 10-K at 2024-03-08 07:54:17 EST
Accession Number: 0001452857-24-000008

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity The Audit Committee (“Audit Committee”) of the Company s Board of Directors (the “Board”) is involved in the oversight of the Company’s enterprise risk management program, including risks of cybersecurity threats. In general, the Company seeks to address cybersecurity risks through a comprehensive, cross-functional approach that is focused on ensuring each operating company is implementing effective and efficient controls, technologies, and other processes to assess, identify, prevent and mitigate cybersecurity threats and effectively respond to cybersecurity incidents when they occur. Cybersecurity risk management and strategy Each operating company assesses its own cybersecurity risk profile and designs and implements technical safeguards and other risk management policies; however, as one of the critical elements of the Company’s overall enterprise risk management approach, the Company s cybersecurity program to which all operating companies are a part, includes: Collaboration: Through ongoing communications with management and the Company’s IT department, each operating company’s IT department monitors the prevention, detection, mitigation and remediation of cybersecurity threats and incidents applicable to the particular operating company in real time, and reports such threats and incidents to the Data Breach Response Team, who will then report to the Audit Committee when appropriate. Technical Safeguards: Although each operating company assesses and implements its appropriate technical safeguards for its business, generally the Company deploys technical safeguards that are designed to protect the Company’s information systems from cybersecurity threats such safeguards are evaluated and improved through vulnerability assessments and cybersecurity threat intelligence. Incident Response and Recovery Planning: The Company has established and maintains comprehensive incident response and recovery plans that address the Company’s response to a cybersecurity incident. The Company has adopted a Cybersecurity Incident Policy and has established a Data Breach Response Team to timely, consistently, and compliantly address cybersecurity threats that may occur despite the Company’s safeguards. Outside Consultants: The Company engages various outside consultants, including forensic specialists, public relations and data breach resolutions firms, outside attorneys and other third parties, to among other things, obtain information of a cybersecurity incident and isolate compromised systems and electronic data from further exposure; and determine and execute mitigation and remediation options and plans. Education and Awareness: The Company provides awareness training to its personnel regarding cybersecurity threats to help identify, avoid and mitigate cybersecurity threats, and to communicate the Company’s evolving information security policies, standards, processes and practices. Cybersecurity threats, including as a result of any previous cybersecurity incidents, have not materially affected the Company or its financial position, results of operations and/or cash flows. Governance As discussed above, the Board has delegated to the Audit Committee the responsibility for monitoring and overseeing the Company’s overall cybersecurity and other information technology risks, controls, strategies and procedures. The Audit Committee periodically evaluates the Company’s (and each operating company’s) information security strategies to ensure its effectiveness. The Company’s management reports to the Audit Committee as part of every quarterly scheduled meeting of the Audit Committee (or more frequently, as needed) regarding technological risk exposure and cybersecurity risk management strategy. In addition, the full Board may review and assess cybersecurity risks as part of its responsibilities for oversight of the Company s broad enterprise risk management program. The Company’s IT department, in coordination with the Company’s legal department, General Counsel (“GC”), Chief Financial Officer (“CFO”), Senior Vice President of Finance (“SVP Finance”) and as needed each operating company’s IT department (collectively, the “Data Breach Response Team”), works collaboratively to promptly respond to any cybersecurity incidents in accordance with the Company’s Cybersecurity Incident Policy. The Company’s response planning is reviewed annually and kept up to date with industry developments. Management’s Expertise The Company’s Senior Vice President, Information Technology, holds a Master’s degree in business administration and industrial psychology. He has served in various roles in information technology for over 26 years. Staying informed on 30 developments in the cyber industry is crucial to the Company’s effective prevention, detection, mitigation and remediation of any cybersecurity incidents.

Company Information