Beauty Health Co 10-K Cybersecurity GRC - 2024-03-12

Page last updated on April 11, 2024

Beauty Health Co reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-12 17:17:22 EDT.

Filings

10-K filed on 2024-03-12

Beauty Health Co filed an 10-K at 2024-03-12 17:17:22 EDT
Accession Number: 0001628280-24-010638

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. Cybersecurity Risk Management and Strategy We have an enterprise-wide information security program designed to identify, protect, detect and respond to, and manage reasonably foreseeable cybersecurity risks and threats. To protect our information systems from cybersecurity threats, we utilize various security tools that help prevent, identify, escalate, investigate, resolve, and recover from identified vulnerabilities and security incidents in a reasonably timely manner. These include, but are not limited to, internal reporting and tools for monitoring and detecting cybersecurity threats. We also use third party security tools to help identify, assess, mitigate, and remediate cybersecurity threats however, we cannot guarantee that any third-party tools that we utilize will be successful in all circumstances, and whether such tools are appropriate for their level of risk. We evaluate the risks associated with technology and cybersecurity threats and monitor our information systems for potential weaknesses. We review and test our information technology system on an as-needed basis (and at least on an annual basis) and also utilize internal team personnel to evaluate and assess the efficacy of our information technology system and enhance our controls and procedures. The results of these assessments are reported to our Audit Committee and, from time to time, our Board of Directors. Our information technology systems are equipped to detect directed and non-directed attacks such as viruses and malware that can lead to interruptions and delays in the sale and service of our Delivery Systems and Consumables, general business operations, as well as loss, misuse of data, or theft of intellectual property, confidential information, and personal information (of third parties, employees, providers, and end consumers). However, as of the date of this report, these incidents have not had a material impact on our systems or business operations. Any significant disruption to our business operations or access to our systems could lead to a decline in operational effectiveness, result in a loss of our providers, and adversely affect our business and results of operation. In addition, a penetration of our systems or a third party s systems or other misappropriation or misuse of personal information could subject us to business, regulatory, litigation, and reputation risk, which could have a negative effect on our business, financial condition, and results of operations. For more information about the cybersecurity risks that we face, see the risk factor entitled, We are increasingly dependent on information technology, and if we are unable to protect against service interruptions, data corruption, cyber-based attacks or network security breaches, our operations could be disrupted in Part I, Item 1A Risk Factors in this Annual Report on Form 10-K. Cybersecurity Governance Our Board of Directors considers cybersecurity risk as part of its risk oversight function and has delegated to the Audit Committee oversight of cybersecurity and other information technology risks. The Audit Committee oversees management s implementation of our cybersecurity program. Management participates in discussions and updates the Audit Committee, as necessary, regarding any material cybersecurity incident as well as incidents with lesser potential impact. The Audit Committee reports to the full Board of Directors regarding its activities, including those related to cybersecurity. The full Board of Directors also receives briefings from management on our cyber risk program on an as-needed basis. Members of our Board of Directors receive presentations on cybersecurity topics from our Chief Information Security Officer, internal staff, or external experts as part of the Board of Directors continuing education on topics that impact public companies. 65 Our management team is responsible for assessing and managing our material risks from cybersecurity threats. The team (and team personnel who support our information security program) has primary responsibility for our overall cybersecurity program and supervises both our internal cybersecurity personnel and our retained external cybersecurity third party vendors and consultants. In addition, our team supervises efforts to prevent, detect, mitigate, and remediate cybersecurity risks and incidents through various means, which may include briefings from internal personnel, threat intelligence and other information obtained from governmental, public or private sources, including external vendors and consultants engaged by us, and alerts and reports produced by security tools deployed in the IT environment. The team is led by our Vice President - Software, Engineering, and IT, who also currently serves as our Interim Chief Information and Security Officer, and has over 24 years of industry experience leading IT for organizations of similar sizes. Team personnel who support our information security program have relevant educational and industry experience, including holding similar positions at previous large companies and government entities.

Company Information