PAM TRANSPORTATION SERVICES INC 10-K Cybersecurity GRC - 2024-03-13

Page last updated on April 11, 2024

PAM TRANSPORTATION SERVICES INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-13 16:35:24 EDT.

Filings

10-K filed on 2024-03-13

PAM TRANSPORTATION SERVICES INC filed an 10-K at 2024-03-13 16:35:24 EDT
Accession Number: 0001437749-24-007638

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Safeguarding the security and integrity of our systems, networks and data is an important element of our business activities. We invest in resources that help us develop and implement various cybersecurity programs and processes that are designed to assess, identify and manage material risks from cybersecurity threats and to address the ever-evolving cybersecurity landscape. Our cybersecurity program utilizes various risk mitigation techniques to manage cybersecurity risk by deploying enhanced detection tools. We conduct cybersecurity penetration tests, purple team exercises, and risk assessments through both internal subject matter experts and with the support of third parties to identify threats and vulnerabilities that could adversely impact our business operations. We also attempt to assess the cybersecurity risk profile of, and threats related to, our business partners, vendors and service providers through various assertions of their security practices. In the normal course, we engage assessors, consultants and other third parties to assist in various cyber-related matters. The underlying controls of our cybersecurity program utilize recognized practices and standards for cybersecurity and information technology security. Our risk-based approach enables us to design and implement cybersecurity programs that are specific to our corporate resources, customer profiles and business network. Our senior management team oversees our cybersecurity strategy and has the overall responsibility for assessing and managing our exposure to cybersecurity risk, with the audit committee of the board of directors providing board level oversight of the activities conducted by management to monitor and mitigate cybersecurity risks. Our corporate strategy for information security is led by our Chief Technology Officer (“CTO”), who develops and directs our information security strategy and policy. He also oversees the engineering and operations related to cybersecurity and issues the proper response when a cyber threat is detected. Our CTO has 22 years of experience in technology and 16 years in compliance and cybersecurity management. Cybersecurity strategy and updates are reviewed by our senior management team on a periodic basis. The audit committee periodically receives a report on cybersecurity matters and related risk exposure from our CTO or senior management and discusses this exposure and our risk management strategies and related controls with management and the internal and external auditors. When covered during an audit committee meeting, the chair of the audit committee reports on its discussion to the full board. We have experienced, and will continue to experience, cyber incidents in the normal course of our business. While our approach to cybersecurity risk management is intended to mitigate the threat of a cyber attack or other data compromising incident, it may not be successful in preventing all attacks which could have a significant adverse impact to our business and reputation. See Risk Factors above for additional information on risks related our business, including from risks related to cyber-attacks, compromised information security, and technology disruptions and failures. As of the date of this report, we are not aware of any risks from cybersecurity threats that have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations or financial condition. - 16 - Table of Contents

Company Information