Ranpak Holdings Corp. 10-K Cybersecurity GRC - 2024-03-14

Page last updated on April 11, 2024

Ranpak Holdings Corp. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-14 15:25:23 EDT.

Filings

10-K filed on 2024-03-14

Ranpak Holdings Corp. filed an 10-K at 2024-03-14 15:25:23 EDT
Accession Number: 0000950170-24-031390

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Cybersecurity risk management is an integral part of the Company s overall enterprise risk management framework. Our technology team, together with third-party information security experts, has designed our cybersecurity risk management program with industry best practices in mind and to provide a roadmap for handling cybersecurity threats and incidents, including threats and incidents associated with our use of third-party service providers, and facilitate cross-functional coordination within the Company. This roadmap includes steps for assessing the severity of a cybersecurity threat, identifying the source of a cybersecurity threat including whether the cybersecurity threat is associated with a third-party service provider, implementing cybersecurity countermeasures and mitigation strategies and informing management and our board of directors of material cybersecurity threats and incidents. 26 Specifically, our technology team relies on third-party information security experts for risk assessment, monitoring, and system enhancements. In addition, our technology team provides training to all employees periodically, on an ongoing basis. Our audit committee of the board of directors is responsible for ensuring that management has processes in place designed to identify and evaluate risks, including cybersecurity risks, to which the company is exposed and implements processes and programs to manage cybersecurity risks and mitigate cybersecurity incidents. Our board of directors and/or our audit committee receive regular updates throughout the year on cybersecurity risks. At least annually, each of our board of directors and/or our audit committee receives reports on cybersecurity matters and related risk exposures from our Chief Technology Officer, or CTO. When covered during an audit committee meeting, the audit committee reports on its discussion of cybersecurity risks to the full board of directors. Management, together with third-party information security service providers, is responsible for assessing material cybersecurity risks on an ongoing basis, ensuring processes are established to monitor and respond to such potential cybersecurity risks, putting in place appropriate mitigation measures and maintaining cybersecurity programs. Our cybersecurity programs are under the direction of our CTO, who receives reports from our third-party information security service providers and technology team and monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents as well as resource levels, technology trends and third-party provider risks. Our CTO and technology team are experienced information systems security professionals and information security managers with many years of experience. Management, including the CTO and our technology team, periodically update the audit committee on the company s cybersecurity programs, material cybersecurity risks and mitigation strategies and provide cybersecurity reports annually that cover, among other topics, third-party assessments of the company s cybersecurity programs, developments in cybersecurity and updates to the company s cybersecurity programs and mitigation strategies. Despite our efforts, we cannot eliminate all risks from cybersecurity threats, or provide assurances that we have not experienced an undetected cybersecurity incident. For more information about these risks, please see Risk Factors General Risk Factors Cyber risk and the failure to maintain the integrity of our operational or security systems or infrastructure, or those of third parties with which we do business, could have a material adverse effect on our business, financial condition or results of operations. in this annual report on Form 10-K.

Company Information