Markforged Holding Corp 10-K Cybersecurity GRC - 2024-03-15

Page last updated on April 11, 2024

Markforged Holding Corp reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-15 16:15:42 EDT.

Filings

10-K filed on 2024-03-15

Markforged Holding Corp filed an 10-K at 2024-03-15 16:15:42 EDT
Accession Number: 0000950170-24-032200

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Governance Related to Cybersecurity Risks Our board of directors holds overall oversight responsibility for the Company s strategy and risk management processes, including in relation to cybersecurity risks. Our board exercises its oversight function through the audit committee, which oversees the assessment and management of risk exposure across various areas, including cybersecurity. Our audit committee receives regular reports from our Chief Financial Officer on significant cybersecurity matters, including, where appropriate, whether any significant incidents have occurred. Our IT Security Steering Committee, which is led by our Chief Financial Officer, is composed of various members of our organization, including our Chief Human Resources Officer, VP of Software Engineering, and Senior Director of TechOps and Security. The IT Security Steering Committee is involved in oversight of cybersecurity risk. The IT Steering Committee exercises this function through our IT Security Team, which includes our Senior Director of TechOps and Security and our VP of Software Engineering who collectively have over 40 years of experience. The IT Security Team is responsible for the administration of our cyber program and works with various vendors and external providers to test and monitor for vulnerabilities and threats. We also engage our employees in our cybersecurity efforts through a process for employees to complete annual security and awareness training. Cybersecurity Risk Management and Strategy Our cybersecurity program is informed by industry standards and includes processes for identification, assessment, and management of cybersecurity risks. With support from external vendors, we conduct internal and external risk assessments to assess our cyber program and develop strategies for the management of cyber risks. We also employ vendors and external partners to monitor for and manage threats, and we engage in testing to identify vulnerabilities and use third-party tools to scan for potential risks. Our IT Security Team is informed about and monitors the prevention, management, and remediation of cybersecurity risks through various means, including by leveraging a managed security service provider and other third-party security software and technology services. Our managed security service provider is also tasked with testing, auditing, and monitoring the performance of our cybersecurity processes. We also maintain processes for reviewing and assessing vendor security before new engagements as part of our Vendor Advisory Board s function. We maintain processes to inform and update management and, as needed, the audit committee, about security incidents that may pose a significant risk for the business, as applicable. In accordance with our incident response policies, our IT Security Team and Chief Financial Officer are responsible for establishing incident response teams to manage cybersecurity incidents, should any arise. Although risks from cybersecurity threats have to date not materially affected us, and we do not believe they are reasonably likely to materially affect us, our business strategy, results of operations or financial condition, we have, from time to time, experienced threats and security incidents relating to our and our third party vendors information systems. For more information, please see Item 1A, Risk Factors.

Company Information