Page last updated on April 11, 2024
TransMontaigne Partners LLC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-15 16:03:06 EDT.
Filings
10-K filed on 2024-03-15
TransMontaigne Partners LLC filed an 10-K at 2024-03-15 16:03:06 EDT
Accession Number: 0001558370-24-003392
Item 1.05 Material Cybersecurity Incidents.
We have developed and implemented a cybersecurity framework intended to identify, assess, monitor and manage risks from cybersecurity threats to the security of our information, systems and network using a risk-based approach. Our framework is informed in part by the National Institute of Standards and Technology (NIST) Cybersecurity Framework, although our framework takes into account the particulars of our business and our diverse network of terminal operations and does not meet all the technical standards, specifications or requirements under the NIST. Additionally, the Company follows IT General Controls that were implemented to adhere to Sarbanes-Oxley internal controls.
We contract with external firms to assess the Company’s cybersecurity framework. In connection therewith, such firms conduct cybersecurity risk assessments, cybersecurity incident response, provide internal and external penetration testing and ongoing training to our Cybersecurity Group. The Company maintains a cybersecurity insurance policy. Additionally, we use processes to oversee and identify material risks from cybersecurity threats associated with our use of third-party technology and systems and third-party service providers.
As part of our risk management process, we conduct application security assessments, vulnerability management, penetration testing, security audits, and ongoing risk assessments. The Company maintains a variety of incident response plans that would be deployed in the event that a cybersecurity incident were detected. We require all of our employees to undertake data protection and cybersecurity training and compliance programs on an annual basis, which are administered and tracked through online learning modules.
Our critical business systems are fully redundant and backed up at separate locations. Separate business and SCADA networks allow for isolation of potential threats and enhance the security of these systems. We maintain a dedicated SCADA department, staffed around the clock, to evaluate and respond to significant events and incidents that may impact our pipeline operations. Anti-virus solutions are deployed on our SCADA systems and workstations in our data centers and control centers.
Our Cybersecurity Group oversees our policies and procedures for protecting our cybersecurity infrastructure and for compliance with applicable data protection and security regulations, and related risks. Our Director of IT Infrastructure, who has extensive cybersecurity knowledge, training and skills gained from over 30 years of work experience on cybersecurity and from technology leadership roles in the energy industry, heads the Cybersecurity Group responsible for implementing and maintaining our cybersecurity and data protection practices. The Director of IT Infrastructure reports directly to our Chief Financial Officer.
Significant threats are reviewed by the Cybersecurity Group to determine whether further escalation is appropriate. Any cybersecurity threat or incident assessed as potentially being or potentially becoming material is immediately escalated for further assessment and reported to designated members of our executive management team; namely our Chief Financial Officer, Chief Operating Officer and General Counsel, who, in addition to the Director of IT Infrastructure, are responsible for overseeing and managing material risks from cybersecurity threats. Further, the Company provides an annual cybersecurity assessment to ArcLight.
To date, our business strategy, results of operations and financial condition have not been materially affected, nor are they reasonably likely to be affected by risks from cybersecurity incidents or threats. Despite our efforts, we cannot eliminate all risks from cybersecurity threats or provide assurance that we will not be materially affected in the future by such risks or any future material incidents. For more information on our cybersecurity related risks, see Item 1A Risk Factors of this Annual Report on Form 10-K.
Company Information
| Name | TransMontaigne Partners LLC |
| CIK | 0001319229 |
| SIC Description | Pipe Lines (No Natural Gas) |
| Ticker | |
| Website | |
| Category | Non-accelerated filer |
| Fiscal Year End | December 30 |