SentinelOne, Inc. 10-K Cybersecurity GRC - 2024-03-27

Page last updated on April 11, 2024

SentinelOne, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-27 16:11:44 EDT.

Filings

10-K filed on 2024-03-27

SentinelOne, Inc. filed an 10-K at 2024-03-27 16:11:44 EDT
Accession Number: 0001583708-24-000016

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Cybersecurity Risk Management As part of our overall enterprise risk management program, we maintain a robust cybersecurity risk management program. The cross-functional group responsible for the cybersecurity risk management program includes members of our information security, data privacy and product security personnel, including members of our senior management team. Our cybersecurity program provides a foundation for identifying, monitoring, evaluating, and responding to cybersecurity threats and incidents, including those associated with our use of software, applications, services, and cloud infrastructure developed or provided by third-party vendors and service providers. This framework includes steps for identifying the source of a cybersecurity threat or incident, including whether such cybersecurity threat or incident is associated with a third-party vendor or service provider, assessing the severity and overall risk of a cybersecurity threat or incident, implementing cybersecurity countermeasures and mitigation or remediation strategies, and informing the relevant members of our senior management team, which informs the Audit Committee and our Board of Directors of material cybersecurity threats and incidents. We engage third parties, including vendors and other external service providers, to support our cybersecurity and data privacy processes. For example, we regularly engage independent third parties for penetration testing and evaluation of our various security compliance standards. We also conduct internal assessments of our cybersecurity risk management program. We review and update our cybersecurity policies, standards and procedures as needed, to account for changes in the threat and operational landscapes, as well as in response to legal and regulatory developments. Further, we require mandatory training for all employees and contractors on our cybersecurity and privacy policies. We also have processes to oversee and identify risks from cybersecurity threats associated with our use of third-party service providers. To that end, we maintain a comprehensive, risk-based approach to identifying and overseeing cybersecurity risks presented by third parties, including vendors, service providers and other external users of our systems, as well as the systems of third parties that could adversely impact our business in the event of a cybersecurity incident affecting those third-party systems. In addition, we perform diligence on our vendors and prospective vendors regarding their cybersecurity posture. Although we have continued to invest in our diligence, onboarding, and monitoring capabilities over our critical third parties, including our third-party vendors and service providers, our control over the security posture of our critical third parties is limited, and there can be no assurance that we can prevent or mitigate the risk of any compromise or failure in the information assets owned or controlled by such third parties. 66 Table of Contents A cross-functional incident response team, comprised of representatives from information security, information technology, privacy and legal, is responsible for the monitoring and disposition of potential occurrences such as data breaches, intrusions, and other security incidents and implementing our detailed incident response plan. Our incident response plan includes processes and procedures for assessing potential internal and external threats, activation and notification, and post-incident recovery designed to safeguard the confidentiality, availability, and integrity of our information assets. In fiscal 2024, and through the filing of this Annual Report on Form 10-K, cybersecurity threats, including as a result of any previous cybersecurity incidents, have not materially affected our business strategy, operating results, and/or financial condition. If we were to experience a material cybersecurity incident in the future, such an incident could potentially have a material effect, including on our business strategy, operating results, or financial condition. For more information regarding cybersecurity risks that we face and potential impacts on our business related thereto, see Part I, Item 1A, Risk Factors in this Annual Report on Form 10-K. Cybersecurity Governance Our Board of Directors has oversight responsibility for our overall enterprise risk management, and cybersecurity risk management in particular is regularly reviewed and overseen by our Audit Committee. The Audit Committee provides oversight and reviews management policies, processes, and procedures designed to identify, monitor, evaluate, and respond to cybersecurity risks to which the company is exposed. Management regularly reports to the Audit Committee regarding its process and procedures to mitigate or remediate cybersecurity risks, threats and incidents, along with monitoring activities of the cybersecurity team. Management is responsible for day-to-day risk management activities, including identifying and assessing cybersecurity risks, establishing processes to ensure that potential cybersecurity risk exposures are monitored, implementing appropriate mitigation or remediation measures, and maintaining cybersecurity programs. Our cybersecurity programs are under the direction of our Chief Information Officer, who is a member of our executive management team and closely coordinates as needed with other senior management personnel including the Deputy Chief Information Security Officer, the Chief Product and Technology Officer and the Chief Legal Officer, who collectively possess significant experience in evaluating, managing and mitigating security and other risks, including cybersecurity risks.

Company Information