Shimmick Corp 10-K Cybersecurity GRC - 2024-03-28

Page last updated on April 11, 2024

Shimmick Corp reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-28 16:05:44 EDT.

Filings

10-K filed on 2024-03-28

Shimmick Corp filed an 10-K at 2024-03-28 16:05:44 EDT
Accession Number: 0000950170-24-038024

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C . Cybersecurity. We maintain a data security plan designed to provide a documented and formalized information security policy to detect, identify, classify and mitigate internal and external cybersecurity and other data security threats. This cybersecurity program is based in-part on, and its effectiveness is measured using applicable industry standards, and is included into our overall enterprise risk management program. In furtherance of detecting, identifying, classifying and mitigating cybersecurity and other data security threats, we also: assess and analyze baseline configuration standards to ensure that they meet the intent and effectiveness required for the overall safety and security (both logically and physically) of critical system components ensure the asset inventory for relevant system components is kept current and accurate ensure that network connection arrangement documents are kept current and accurate limit access rights to system components to authorized personnel only, with all end-users being properly granted access in accordance with stated access rights policies and procedures deploy anti-virus solutions on all applicable system components, with the respective anti-virus solutions being the most current versions available from applicable vendors, enabled for automatic updates and configured for conducting periodic scans as necessary provision, hardens, secures and locks down critical system resources use internal and external vulnerability scanning procedures, along with network layer and anti-hacking tests facilitate requests for validation of baseline configurations for purposes of regulatory compliance assessments and audits and provide mandatory training and optional certification accreditation for purposes of maintaining an acceptable level of information security expertise necessary for configuration management. Conducting our businesses involves the collection, storage, use, disclosure, processing, transfer, and other handling of a wide variety of information, including personally identifiable information, for various purposes in our businesses. Like other comparable-sized companies that process a wide variety of information, our information technology systems, networks and infrastructure and technology have been, and may in the future be, vulnerable to cybersecurity attacks and other data security threats. These types of attacks are constantly evolving, may be difficult to detect quickly, and often are not recognized until after they have been launched against a target. For more information about these and other cybersecurity risks faced by us, see Risk Factors Risks Related to Our Business and Industry We rely on IT systems to conduct our business, and disruption, failure or security breaches of these systems could adversely affect our business and results of operations and Cybersecurity attacks on or breaches of our information technology environment could result in business interruptions, remediation costs and/or legal claims . Our board of directors has ultimate oversight for risks relating to our data security plan. In addition, the board of directors has delegated primary responsibility to the Audit Committee for assessing and managing data privacy and cybersecurity risks, reviewing data security and cybersecurity policies and processes with respect to data privacy and cybersecurity risk assessment and management, reviewing steps management has taken to monitor and control such risks, and regularly inquires with our management team, internal auditors and independent auditors in 43 connection therewith. The Audit Committee is also responsible for overseeing our investigation of, and response to, any cybersecurity attacks or threats. We also have a dedicated team of employees overseeing its data security plan and initiatives, led by our Director of IT, and works directly in consultation with internal and external advisors in connection with these efforts. With over fifteen years of experience in the field of cybersecurity, our Director of IT brings a wealth of expertise to his role. His background includes extensive experience in all facets of information technology and information security. His in-depth knowledge and experience are instrumental in developing and executing our cybersecurity strategies. We have developed a procedure by which the board of directors and management are informed about relevant cybersecurity risks, allowing for effective cybersecurity oversight and the ability of the Company to monitor, prevent, detect, mitigate and remediate cybersecurity incidents. The results of the our evaluations and the feedback from its engagements are used to drive alignment on, and prioritization of, initiatives to enhance our cybersecurity strategies, policies, and processes and make recommendations to improve processes. In the event of a potential or actual cybersecurity event, the Director of IT immediately notifies general counsel at which point the information security incident response plan is activated if warranted. The information security incident response plan provides the procedures for responding, including personnel required to be informed and updated. The board of directors is informed promptly in the event such incident is, or is reasonably expected to have, a material impact on operations or financial condition.

Company Information