NATURAL GAS SERVICES GROUP INC 10-K Cybersecurity GRC - 2024-04-01

Page last updated on April 11, 2024

NATURAL GAS SERVICES GROUP INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-04-01 16:40:37 EDT.

Filings

10-K filed on 2024-04-01

NATURAL GAS SERVICES GROUP INC filed an 10-K at 2024-04-01 16:40:37 EDT
Accession Number: 0001084991-24-000017

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. - CYBERSECURITY Information Technology and Cybersecurity Risks. Our information technology, software and application systems ( digital technology ) has been an important part of our operations and our ability to compete successfully. We continue to invest in technology solutions to improve more inefficient systems, to streamline and automate workflows and to provide digital and mobile applications for our field service personnel. We are committed to maintaining robust cybersecurity measures, continuously evaluating and updating our cybersecurity practices, and being prepared to respond to and recover from cybersecurity incidents. We face ongoing risk from cybersecurity threats. There can be no assurance that our efforts will prevent or mitigate all cybersecurity events, which, if realized, could have a material impact on our operations and financial results. See Part I, Item 1A Risk Factors of this Report. Cybersecurity Incidents We have not experienced any material cybersecurity incidents nor have we identified risks from known threats that could likely materially impacted our operations or financial results. Management of Cybersecurity Risk During 2023, we adopted a Cybersecurity Event Plan ( Cybersecurity Plan ) which outlines how we identify and manage our cybersecurity risk. The Cybersecurity Plan contains the following elements: Incident Identification and Reporting outlines the steps used to promptly identify cybersecurity risks and report those through appropriate means Incident Assessment after collecting information about a potential risk or threat, a protocol has been developed and outlined that will allow a cross-functional team to assess the threat Incident Containment provides for action to be taken to isolate and attempt to contain and minimize any potential threat Resolution and Recovery outlines the steps to be taken, based upon the incident and the systems potentially impacted, to mitigate the potential impact of the threat and restore system access and functionality in the minimum amount of time Training and Awareness development of training and awareness programs to allow employees to understand how to promptly respond in the event of a perceived threat. Governance Our Board of Directors has an active role in oversight of our risks and is assisted by management in the exercise of these responsibilities. Our Manager of Information Technology prepares and gives a presentation to the Board at each of its quarterly meetings, which includes updates on cybersecurity. Our IT Manager is responsible for assessing and managing risks from cybersecurity threats and carrying out our formal cybersecurity event plan. Our IT Manager is responsible for reporting material incidents to our Chief Executive Officer, who in turn will report to the Lead Independent Director. Our IT Manager has over 20 years of information technology experience in the energy industry. 21

Company Information