Perma-Pipe International Holdings, Inc. 10-K Cybersecurity GRC - 2024-04-26

Page last updated on April 26, 2024

Perma-Pipe International Holdings, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-04-26 09:25:00 EDT.

Filings

10-K filed on 2024-04-26

Perma-Pipe International Holdings, Inc. filed an 10-K at 2024-04-26 09:25:00 EDT
Accession Number: 0001437749-24-013321

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. CYBERSECURITY Risk Management and Strategy The Company’s policies and practices are based on frameworks and standards that address risks through a comprehensive, cross-functional approach that assess, identify, monitor, and mitigate material risks from cybersecurity threats as part of the overall enterprise risk management (“ERM”) process. This includes the collection and storage of data, and being responsive to incidents as they occur. Further, the Company’s processes and technology are utilized to develop, implement, and maintain appropriate measures to safeguard information systems in protecting the integrity, availability, and confidentiality of data. Additionally, the Company engages certain third parties to assist in network monitoring and control testing, among other functions of similar capacity. The Company’s cybersecurity program focuses on the following areas: Technological safeguards that are designed to protect the Company’s information systems from cybersecurity threats, including the prevention and detection of systems, access controls, and firewalls, which the Company assesses the vulnerability and cybersecurity threat and makes necessary improvements. Utilization of third parties as part of the Company’s risk-based approach in identifying and overseeing cybersecurity risks. The Company maintains an incident plan that addresses the Company’s response to a cybersecurity event, which is periodically reviewed and updated. While the Company is working to adopt the National Institute of Standards and Technology (“NIST”) cybersecurity framework, the Company’s on-going investment in information systems and utilization of external 3rd parties represents the best means for extensively testing both the design and operational effectiveness of cybersecurity controls, and to ensure continuity and functionality of the Company’s operating systems. As of the date of this report, the Company has not experienced any material cybersecurity events. However, the presence of new or more advanced forms of cybersecurity threats could have a material and adverse impact on the business, results of operations, and financial position. For further discussion relating to this topic, see Item 1A. Risk Factors “The Company’s information technology systems may be negatively affected by cybersecurity threats.” Governance The Audit Committee of the Board of Director’s has the responsibility of overseeing the Company’s cybersecurity risks. The Director of Information Technology provides periodic updates to the Board of Director’s regarding actions taken to mitigate the Company’s exposure and protection to cybersecurity risks. Management routinely evaluates the Company’s security processes, procedures, and systems to determine if enhancements are needed to reduce the possibility of a future cybersecurity event. This includes safeguards implemented by the Company, such as a multi-factor authentication process for remote access to systems restricted firewall settings network monitoring, email phishing tests, and enhancing the Company’s backup recovery strategy, among others. The Director of Information Technology is responsible for assessing, monitoring, and managing the Company’s cybersecurity risks. The Director of Information Technology has extensive experience in leading the Company’s information systems and has previously led cybersecurity teams for several large global organizations prior to joining the Company. The Director of Information Technology, along with members of management, inform the Audit Committee on cybersecurity risks by providing periodic updates regarding (i) Status of ongoing cybersecurity initiatives and strategies, (ii) The overall state of the Company’s security program and potential exposure to risks, and (iii) Incident reports and learning from any cybersecurity events. Further, the Director of Information Technology maintains an open dialog regarding any significant developments in cybersecurity risks, ensuring the Audit Committee’s oversight is proactive and responsive. In addition to periodic updates to the Audit Committee, the Director of Information technology, in his capacity, regularly informs the Chief Executive Officer (“CEO”) and the Chief Financial Officer (“CFO”) regarding matters related to cybersecurity risks and incidents. This ensures the highest level of management are informed of potential risks associated with cybersecurity that could have a material and adverse effect on the Company.

Company Information