Page last updated on July 28, 2025
HONEYWELL INTERNATIONAL INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-02-14 14:50:25 EST.
Filings
10-K filed on 2025-02-14
HONEYWELL INTERNATIONAL INC filed a 10-K at 2025-02-14 14:50:25 EST
Accession Number: 0000773840-25-000010
Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!
Item 1C. Cybersecurity.
We maintain a cybersecurity risk management program designed to assess, identify, manage, and govern material risks from cybersecurity threats. Our cybersecurity risk management program is a key component of our overall enterprise risk management program. We maintain cybersecurity policies and procedures in accordance with industry standard control frameworks and applicable regulations, laws, and standards. We maintain oversight of our cybersecurity risk management program via a corporate structure that includes a Cybersecurity Disclosure Committee, a Security Governance Council, the Audit Committee, and the Board.
We assess and evaluate cybersecurity-related risks on a quarterly basis or as needed, to determine whether any such risks have the potential to materially impact our business operations, revenue, and expenditures and to understand the degree of such risks relative to other risks faced by Honeywell. Our Chief Security Officer served in various roles in IT and information security for over 30 years, including security-related roles in technology deployments, product development, product security, supply chain, and operations. He holds a Bachelor of Science in computer science from the Georgia Institute of Technology.
Our Security Governance Council, which meets quarterly or as needed, is led by our Chief Security Officer and includes members of senior executive leadership. It maintains a security program designed to monitor and track key security performance indicators and provides regular updates to the Audit Committee. The Chief Security Officer also provides updates directly to the full Board once a year and directly to the Audit Committee at least twice a year or as needed. These updates cover information security, privacy, cyber risks, and risk management processes, including the status of significant incidents, the threat landscape, and security improvement projects.
Honeywell’s Cybersecurity Disclosure Committee receives updates at least quarterly or as needed from the global security organization. The committee includes the Chief Information Security Officer, Chief Security Officer, and senior representatives from finance, controllership, internal audit, investor relations, tax, and legal. This group informs the Security Governance Council and Audit Committee of any incidents that could materially impact the Company or its systems.
The Audit Committee of the Board, composed of independent members—four with notable cybersecurity oversight experience—is responsible for overseeing Honeywell’s IT and cybersecurity risks and regularly updates the Board. Oversight includes customer and employee data protection, trade secrets, cloud data security, persistent threats, and risks tied to the Company’s products and facilities.
Our Chief Information Security Officer reports to the Chief Security Officer and leads the global enterprise security team. This team handles information security strategy, architecture, and process execution across the enterprise. Responsibilities include infrastructure defense, vulnerability assessments, incident response, and defining security standards. The program uses a threat intelligence-driven approach and is aligned with ISO 22301 (business continuity), ISO 27001 (information security management), and NIST 800-171 (cybersecurity readiness). The CISO has over 20 years of experience in IT and security. The organization includes over 300 specialists in application security, compliance, vulnerability management, engineering, IAM, SOC, threat intelligence, and incident response.
We periodically engage third parties for internal security reviews and audits. The most recent was completed in the second half of 2024.
We rely on third-party providers for critical infrastructure, services, and solutions. Honeywell’s third-party risk management program evaluates vendor risk, including cybersecurity and supply chain threats. Business continuity and disaster recovery plans are in place, as is a cybersecurity insurance policy.
All employees with network access must complete mandatory cybersecurity, privacy, and information security training via tracked online modules. We also conduct cyber crisis tabletop exercises. Policy violations or misuse of information resources may result in disciplinary action.
To date, no cybersecurity threats or incidents have materially affected Honeywell’s business, strategy, operations, or financial condition. See the Risk Factors section titled “Our business, reputation, and financial performance may be materially impacted by cybersecurity attacks…” for more detail. We maintain internal and external response teams prepared for incident response.
Company Information
| Name | HONEYWELL INTERNATIONAL INC |
| CIK | 0000773840 |
| SIC Description | Aircraft Engines & Engine Parts |
| Ticker | HON - Nasdaq |
| Website | |
| Category | Large accelerated filer |
| Fiscal Year End | December 30 |