Page last updated on July 18, 2025
ADVANCE AUTO PARTS INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-02-26 16:27:44 EST.
Filings
10-K filed on 2025-02-26
ADVANCE AUTO PARTS INC filed a 10-K at 2025-02-26 16:27:44 EST
Accession Number: 0001158449-25-000064
Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!
Item 1C. Cybersecurity.
Item 1C. Cybersecurity. The Company has processes in place for assessing, identifying and managing risks from potential cyber threats and vulnerabilities. To protect the Company’s information systems from cyber threats, the Company uses a variety of tools, controls, technologies, methods, systems and other processes that are designed to prevent, detect, escalate, investigate, mitigate and/or remediate data loss, theft, misuse, unauthorized access or other security incidents or vulnerabilities affecting information systems and data. The Company’s Chief Information Security Officer (“CISO”) and Vice President, Chief Audit Executive , who oversees the Company’s enterprise risk management (“ERM”) framework, partner on definition and treatment of cyber risks. Cybersecurity is a component of the Company’s ERM framework and processes. The Company utilizes a range of capabilities to help identify and assess potential cyber threats and vulnerabilities, which feed into the development and regular updating of a risk mitigation plan to help manage the Company’s cybersecurity risk posture. The Company evaluates cyber security risks on an ongoing basis across several categories in terms of probability of the likelihood and magnitude of potential impact, using evaluation results to inform areas of focus and prioritization. The Company evaluates risks associated with use of third-party providers through a lifecycle-based approach, conducting risk-based due diligence before engagement, using contractual provisions to apportion risk, and for certain third-party providers, engaging in architectural review and validation at the beginning of engagement. The Company uses third parties to assist with penetration testing, simulated attacks and survey and other threat intelligence reporting on third parties, as well as review and enhancement of associated response processes. The Company’s cyber risk mitigation plan is reviewed on a bimonthly cadence with a cross-functional Cyber Steering Committee, the managerial governing body that regularly reviews the top cyber risks and receives reports on progress on key cyber initiatives. T he Company’s CISO leads the Cyber Steering Committee, which also includes individuals with experience identifying and managing enterprise risks, including the Company’s President and Chief Executive Officer, Executive Vice President, Chief Financial Officer, Executive Vice President, General Counsel and Corporate Secretary and Vice President, Chief Audit Executive, as well as individuals with technical expertise in information technology, data governance and cyber matters and/or experience in managing cyber incident responses, including the Company’s Executive Vice President, Chief Technology Officer, Vice President, Information Technology Operations and Senior Vice President, Deputy General Counsel and Chief Compliance Officer. The Internal Audit function assesses cyber security risks and audits components of cyber security on an annual basis. At least every three years, the Company uses an external party to evaluate the maturity of the program against the National Institute of Standards and Technology (“NIST”) Cybersecurity Framework. The Audit Committee of the Company’s Board of Directors is charged with reviewing, discussing with management and overseeing the Company’s information technology and cybersecurity risk. The Audit Committee receives reports on cybersecurity risk and management thereof at least semi-annually, and the full Board of Directors receives such reports at least annually. As of December 28, 2024, we are not aware of any instances of material cybersecurity incidents that impacted the Company in the last three years.
Company Information
| Name | ADVANCE AUTO PARTS INC |
| CIK | 0001158449 |
| SIC Description | Retail-Auto & Home Supply Stores |
| Ticker | AAP - NYSE |
| Website | |
| Category | Large accelerated filer |
| Fiscal Year End | January 2 |