EXPRO GROUP HOLDINGS N.V. 10-K Cybersecurity GRC - 2026-02-19

Page last updated on February 19, 2026

EXPRO GROUP HOLDINGS N.V. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2026-02-19 16:11:31 EST.

Filings

10-K filed on 2026-02-19

EXPRO GROUP HOLDINGS N.V. filed a 10-K at 2026-02-19 16:11:31 EST
Accession Number: 0001437749-26-004727

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity In the ordinary course of its business, the Company collects, uses, stores, and transmits digitally significant amounts of confidential, sensitive, proprietary, and personal information, including through its information technology systems and the use of certain third-party service providers. The security of this information and these systems is important to the Company's operations and business strategy. Accordingly, the Company has implemented processes designed to assess, identify, and manage risks from potential unauthorized occurrences, including those associated with third-party service providers, on or through its information technology systems that could adversely affect the confidentiality, integrity, or availability of such systems and the information residing therein. These processes are managed and monitored by a dedicated Cybersecurity and Infrastructure team, which is led by our Chief Information Officer, and include mechanisms, controls, technologies, systems, and other processes designed to prevent or mitigate data loss, theft, misuse, or other security incidents or vulnerabilities affecting the data and maintain a stable information technology environment. For example, we conduct penetration and vulnerability testing, data recovery testing, security audits, and annual and ongoing risk assessments. We engage third parties to perform monitoring and regular penetration testing. We have adopted an Incident Response Policy that applies in the event of a cybersecurity threat or incident that follows the National Institute of Standards and Technology framework. We also conduct regular employee trainings on cyber and information security, among other topics. In addition, we consult with outside advisors and experts, when appropriate, to assist with assessing, identifying, and managing cybersecurity risks, including to anticipate future threats and trends, and their impact on the Company's risk environment. Our Chief Information Officer, who reports to the Chief Financial Officer, and has over 30 years of experience managing information technology and cybersecurity matters, together with our executive management team, is responsible for assessing and managing cybersecurity risks. We consider cybersecurity, along with other significant risks that we face, within our overall enterprise risk management framework. In the last fiscal year, we have not identified risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents, that have materially affected us, but we face certain ongoing cybersecurity risks threats that, if realized, are reasonably likely to materially affect us. Additional information on cybersecurity risks we face is discussed in Part I, Item 1A, "Risk Factors," under the heading "Risks Related to Legal and Regulatory Requirements." The Board of Directors, as a whole and at the committee level, has oversight for the most significant risks facing us and for our processes to identify, prioritize, assess, manage, and mitigate those risks. The Nominating and Governance Committee has been designated by our Board to oversee cybersecurity risks. The Nominating and Governance Committee receives periodic updates on cybersecurity and information technology matters and related risk exposures from our Chief Information Officer. The Board also receives updates from management on cybersecurity risks on at least an annual basis.

Company Information