IMPINJ INC 10-K Cybersecurity GRC - 2024-02-12

Page last updated on July 16, 2024

IMPINJ INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-12 16:25:41 EST.

Filings

10-K filed on 2024-02-12

IMPINJ INC filed a 10-K at 2024-02-12 16:25:41 EST
Accession Number: 0000950170-24-013874

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk Management and Strategy We have established policies and processes for assessing, identifying and managing material cybersecurity risks, and have integrated these processes into our overall risk-management processes. We have also established policies and processes for managing and responding to material cybersecurity incidents. We routinely assess material cybersecurity risks, including potential unauthorized occurrences on, or conducted through, our information systems that may compromise the confidentiality, integrity or availability of those systems or information maintained in them. We conduct periodic risk assessments to identify cybersecurity threats, as well as assessments when there is a material change in our business practices that we believe could affect information systems that are vulnerable to cybersecurity threats. These risk assessments include identifying reasonably foreseeable internal and external risks and the potential harm if the risks were to materialize. We conduct these risk assessments directly and also engage third parties to support these processes. Following these risk assessments, we evaluate how to appropriately implement and maintain reasonable safeguards to mitigate identified risks; reasonably address any identified gaps in existing safeguards; and regularly monitor the effectiveness of our safeguards. We devote significant resources and designate members of our management, including our VP, IT and Facilities, or VP IT, who reports to our Chief Financial Officer, and our Senior Information Security Manager, or Senior ISM, to manage the risk assessment and mitigation process. We also engage third parties to help us design and implement our cybersecurity systems, as well as monitor and test our safeguards. As part of our overall risk management, we collaborate cross-functionally to monitor and test our safeguards and to train our employees on cybersecurity risks and safeguards. We include employees at all levels and departments, and all contractors, in our cybersecurity training programs. We require appropriate third-party service providers to certify that they can implement and maintain appropriate security measures, consistent with all applicable laws, in connection with their work for us, and to promptly report any suspected breach of their security measures that may affect our company. We oversee and identify risks from cybersecurity threats associated with our use of service providers through an onboarding vendor risk management program, including an inherent risk assessment. We have not, to date, experienced a cybersecurity incident which was determined to be material, although, like any technology provider, we have experienced incidents in the past. For additional information regarding whether any risks from cybersecurity threats are reasonably likely to materially affect our company, including our business strategy, results of operations, or financial condition, please refer to Item 1A, “Risk Factors,” in this annual report on Form 10-K, including the risk factors under the heading entitled “Risks Relating to Privacy and Cybersecurity.” Cybersecurity Governance One of the key functions of our board of directors is informed oversight of our risk management process, including risks from cybersecurity threats. Our board of directors is responsible for monitoring and assessing our strategic risk exposure, and our executive officers are responsible for day-to-day management of the material risks we face. Our board of directors administers its cybersecurity risk-oversight function as a whole, as well as through the audit committee. Our VP IT and Senior ISM are responsible for assessing and managing material risks from cybersecurity threats, as well as managing and responding to material cyber incidents if any occur. Our VP IT has a bachelor’s degree in management information systems and more than 25 years experience managing enterprise information-technology systems and resources. Our Senior ISM has an undergraduate degree in management information systems, an MBA and multiple professional cybersecurity certifications, has specialized in cybersecurity for more than a decade and is focused primarily on cybersecurity. Our VP IT and Senior ISM will provide periodic briefings to the audit committee and to the board of directors about our cybersecurity risks and activities, including cybersecurity incidents and responses, cybersecurity systems testing, third-party activities and related topics. In addition, our policies for managing and responding to cybersecurity incidents include procedures for appropriate escalations to our Chief Compliance Officer and to our audit committee chair.


Company Information

NameIMPINJ INC
CIK0001114995
SIC DescriptionElectronic Components, NEC
TickerPI - Nasdaq
Website
CategoryLarge accelerated filer
Fiscal Year EndDecember 30