FLOWSERVE CORP 10-K Cybersecurity GRC - 2024-02-20

Page last updated on July 16, 2024

FLOWSERVE CORP reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-20 16:12:55 EST.

Filings

10-K filed on 2024-02-20

FLOWSERVE CORP filed a 10-K at 2024-02-20 16:12:55 EST
Accession Number: 0000030625-24-000025

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Governance Our Board of Directors has delegated the primary responsibility to oversee cybersecurity matters to the Finance and Risk Committee of our Board of Directors. The Finance and Risk Committee receives regular reports from management, including our Chief Information Officer (CIO), and reports to the Board of Directors at least annually on data protection and cybersecurity matters and reviews the measures implemented by the Company to identify and mitigate data protection and cybersecurity risks. In addition to regularly scheduled Finance and Risk Committee reviews, we have in place processes and protocols by which certain cybersecurity incidents are reported immediately to the Company’s executive leadership team, and subsequently thereafter, as appropriate to the Finance and Risk Committee. Our CIO and our Director of Cybersecurity, who reports in to the CIO, have extensive cybersecurity knowledge and skills gained from over 30 years of work experience at the Company and elsewhere, respectively, and head the team responsible for implementing and maintaining cybersecurity and data protection practices across our business. Reporting to our Chief Information Officer and Director of Cybersecurity are a number of experienced information security specialists responsible for various parts of our business, each of whom is supported by a team of trained cybersecurity 23 professionals. The CIO and Director of Cybersecurity are informed about and monitor the prevention, detection, mitigation, and remediation of cybersecurity incidents through reports from this team and regularly review risk management measures implemented by the Company to identify and mitigate cyber security risks. The CIO also attends regular meetings of the Finance and Risk Committee to report information on material risks from cybersecurity threats. Risk Management and Strategy We have documented processes in place for assessing, identifying, and managing material risks from potential unauthorized occurrences on or through our electronic information systems that may result in adverse effects on the confidentiality, integrity, and availability of our information systems and the information residing therein. These include a wide variety of mechanisms, controls, technologies, methods, systems, and other processes designed to prevent or mitigate data loss, theft, misuse, or other security incidents or vulnerabilities affecting the data we collect, process, store, and transmit as part of our business. We also employ systems and processes designed to oversee, identify, and reduce the potential impact of a security incident at a third-party vendor or customer. As part of our risk management process and compliance with our ISO 27001 cybersecurity certification requirements, we conduct penetration testing, security audits, and ongoing risk assessments using a company-wide risk framework. We also require employees with access to information systems, to undertake data protection and cybersecurity training and compliance programs as part of the employee onboarding process, as well as annually thereafter. In addition to our in-house cybersecurity capabilities, we engage consultants and other third parties as necessary to assist with assessing, identifying, and managing cybersecurity risks. With respect to incident response, we have adopted a Cybersecurity Incident Response Policy (the “CIRP”), which provides governance and guidance in responding to cybersecurity incidents. The CIRP sets out a coordinated approach to investigating, containing, documenting and mitigating incidents, including reporting findings and keeping senior management and other key stakeholders informed and involved as appropriate. In general, the CIRP aligns with the ISO 27001 standard. The CIRP applies to all Company personnel (including third-party contractors, vendors and partners) that perform functions or services that require access to secure Company information, and to all devices and network services that are owned or managed by the Company. Cybersecurity risks and the adequacy of associated mitigations are analyzed by senior leadership as part of the enterprise risk assessments that are reported to and discussed by our Board of Directors. To date, risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, have not materially affected us, including our business strategy, results of operations or financial condition, and we do not believe that such risks are reasonably likely to have such an effect over the long term. While we have not experienced any material cybersecurity incidents, there can be no guarantee that we will not be the subject of future successful incidents. For additional information on cybersecurity risks we face, see “Item 1A. Risk Factors”, of this Annual Report, which should be read in conjunction with the foregoing information.


Company Information

NameFLOWSERVE CORP
CIK0000030625
SIC DescriptionPumps & Pumping Equipment
TickerFLS - NYSE
Website
CategoryLarge accelerated filer
Fiscal Year EndDecember 30