Page last updated on October 3, 2024
NVIDIA CORP reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-21 16:36:57 EST.
Filings
10-K filed on 2024-02-21
NVIDIA CORP filed a 10-K at 2024-02-21 16:36:57 EST
Accession Number: 0001045810-24-000029
Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!
Item 1C. Cybersecurity.
Item 1C. Cybersecurity Risk management and strategy We have in place certain infrastructure, systems, policies, and procedures that are designed to proactively and reactively address circumstances that arise when unexpected events such as a cybersecurity incident occur. These include processes for assessing, identifying, and managing material risks from cybersecurity threats. Our information security management program generally follows processes outlined in frameworks such as the ISO 27001 international standard for Information Security and we evaluate and evolve our security measures as appropriate. We consult with external parties, such as cybersecurity firms and risk management and governance experts, on risk management and strategy. Identifying, assessing, and managing cybersecurity risk is integrated into our overall risk management systems and processes, and we have in place cybersecurity and data privacy training and policies designed to (a) respond to new requirements in global privacy laws and (b) prevent, detect, respond to, mitigate and recover from identified and significant cybersecurity threats. We also have a vendor risk assessment process consisting of the distribution and review of supplier questionnaires designed to help us evaluate cybersecurity risks that we may encounter when working with third parties that have access to confidential and other sensitive company information. We take steps designed to ensure that such vendors have implemented data privacy and security controls that help mitigate the cybersecurity risks associated with these vendors. We routinely assess our high-risk suppliers’ conformance to industry standards (e.g., ISO 27001, ISO 28001, and C-TPAT), and we evaluate them for additional information, product, and physical security requirements. Refer to “Item 1A. Risk factors” in this annual report on Form 10-K for additional information about cybersecurity-related risks. Governance Information security matters, including managing and assessing risks from cybersecurity threats, remain under the oversight of the Company’s Board of Directors, or the Board. The Audit Committee of the Board, or the Audit Committee, also reviews the adequacy and effectiveness of the Company’s information security policies and practices and the internal controls regarding information security risks. The Audit Committee receives regular information security updates from management, including our Chief Security Officer and members of our security team. The Board also receives annual reports on information security matters from our Chief Security Officer and members of our security team. Our security efforts are managed by a team of executive cybersecurity, IT, engineering, operations, and legal professionals. We have established a cross-functional leadership team, consisting of executive-level leaders, that meets regularly to review cybersecurity matters and evaluate emerging threats. With oversight and guidance provided by the cross-functional leadership team, our information security teams refine our practices to address emerging security risks and changes in regulations. Our executive-level leadership team also participates in cybersecurity incident response efforts by engaging with the incident response team and helping direct the company’s response to and assessment of certain cybersecurity incidents. We have designated a Chief Security Officer that reports to our Senior Vice President of Software Engineering to manage our assessment and management of material risks from cybersecurity threats. Our Chief Security Officer’s cybersecurity expertise includes over 17 years of combined government and private sector assignments.
Company Information
Name | NVIDIA CORP |
CIK | 0001045810 |
SIC Description | Semiconductors & Related Devices |
Ticker | NVDA - Nasdaq |
Website | |
Category | Large accelerated filer |
Fiscal Year End | January 25 |