Page last updated on July 16, 2024
KAMAN Corp reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-22 16:35:51 EST.
Filings
10-K filed on 2024-02-22
KAMAN Corp filed a 10-K at 2024-02-22 16:35:51 EST
Accession Number: 0000054381-24-000005
Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!
Item 1C. Cybersecurity.
ITEM 1C. CYBERSECURITY The Company maintains a commitment to cybersecurity using a combination of policy, technology, and training across the corporation. Emerging threats and regulatory compliance require regular monitoring and maintenance of the information technology environment, which the Company accomplishes by using internal resources, contracted partners, and industry-standard practices to meet security goals. These include implementation of technical controls such as National Institute of Standards and Technology (“NIST”) SP 800-53 and NIST SP 800-171, and adherence to guidelines including Sarbanes-Oxley and the U.S. Department of Defense Federal Acquisition Regulation Supplement (“DFARS”). To address the risks to our information technology systems and data and as part of our Corporate Enterprise Risk Management program, we manage an information security program, which is designed to comply with the Department of Justice’s CMMC requirements, maintain strong incident reporting capabilities and perform daily off-site backups. Additionally, we have implemented business continuity plans and security precautions for our critical systems, including establishing a back-up data center. The Company’s cybersecurity protections are based on layered technologies supporting trained employees. Periodic testing of networks, systems, and personnel is performed to validate implementation and effectiveness of controls. Penetration testing, internal and external audit and annual review of policies and response plans are designed to provide a cybersecurity governance framework and independent verification that the Company maintains effective cybersecurity controls. Our information security team regularly monitors our network for anomalous activity and indications that track threat advisories from government security services, such as the Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Administration as well as commercial cybersecurity companies and information technology vendors. Automated tools and our third-party Security Operations Center provide alerts to our information security staff regarding potential threats. We perform annual assessments of information technology risk, including threats associated with our third-party service providers. We conduct diligence on all third-party providers we work with to evaluate their security practices consistent with our security principles, including compliance with regulatory and industry controls such as NIST 800-53 and System and Organization Controls reports. Cybersecurity risks, both internally and from third-party providers, are tracked quarterly as part of the Corporate Enterprise Risk Management program. As of the date of filing, there are no material risks from cybersecurity threats, including those resulting from previous incidents, that have or are reasonably likely to have a material impact on our business strategy, results of operations or financial conditions. Refer to Item 1A, Risk Factors , for further information and a discussion of a previous cybersecurity incident identified at the Company. The Audit Committee of the Board of Directors oversees the Company’s business risk assessment framework and identifies principal business risks confronting the Company, including cybersecurity issues. The Audit Committee also reviews and discusses with management the Company’s cybersecurity, data protection and information technology risks, controls and procedures and the Company’s plans to mitigate those risks. The Audit Committee discusses cybersecurity risks and exposures periodically with management as well as internal and external auditors. The VP, Information Technology and our internal audit 29 team provide the Audit Committee with quarterly or as needed updates on the performance of our program and information security matters and risk. The VP, Information Technology, along with the information technology organization, is primarily responsible for the assessment and management of material risks from cybersecurity threats. This individual is responsible for briefing our executive officers and their direct reports about information technology threats to the organization and recommended courses of action. The Company’s cybersecurity incident response plan includes measures for communicating with executive leadership about prevention, detection and remediation of identified information technology incidents. Members of the information technology organization, including the VP, Information Technology, directors and managers, maintain cybersecurity credentials, such as Certified Information Security Manager (“CISM”), Certified Information Systems Security Specialist (“CISSP”), Certified Information Systems Auditor (“CISA”) and Certified Data Privacy Solutions Engineer (“CDPSE”), as well as technology-specific qualifications for infrastructure and security used in the IT environment.
Company Information
Name | KAMAN Corp |
CIK | 0000054381 |
SIC Description | Guided Missiles & Space Vehicles & Parts |
Ticker | KAMN - NYSE |
Website | |
Category | Large accelerated filer |
Fiscal Year End | December 30 |