Penumbra Inc 10-K Cybersecurity GRC - 2024-02-22

Page last updated on July 16, 2024

Penumbra Inc reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-22 16:46:55 EST.

Filings

10-K filed on 2024-02-22

Penumbra Inc filed a 10-K at 2024-02-22 16:46:55 EST
Accession Number: 0001321732-24-000025

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY. Risk management and strategy The Company’s cybersecurity program focuses primarily on securing and safeguarding computer systems, networks, cloud services, business applications, and data and is integrated in the Company’s overall risk management strategy and framework. The Company has implemented protocols to protect against cyber threats and ensure the containment and security of sensitive business data, including ongoing security reviews of critical systems, continuous monitoring of event data, and employee training programs, which processes are aligned with the Company’s overall business and operational goals and strategies. The Company also actively engages with key vendors, industry participants, and intelligence and law enforcement communities as part of its continuing efforts to evaluate and enhance the effectiveness of its information security policies and procedures. In 2023, the Company initiated efforts to streamline existing processes, enhance technological capabilities, and improve user experience and security. The Company employs strategic partnerships with third-party entities to leverage resources and technologies for operational support, optimization, and heightened security. Collaboration with third parties forms a critical part of the Company’s risk management strategy, facilitating effective management and mitigation of risks through partnerships, and ensuring adherence to applicable regulatory and industry standards. The Company incorporates supplier qualification processes and conducts thorough security and privacy risk assessments for third parties and lifecycle management. Overall, the Company believes it has established a robust framework for confidentiality, integrity, and availability of information, adhering to relevant security standards, practices, and compliance requirements. In addition, the Company maintains insurance to help protect against risks associated with cybersecurity threats. The Company does not believe that any risks from cybersecurity threats have materially affected, or are reasonably likely to materially affect, the Company, including the Company’s business strategy, results of operations, or financial condition. However, despite our efforts, we cannot eliminate all risks from cybersecurity threats, or provide assurances that we have not experienced an undetected cybersecurity incident. For more information about these risks, please see “Risk Factors - Failure to protect our information technology infrastructure against cyber-based attacks, network security breaches, service interruptions, or data corruption could significantly disrupt our operations and adversely affect our business and operating results.” in this Form 10-K. Governance The Company’s cybersecurity program is managed by its Chief Information Officer (“CIO”), whose team is responsible for leading enterprise-wide cybersecurity strategy, protocols, framework, standards and processes. The CIO, who has extensive experience in overseeing and managing information technology and security programs, is kept appraised of potential cybersecurity incidents, including the prevention, detection, mitigation and remediation thereof, through the work of the Company’s information technology team, which conducts and oversees ongoing security reviews of critical systems and continuous monitoring of event data. The CIO provides periodic reports to the Company’s Board of Directors, as well as its Chief Executive Officer and Chief Financial Officer and other members of senior management as appropriate. These reports include updates on cybersecurity risks and threats, the status of projects to strengthen the Company’s information security systems, ongoing compliance with applicable legal and regulatory frameworks and industry standards, assessments of the Company’s information security program, and the emerging threat landscape. The Company’s Board of Directors provides oversight of the Company’s cybersecurity program and helps guide the Company’s strategy for managing cybersecurity risks in the context of the Company’s overall risk management system.


Company Information

NamePenumbra Inc
CIK0001321732
SIC DescriptionSurgical & Medical Instruments & Apparatus
TickerPEN - NYSE
Website
CategoryLarge accelerated filer
Fiscal Year EndDecember 30