Page last updated on July 16, 2024
SJW GROUP reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-22 20:15:38 EST.
Filings
10-K filed on 2024-02-22
SJW GROUP filed a 10-K at 2024-02-22 20:15:38 EST
Accession Number: 0000766829-24-000023
Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!
Item 1C. Cybersecurity.
Item 1C. Cybersecurity Cybersecurity Risk Management and Strategy We have taken critical steps to ensure the security and protection of our computer systems and networks. Our processes for assessment, identification and management of material risks from cybersecurity threats include routine monitoring of vulnerabilities, evaluations of new service providers, written policies for incident identification and management, and regular testing and assessment of our cybersecurity posture. We have integrated cybersecurity risk management as part of our company-wide culture. The measures undertaken include, but are not limited to, monthly cybersecurity training for all employees and frequent communication to all employees on the importance of cybersecurity measures. We have engaged third-party experts to assist us in monitoring and managing our cybersecurity process. Furthermore, we monitor cybersecurity threats at certain of our third-party vendors on a regular basis. As of the date of this report, we are not aware of any material risks from cybersecurity threats that have materially affected or are reasonably likely to materially affect the company, including our business strategy, results of operations, or financial condition. We have discussed cybersecurity risks that may affect the company in Item 1A , “Risk Factors,” under the headings, “The necessity for ongoing physical and technological security has resulted, and may continue to result, in increased operating costs,” “Water Utility Services rely on information technology and systems that are key to business operations. A system malfunction, security breach, cyber-attacks or other disruption that compromises our information and expose us to liability and adversely affect business operations. In addition, noncompliance could expose us to liability and adversely 26 affect business operations,” and “We may not be able to maintain adequate insurance coverage at reasonable costs, or at all, to cover all losses incurred in our operations.” Cybersecurity Governance We have implemented an internal risk assessment process that focuses on the principal risks that have been identified for us, including risks associated with our regulatory environment, business operations and continuity, compliance requirements, information technology and data storage and retrieval facilities, cyber risk, insurance coverage. The Audit Committee, pursuant to its charter, meets at least quarterly with senior leadership and other employees to discuss identified risks and the measures taken to control, manage and mitigate those risks, which include cyber and information security risk. On the basis of these meetings and discussions regarding such risks, the Chairman of the Audit Committee reports periodically to the full Board. The Vice President, Information Security Officer provides cybersecurity updates to the Audit Committee and other members of our senior management as appropriate at least quarterly. Our Vice President, Information Security Officer, and his team is responsible for leading enterprise-wide cybersecurity strategy, policy, standards, architecture, and processes, with the support of third-party experts. The Vice President, Information Security Officer has over 30 years of experience in information technology of which over 20 years is in cybersecurity, with industry experience in utilities, banking and e-commerce.
Company Information
Name | SJW GROUP |
CIK | 0000766829 |
SIC Description | Water Supply |
Ticker | SJW - NYSE |
Website | |
Category | Large accelerated filer |
Fiscal Year End | December 30 |