WATSCO INC 10-K Cybersecurity GRC - 2024-02-23

Page last updated on July 16, 2024

WATSCO INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-23 16:52:42 EST.

Filings

10-K filed on 2024-02-23

WATSCO INC filed a 10-K at 2024-02-23 16:52:42 EST
Accession Number: 0001193125-24-044609

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Risk Management and Strategy We have established security practices and safeguards designed to help identify and protect against intentional and unintentional misappropriation or corruption of our information technology systems, data, and operational continuity. We regularly conduct risk assessments to identify potential cybersecurity threats, which include evaluating the likelihood and potential impact of these threats, identifying system and network vulnerabilities, and assessing the effectiveness of our existing controls. As part of our overall cybersecurity program, we engage specialized third-party vendors for certain cybersecurity functions including, but not limited to, incident response, penetration testing, and security operations center monitoring of our information technology environment. Identified risks are documented and communicated to the relevant stakeholders. Upon identification and assessment of risks, we develop and implement what we believe are appropriate measures to manage these risks, which may involve enhancing security controls, implementing new technologies, training employees, or changing business processes. We maintain change management processes, monitoring practices, and data protection measures to mitigate cybersecurity risks and continuously test our systems for potential threats. Such processes and practices to assess, identify, and manage cybersecurity incidents are integrated into our overall enterprise risk assessment process. Governance A dedicated management team at our corporate headquarters, which is led by our Director of Data Security (“DDS”) and composed of the Chief Technology Officer (“CTO”) and representatives from risk management, legal, internal audit, and finance departments, is responsible for assessing and managing our cybersecurity risks and data protection practices. The Audit Committee oversees the measures taken by this management team to monitor material risks associated with cybersecurity threats, a role crucial to maintaining a robust and effective cybersecurity risk management approach. The DDS and CTO provide formal briefings to the Audit Committee on various cybersecurity matters, including risk assessments, mitigation strategies, areas of emerging risks, and other areas of importance at least once a year, with the Board of Directors receiving updates periodically. Regular discussions on enterprise risks are held between the Audit Committee, Board of Directors, and senior management. Our DDS has more than 20 years of expertise in the information technology sector, with 10 years specifically dedicated to cybersecurity. This experience has fostered a thorough comprehension of cyber threat landscapes, defense strategies, and security technologies.


Company Information

NameWATSCO INC
CIK0000105016
SIC DescriptionWholesale-Hardware & Plumbing & Heating Equipment & Supplies
TickerWSO - NYSEWSO-B - NYSE
Website
CategoryLarge accelerated filer
Fiscal Year EndDecember 30