ITRON, INC. 10-K Cybersecurity GRC - 2024-02-26

Page last updated on July 16, 2024

ITRON, INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-26 14:54:12 EST.

Filings

10-K filed on 2024-02-26

ITRON, INC. filed a 10-K at 2024-02-26 14:54:12 EST
Accession Number: 0000780571-24-000006

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C: Cybersecurity In order to address cybersecurity risks and threats, we have in place teams, processes, and programs for protecting company and customer information. We have an Information Security Steering Committee (ISSC), whose purpose is to oversee the overall information security program as well as product security and data protection. The ISSC consists of senior executives, including our CEO and CFO. The ISSC meets quarterly to discuss strategy and general updates and is advised by company personnel with expertise and experience in cybersecurity risk management. In the event of a significant cybersecurity or data privacy incident, the ISSC members are notified and updated on the status of the incident by an Incident Response Team. We have a risk management process utilizing a Governance, Risk, and Compliance system. Our security program uses a “defense in depth” philosophy, meaning that multiple controls must be breached for an attack to be successful. We maintain a series of both protective and detective controls to ensure any breakdown or bypass of protection mechanisms is detected and escalated for response. We perform logging and monitoring across systems, directed to a centralized, secure logging system operated by the Information Security team. Significant events are assessed on a case-by-case basis for their potential impact and whether they could potentially become material. We hold certifications to meet the requirements of our customers and regulators, such as ISO 27001, IEC62443, and others. In addition, Itron maintains SOC 1 and/or SOC 2 attestations for the majority of our customer-facing managed services businesses. We maintain a cybersecurity incident policy, which provides guidelines for engaging our Board of Directors (the Board) in material cybersecurity incidents and events, including potential ransomware payments. Executive management reports on the status of the ISSC to the Board on a regular basis. At each Board meeting, a summary is provided covering the periodic assessment of Itron’s Information Security Program. Semiannually, a summary is provided to the Board about Itron’s internal response preparedness and assessments of risks. At each Board meeting, information regarding the current maturity level of the program, as measured against the National Institutes of Standards and Technology Cybersecurity Framework, is presented. Due to the nature of our business, a material security incident could have a significant impact on both our brand reputation and our ability to deliver services to our clients. During the period of this report, we have experienced no material cybersecurity incidents, nor any resulting materially adverse effects.


Company Information

NameITRON, INC.
CIK0000780571
SIC DescriptionInstruments For Meas & Testing of Electricity & Elec Signals
TickerITRI - Nasdaq
Website
CategoryLarge accelerated filer
Fiscal Year EndDecember 30