AGILITI, INC. DE 10-K Cybersecurity GRC - 2024-03-05

Page last updated on July 16, 2024

AGILITI, INC. DE reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-05 18:07:42 EST.

Filings

10-K filed on 2024-03-05

AGILITI, INC. \DE filed a 10-K at 2024-03-05 18:07:42 EST
Accession Number: 0001749704-24-000016

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. Cybersecurity Our Board is actively involved in oversight of the Company’s risk management program, and cybersecurity represents an important component of enterprise risk management (“ERM”). The Company’s cybersecurity policies, standards, processes and practices are fully integrated into the Company’s risk management program and are based on recognized frameworks established by the National Institute of Standards and Technology, the International Organization for Standardization and other applicable industry standards and intended to comply with applicable laws governing the use and protection of data, including HIPAA. In general, the Company seeks to address cybersecurity risks by focusing on preserving the confidentiality, integrity, and availability of the information that the Company collects and by aiming to identify, prevent and mitigate cybersecurity threats and respond to cybersecurity incidents when they occur. The Company’s cybersecurity program is focused on the following key areas: - Governance: As discussed in more detail below, the Board’s oversight of cybersecurity risk management is supported by the Audit Committee, which regularly engages with the Company’s risk management function, the Company’s Chief Information Officer (“CIO”), Chief Information Security Officer (“CISO”) and other members of management. - Collaborative Approach: The Company has implemented a wide-ranging approach to identifying, preventing and mitigating cybersecurity threats and incidents, while also implementing controls and procedures that provide for the prompt escalation of cybersecurity incidents so that decisions regarding the public disclosure and reporting of such incidents can be made by management in a timely manner. - Technical Safeguards: The Company deploys technical safeguards that are designed to protect the Company’s information systems from cybersecurity threats, including firewalls, intrusion prevention and detection systems, anti-malware functionality and access controls, which are evaluated and improved through vulnerability assessments and cybersecurity threat intelligence . - Incident Response and Recovery Planning: The Company has established and maintains an incident response and recovery plan that addresses the Company’s response to a cybersecurity incident, and such plan is tested and evaluated on a regular basis. - Third-Party Risk Management: The Company employs a risk-based approach to identify and oversee cybersecurity risks presented by third parties, including vendors, service providers and other external users of the Company’s systems, as well as the systems of third parties that could adversely impact our business in the event of a cybersecurity incident affecting those third-party systems. The Company’s methods for managing third-party cybersecurity risk include reliance on contractual clauses, periodic due diligence, audits by third parties, and vulnerability testing. - Education and Awareness: The Company provides biannual training for personnel regarding information security, privacy, and compliance. The Company engages in the periodic assessment and testing of the Company’s policies, standards, processes and practices that are designed to address cybersecurity threats and incidents. These efforts include a wide range of activities, including audits, assessments, tabletop exercises, vulnerability testing and other exercises focused on evaluating the effectiveness of our cybersecurity measures and planning. The Company regularly engages third parties to perform assessments on our cybersecurity measures, including information security maturity assessments, audits and independent reviews of our information security control environment and operating effectiveness. The results of such assessments, audits and reviews are reported to the Audit Committee and the Board, and the Company endeavors to adjust its cybersecurity policies, standards, processes and practices based on the information provided by these assessments, audits and reviews. The Board oversees the Company’s ERM process, including the management of risks arising from cybersecurity threats in coordination with the Audit Committee and regularly discusses the approach to cybersecurity risk management with management, including the Company’s CIO and CISO. The Board and the Audit Committee each receive quarterly presentations and reports on cybersecurity risks, which address a wide range of topics including recent developments, evolving standards, vulnerability assessments, third-party reviews, the threat environment, technological trends and information security considerations arising with respect to the Company’s peers and vendors. The Board and the Audit Committee also receive prompt and timely information regarding cybersecurity incidents that may meet company-established reporting thresholds, as well as ongoing updates regarding such incidents through resolution. The Company’s CISO, in coordination with our Chief Executive Officer, Chief Financial Officer, CIO, General Counsel and Chief Compliance Officer, works collaboratively across the Company to implement the Company’s cybersecurity program, to protect the Company’s information systems from cybersecurity threats, and to promptly respond to cybersecurity incidents in accordance with the Company’s incident response and recovery plans. The Company relies on the expertise of its cybersecurity team to address cybersecurity threats and to respond to cybersecurity incidents. Through ongoing communications with the cybersecurity team and key security vendor partners, the CIO and CISO monitor the prevention, detection, mitigation and remediation of cybersecurity threats and incidents in real time. The CIO has served in various roles in information technology for over 25 years, including serving as the Chief Information Officer and in a variety of senior technology roles at public companies. The CISO has served in various roles in information technology and information security for over 30 years, including previously serving as the Chief Information Security Officer of a large public company in the banking industry. In addition, the CISO held executive roles in information technology and cyber security development for the U.S. Department of Defense for over 20 years. The CISO holds a graduate degree in information and communication sciences and has attained the professional certification of Certified Information Systems Security Professional (“CISSP”). During the fiscal year ended December 31, 2023, we did not identify risks from cybersecurity threats, including as a result of previous cybersecurity incidents, that have materially affected or are not reasonably likely to materially affect the Company, including its business strategy, results of operations or financial condition. However, there is no guarantee that a future cybersecurity incident would not materially affect our business. For more information about the cybersecurity risks we face, see the risk factor entitled “Any failure of our management information systems, including as a result of a cybersecurity event or other system breach, could harm our business and operating results” under Item 1A., “Risk Factors” of this Form 10-K.


Company Information

NameAGILITI, INC. \DE
CIK0001749704
SIC DescriptionServices-Miscellaneous Equipment Rental & Leasing
TickerAGTI - NYSE
Website
CategoryAccelerated filer
Fiscal Year EndDecember 30