CarParts.com, Inc. 10-K Cybersecurity GRC - 2024-03-07

Page last updated on July 16, 2024

CarParts.com, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-07 18:29:48 EST.

Filings

10-K filed on 2024-03-07

CarParts.com, Inc. filed a 10-K at 2024-03-07 18:29:48 EST
Accession Number: 0001378950-24-000034

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Risk Management and Strategy Because it is essential to our operations and business strategy that our website, app, technology and network infrastructure remain secure, we have processes in place for assessing, identifying, and managing material risks from cybersecurity threats. We have integrated these processes into our cybersecurity risk management program. The key processes, or components, of our cybersecurity risk management include: ● conducting periodic risk assessments to assist in identifying cybersecurity threats or risks; ● cybersecurity strategic roadmap; ● security and IT infrastructure management team, responsible for managing our cybersecurity processes, implementing security applications and protocols, monitoring and executing security or network controls, and responding to incidents or threats; ● cybersecurity training programs and cybersecurity awareness event for employees; ● incident response plan, including assessing and monitoring potential cyber threats; ● similar processes or applications to mitigate or manage cybersecurity risk from third-party service providers; We sometimes engage external cybersecurity experts, or applications, to enhance our cybersecurity program. These serve to assist our internal cybersecurity team in mitigating cyber threats, in addition to monitoring and responding to potential cyber incidents. As previously disclosed, in June 2020, we were the subject of a ransomware attack on our network that briefly disrupted access to some of our systems. Although we did not pay the ransomware and did not incur any fines or settlements, we did incur out of pocket expenses costs related to this incident of $100,000. We have not encountered any other cybersecurity challenges that have materially impaired our operations or business. Additional information regarding risks from cybersecurity threats is discussed in Part I, Item IA, “Risk Factors,” under the heading “Security threats, such as ransomware attacks, to our IT infrastructure could expose us to liability, and damage our reputation and business,” which should be read in conjunction with the information herein. Governance Cybersecurity risk management is an important priority integrated into our overall governance structure. Our Board of Directors oversees risks from cybersecurity threats and includes the involvement of the Audit Committee in the governance strategy. Our IT security management team, led by our Chief Technology Officer, reports quarterly in meetings to our Audit Committee and periodically to our Board of Directors regarding updates to our cybersecurity program and related risks. We have a cybersecurity expert on the Board of Directors and its Audit Committee to provide expanded expertise and oversight on our cybersecurity processes and systems. Topics in the meetings include discussion of the company-wide cybersecurity strategic roadmap and risks, protocols to mitigate such rusks, and the progress of initiatives in the cybersecurity program. Specific cybersecurity briefing areas may include topics such as security, infrastructure, cybersecurity tooling/applications, and compliance.


Company Information

NameCarParts.com, Inc.
CIK0001378950
SIC DescriptionRetail-Auto & Home Supply Stores
TickerPRTS - Nasdaq
Website
CategoryAccelerated filer
Fiscal Year EndDecember 29