Page last updated on July 16, 2024
KLX Energy Services Holdings, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-08 17:11:26 EST.
Filings
10-K filed on 2024-03-08
KLX Energy Services Holdings, Inc. filed a 10-K at 2024-03-08 17:11:26 EST
Accession Number: 0001738827-24-000038
Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!
Item 1C. Cybersecurity.
ITEM 1C. CYBERSECURITY 47 Risk Management and Strategy IT plays a crucial role in all of our operations. To remain competitive, our hardware, software and related services must properly and efficiently interact with our suppliers’ and customers’ products, services and technology, record and process our financial transactions accurately, and obtain accurate and timely data and information to enable our analysis of trends and plans and the execution of our strategies. Accordingly, KLX maintains a cybersecurity risk program led by our internal IT department and strategic vendors designed to identify, assess, manage, mitigate, and respond to cybersecurity threats. These processes are integrated into the Company’s overall enterprise risk assessment. Our cybersecurity risk program references industry-standard frameworks and incorporates policies and practices designed to protect the privacy and security of our sensitive information. We perform technical assessments with feedback incorporated into our systems and procedures through continual upgrades intended to further improve our cybersecurity posture. We continue to evaluate internal systems, processes, and controls to identify potential cybersecurity vulnerabilities and mitigate potential loss from cyber-attacks. We have implemented a monitoring and detection system to help identify cybersecurity incidents. All incidents are escalated to our cybersecurity committee, which includes Vice President of IT, Chief Financial Officer, Chief Compliance Officer/General Counsel and other senior management. We also require our employees to receive annual cybersecurity awareness training. We perform cybersecurity tabletop exercises and implement post-incident “lessons learned” to enhance our response. We provide our system users with access consistent with the principle of least privilege, which requires that such users be given no more access than necessary to complete their job functions. We have also implemented a multi-factor authentication process for employees accessing company information. We engage third-party service providers in connection with our cybersecurity risk program, including assessors, consultants, and auditors. We recognize that third-party service providers introduce cybersecurity risks. In an effort to mitigate these risks, we include security and privacy addendums to our contracts where applicable. Impacts from Cybersecurity Threats As of the date of this report, the Company and our service providers have been subject to certain cybersecurity incidents (including phishing attempts). We are not aware of any prior cybersecurity threats that have materially affected or are reasonably likely to materially affect the Company. However, we acknowledge that cybersecurity threats are continually evolving, and the possibility of future cybersecurity incidents remains. Despite the implementation of our cybersecurity processes, our security measures cannot guarantee that a significant cyberattack will not occur. A successful attack on our IT systems could have significant consequences to the business. See “Risk Factors” in Item 1A of Part I for additional information about the risks to our business associated with a breach or compromise to our IT systems. Governance Our Board considers cybersecurity risk as part of its overall risk oversight function and has delegated to our audit committee oversight of cybersecurity and other information security risks. Our audit committee oversees management’s activities related to our cybersecurity risk program. Our cybersecurity committee, which includes Vice President of IT, Chief Financial Officer, Chief Compliance Officer/General Counsel and other senior management, reports to the audit committee on a quarterly basis regarding information security and cybersecurity matters, including cybersecurity risks, or as needed. Our Vice President of IT leads our IT department, which is responsible for assessing, identifying, and managing risks from cybersecurity threats. Our Vice President of IT reports to the Company’s Chief Financial Officer, including with respect to emerging cybersecurity incidents. To facilitate effective oversight, our Vice President of IT holds discussions on cybersecurity risks, incident trends, and the effectiveness of cybersecurity measures as necessitated by emerging material cyber risks. Our VP of IT has over thirty years 48 of IT background in a variety of industries, with experience developing security frameworks, training on cyber security best practices, and emergency response and remediation. 49
Company Information
Name | KLX Energy Services Holdings, Inc. |
CIK | 0001738827 |
SIC Description | Oil & Gas Field Services, NEC |
Ticker | KLXE - Nasdaq |
Website | |
Category | Emerging growth company |
Fiscal Year End | December 30 |