Page last updated on July 16, 2024
Summit Midstream Partners, LP reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-15 09:27:00 EDT.
Filings
10-K filed on 2024-03-15
Summit Midstream Partners, LP filed a 10-K at 2024-03-15 09:27:00 EDT
Accession Number: 0001549922-24-000028
Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!
Item 1C. Cybersecurity.
Item 1C. Cybersecurity Risk Management, Strategy and Governance. Cybersecurity Oversight and Management Board Oversight of Cybersecurity Matters The Audit Committee is tasked with overseeing the Partnership’s cybersecurity matters. Pursuant to the Audit Committee’s charter, one of the Audit Committee’s responsibilities is to discuss the Partnership’s major risk exposures with management, including those related to cybersecurity, and the steps taken by management to monitor and control such exposures, including the Partnership’s risk assessment and risk management guidelines, policies and practices. The Audit Committee reports to the entire Board of Directors periodically regarding its oversight of cybersecurity matters. In developing such updates to the Board of Directors, the Audit Committee relies in large part on periodic updates from Partnership management. Management of Cybersecurity Matters The Partnership’s management assumes executive responsibility for assessing, identifying, and managing cybersecurity risks and incidents. In particular, the Senior Vice President, Engineering and Operations (SVP, E&O) reports directly to the President, Chief Executive Officer, and Chairman of the Board and holds the highest level of executive responsibility for assessing and managing all cybersecurity threats, incidents, and risks at the Partnership, as well as developing and implementing all cybersecurity risk management, strategy, and governance recommendations. The SVP, E&O holds key skills, experience, and competencies related to the management of cybersecurity matters. In particular, our current SVP, E&O has over 30 years of experience leading IT and OT physical security and cybersecurity. The SVP, E&O is supported by critical internal positions within the Partnership, including but not limited to the Director of Information Technology, Vice President of Operational Technology and dedicated IT and OT resources with cybersecurity responsibilities. The SVP, E&O is further supported by various external parties, including but not limited to cybersecurity service providers, consultants, and other third parties engaged on an as-needed basis. The Partnership’s management has processes in place by which it is informed of and monitors the prevention, detection, mitigation, and remediation of cybersecurity risks. These processes include, but are not limited to: - Maintaining an updated inventory and management of digital assets; - Ensuring familiarity and compliance with cybersecurity frameworks, including the National Institute of Standards and Technology’s Cybersecurity Framework and ISO 27001; - Updating and maintaining an internal incident response plan; - Conducting risk assessments of the Partnership’s cybersecurity policies, practices, and tools; - Employing appropriate antivirus, anti-malware, firewall, endpoint detection and response, backup and recovery software, multifactor authentication, virtual private network, account change monitoring, patch management, web content filter, spam filter and reporting, and vulnerability management software; - Conducting regular vulnerability scans of the Partnership’s digital and operational infrastructure; - Requiring employees to complete a Cybersecurity Awareness Program, which includes computer-based training; and - Reviewing and evaluating developments in the threat landscape. The Partnership’s management also has processes in place to oversee and identify material risks from cybersecurity threats associated with its use of third-party service providers. These processes include, but are not limited to: - Maintaining an inventory of all third-party vendors engaged by the Partnership and assessing each vendor’s level of access to the Partnership’s IT and OT systems and information; and - Implementing access controls that restrict vendor access to only specific Partnership systems and information necessary to perform their service. The SVP, E&O provides updates to the Audit Committee at its quarterly meetings regarding management of the Partnership’s cybersecurity matters, including any new cybersecurity threats, incidents, risks, risk management solutions, trainings or education, infrastructure upgrades, or governance changes. As of March 15, 2024, the Partnership’s business strategy, operations, or financial condition have not been materially affected by and are not likely to be materially affected by, any cybersecurity threats or incidents.
Company Information
Name | Summit Midstream Partners, LP |
CIK | 0001549922 |
SIC Description | Natural Gas Transmission |
Ticker | SMLP - NYSE |
Website | |
Category | Accelerated filer Smaller reporting company |
Fiscal Year End | December 30 |