ADVANCED DRAINAGE SYSTEMS, INC. 10-K Cybersecurity GRC - 2024-05-16

Page last updated on July 16, 2024

ADVANCED DRAINAGE SYSTEMS, INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-05-16 16:03:09 EDT.

Filings

10-K filed on 2024-05-16

ADVANCED DRAINAGE SYSTEMS, INC. filed a 10-K at 2024-05-16 16:03:09 EDT
Accession Number: 0001604028-24-000011

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk Management and Strategy Our cybersecurity program is designed to assess, identify and manage material risks from cybersecurity threats, and is a component of our overall enterprise risk program. Our cybersecurity program is based on the National Institute of Standards and Technology Cybersecurity Framework, version 2.0 (“NIST CSF”). We conduct regular scans, penetration tests, and vulnerability assessments to identify potential threats or vulnerabilities in our systems. Our processes to assess, identify and manage material risks from cybersecurity threats include potential threats associated with third party service providers, including cloud-based platforms. We believe we have invested in monitoring practices to reduce cybersecurity risks and continue to monitor our systems on an ongoing basis for compliance with applicable privacy regulations and any current or potential threats. We engage third-party service providers to enhance our risk prevention and mitigation efforts. We have periodically engaged third parties to serve in a consultative and advisory manner to review current and future strategies. We also purchase insurance to help protect us against the risk of cybersecurity breaches. Cybersecurity Governance Board and Committee Oversight - Our Board of Directors has ultimate oversight of the Company’s cybersecurity programs and strategy, with the Audit Committee maintaining oversight responsibility in reviewing cybersecurity and other information technology risks. The Audit Committee assess the steps management has taken to monitor, minimize or control such risks or exposures. The Company’s Chief Information Officer presents a cybersecurity report to the Audit Committee each quarter. The report includes updates of recent cybe rsecurity threats, current key performance indicators of security controls and summaries of any recent incidents at the Company. Management’s Role - The Company’s Chief Information Officer (“CIO”), supported by the Director of IT Security and Compliance, manages cybersecurity risk. Our CIO has over 25 years of experience in information technology and six years of experience with the Company. The Company’s enterprise-wide cybersecurity strategy is supported by policies, procedures, security controls and training designed to protect the Company’s IT systems, operations and sensitive data. Specifically, our Cyber Incident Response Plan provides a process by which our Company is informed about and monitors the prevention, detection, mitigation and remediation of c ybersecurity incidents and includes engaging the Cybersecurity and Risk Management Committee (“CRMC”). The CRMC is a management committee established to identify, assess and manage material cybersecurity incidents, including the incident recovery process within the Company. Depending on the significance of the incident, the Cyber Incident Response Plan could include engaging affected internal and external parties, escalating the issue to executive management, notifying one or more members of our Audit Committee, maintaining communication with users and notifying law enforcement and government agencies as warranted. For additional information regarding cybersecurity risks, see the risk factor captioned " Cybersecurity incidents may threaten our confidential information, disrupt operations and result in harm to our reputation and adversely impact our business and financial performance " under Part I, Item 1A “Risk Factors”.

Company Information