LOGITECH INTERNATIONAL S.A. 10-K Cybersecurity GRC - 2024-05-16

Page last updated on July 16, 2024

LOGITECH INTERNATIONAL S.A. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-05-16 16:42:24 EDT.

Filings

10-K filed on 2024-05-16

LOGITECH INTERNATIONAL S.A. filed a 10-K at 2024-05-16 16:42:24 EDT
Accession Number: 0001032975-24-000023

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Maintaining people’s trust is of paramount importance for Logitech. Logitech’s security capability is designed to protect the confidentiality, integrity, availability and accessibility of Logitech’s information, digital assets, products and services. Our security capability includes: (i) cybersecurity, which protects information and digital assets used at Logitech to conduct business and (ii) product security, which protects Logitech products and services provided to our customers. Risk Management and Strategy We have established a Security Governance Framework that defines roles and responsibilities, so that security is taken into account at all levels and in every department or function of the Company. Identifying and assessing cybersecurity risk is integrated into our enterprise risk management. We have implemented incident response and breach management processes that include the following steps: mobilizing the right stakeholders and containing the attack, maintaining trust with all affected stakeholders and understanding the attack, recovering the most critical business operations, and learning from the attack. We also conduct tabletop exercises to, among other things, align activities and expectations in connection with our incident response processes, discuss strategic questions, and review third party recommendations. Our security framework provides guidance for the organization, governance and implementation of security across the company. Logitech and its infrastructure have been certified for compliance with ISO 27001, an international standard for information security management. As part of our risk management program, we continuously assess risks from third parties, including vendors, suppliers, and other business partners associated with our use of third-party service providers. We have not previously experienced a cybersecurity event that was determined to be material, and our business strategy, results of operations and financial condition have not been materially affected by risks from cybersecurity threats. For additional information regarding risks from cybersecurity threats, please refer to Item 1A “Risk Factors” in this Annual Report on Form 10-K. Governance Board of Directors and Board Committees Oversight of Risks from Cybersecurity Threats Logitech’s Board of Directors oversees risk management and reviews Logitech security risks, controls and procedures. The Board of Directors is assisted in its role by each of the Audit Committee and the Technology and Innovation Committee. The Audit Committee is responsible for the oversight of risks from cybersecurity threats. Members of the Audit Committee receive updates on a semi-annual basis from our Chief Information Security Officer (“CISO”) regarding matters of cybersecurity. The Technology and Innovation Committee periodically reviews the Company’s cybersecurity, information security and other technology risks, controls and procedures, including product security and related threats. Finally, the Board has formed a Cyber Crisis Subcommittee tasked with overseeing any future significant cybersecurity crisis. Logitech International S.A. | Fiscal 2024 Form 10-K | Management’s Role in Assessing and Managing Material Risks from Cybersecurity Threats Our Cybersecurity Team is tasked, among other things, with evaluating, reporting and advising about cybersecurity risks, defining and leading the enterprise cybersecurity program to protect Logitech business against cybersecurity threats, maintaining and updating the cybersecurity framework, monitoring the level of compliance with the cybersecurity framework across Logitech digital assets and services, providing enterprise-wide cybersecurity services, defining cybersecurity standards and advising on secure architectures, performing assessments and due diligence checks internally and with business partners, providing cybersecurity guidance for digital projects, creating and deploying cybersecurity training programs, managing cybersecurity incidents and breaches, and monitoring cybersecurity threats. The Cybersecurity Team, which is part of the IT organization, is led by the CISO, who has 20 years of cybersecurity experience across different industries. The Cybersecurity Team leads the enterprise cybersecurity strategy and roadmap, which applies to all information and digital assets, used at Logitech to conduct business. Our cybersecurity is managed based on industry-leading standards such as ISO 27001, National Institute of Standards and Technology (NIST) and Center for Internet Security (CIS). Our Product Security Team is responsible for the development of product security policies and standards for the Company, including supporting product security threat identification, supporting product security risk assessment, building and maintaining security policies, standards and guidelines, performing internal audits against the product security policies and standards, performing product security architecture analysis and reviews, raising product security awareness across the Company, monitoring product security through the product development lifecycle, and managing vulnerabilities (pre- and post-production). The Head of Product Security, who reports to our Head of Software, is accountable for the release or deployment approval of a product based upon the review of internal and external validation (functionality, performance, security) reports. Our Head of Software has more than 20 years of experience leading software teams, including over a decade in the cybersecurity industry. We assess our product security programs against the Open Worldwide Application Security Project (OWASP) Application Security Verification Standard (ASVS) and the Software Assurance Maturity Model (SAMM). Our CISO and the Head of Software regularly report on cybersecurity and product security matters, respectively, to the Audit Committee and/or the Technology and Innovation Committee and the Board of Directors.

Company Information