Infinera Corp 10-K Cybersecurity GRC - 2024-05-17

Page last updated on July 16, 2024

Infinera Corp reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-05-17 09:09:06 EDT.

Filings

10-K filed on 2024-05-17

Infinera Corp filed a 10-K at 2024-05-17 09:09:06 EDT
Accession Number: 0001138639-24-000122

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Risk Management and Strategy Infinera has comprehensive and integrated enterprise risk management and cybersecurity risk management programs which use structured, proactive, and continuous processes to identify, understand, assess, mitigate, and report on enterprise and cybersecurity risks in alignment with business objectives. Our risk management program is used to guide and strengthen our cybersecurity posture to engender trust with customers, employees, and stockholders while protecting the confidentiality, integrity, and availability of our systems and data. We have established a risk assessment methodology which includes requirements for treatment plans, risk acceptance thresholds, prioritization, and control analysis, as well as likelihood and impact analysis. A risk assessment is performed annually. Treatment plans are monitored and reported to management on a quarterly basis. Governance Cybersecurity and risk management is a shared responsibility that applies to the Infinera team across all levels of the organization. - The Board of Directors conducts informed oversight of our risk management processes. The Audit Committee of the Board of Directors has primary responsibility for oversight of enterprise risk management and cybersecurity risk management. Reports on enterprise and cybersecurity risk, risk treatment plans, and key performance indicators of our cybersecurity program are provided to the Audit Committee by management, including our Chief Information Security Officer (CISO), on a quarterly basis and are provided to the Board of Directors as requested and as part of routine Audit Committee updates to the Board of Directors. - The Executive Leadership Team (ELT), a cross-functional leadership group that includes our Senior Vice President, Information Systems, is responsible for assessing and managing enterprise risks, including cybersecurity risks. The ELT reviews enterprise and cybersecurity risks, risk treatment plans, and key performance indicators regarding the Company’s enterprise risk and cybersecurity risk management programs quarterly. - The CISO is responsible for cybersecurity strategy and reporting on cybersecurity risks to the ELT, Audit Committee, and Board of Directors. The CISO collaborates with a cross-functional group of the Company’s business leaders to assess cybersecurity risk, establish and monitor cybersecurity processes, and report program effectiveness. Our CISO has over 25 years of cybersecurity and Information Technology experience across multiple industries with expertise in governance, risk and compliance, cybersecurity operations and cybersecurity engineering. - The Cybersecurity Advisory Committee supports cybersecurity risk assessment, advises on program enhancements, and acts as a cybersecurity advocate across the business. The committee is comprised of employees with extensive experience across a diverse range of disciplines. - All employees are responsible for adherence to the Company’s cybersecurity processes and for remaining vigilant to potential cybersecurity threats. This employee commitment to operational excellence is strengthened by ongoing cybersecurity education, training, and awareness programs. 49 Engaging Third Parties Companies, especially in the technology industry, have been subject to an increasing number of complex cybersecurity risks. Infinera has engaged with a range of external service providers, including consultants, auditors, and cybersecurity service providers, to understand, manage, and mitigate cybersecurity risks. These engagements help Infinera drive improvements in our processes, identify new and emerging threats, and respond rapidly to the ever-evolving cybersecurity risk landscape. Third-Party Risk Management Infinera has implemented a robust third-party risk management program to identify and manage risks to the confidentiality, availability, and integrity of our systems and data. This includes contractual requirements related to data privacy and confidentiality, contractual commitments of third parties to maintain comprehensive security programs, and code of conduct requirements designed to ensure such third parties act ethically, responsibly, and safely. Infinera has also implemented processes to assess the effectiveness of third-party security programs and adherence to Infinera’s standards both prior to engaging with a new service provider and to monitor performance on an ongoing basis. Cybersecurity Incident Response Infinera has implemented a cybersecurity incident response plan in line with industry standards. The plan defines roles and responsibilities regarding potential cybersecurity incidents, establishes processes regarding identification, containment, eradication, and recovery from potential cybersecurity incidents and clarifies communication and notification policies regarding such potential cybersecurity incidents. The plan also captures lessons learned to drive continuous improvement. Additionally, the plan is evaluated, tested, and enhanced through training, table-top exercises, and by engaging with third-party service providers. Infinera has not experienced a material cybersecurity incident. For additional information regarding whether any risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, have materially affected or are reasonably likely to materially affect our company, including our business strategy, results of operations, or financial condition, please refer to the section titled “Risk Factors” included in Part I, Item 1A of this Annual Report on Form 10-K.

Company Information