CSW INDUSTRIALS, INC. 10-K Cybersecurity GRC - 2024-05-23

Page last updated on July 16, 2024

CSW INDUSTRIALS, INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-05-23 06:29:47 EDT.

Filings

10-K filed on 2024-05-23

CSW INDUSTRIALS, INC. filed a 10-K at 2024-05-23 06:29:47 EDT
Accession Number: 0001624794-24-000032

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C: CYBERSECURITY Cybersecurity Risk Management and Strategy Securing our business information, customer and employee data, and IT systems is an important part of our Enterprise Risk Management program. To identify and manage the material risks of cybersecurity threats to our business, operations and control environments, we have established an information security framework, with a focus on cybersecurity incident prevention and mitigation, to help safeguard the confidentiality, integrity, and access of our information assets and to ensure regulatory, contractual, and operational compliance. Our cybersecurity program is integrated into our Enterprise Risk Management program and is managed by a dedicated cybersecurity team that is responsible for leading enterprise-wide cybersecurity strategy, policy, standards, architecture, and processes. The program is aligned with industry standards and best practices, such as the National Institute of Standards and Technology Cybersecurity Framework. As part of our cybersecurity process, we engage external experts and consultants to assess our cybersecurity program effectiveness and compliance with applicable practices and standards. The Company mitigates risks from cybersecurity incidents using a multifaceted approach that includes, but is not limited to: establishing information security policies, implementing information protection processes and technologies, assessing cybersecurity risk and vulnerability, implementing cybersecurity training, monitoring our information technology assets, applications and users, and managing vendors and service providers for third-party risk management. The Company is currently in material compliance with relevant information privacy and cybersecurity governmental standards with which it is required to comply. The Company has not experienced a material cybersecurity incident during the year ended March 31, 2024. For more information on how material cybersecurity incidents may impact our business, see Part I, Item 1A. “Risk Factors” of this Form 10-K. Cybersecurity Governance The Company’s head of Information Technology, in coordination with the Company’s Chief Financial Officer, General Counsel, Corporate Controller and other internal stakeholders, is responsible for leading the team responsible for assessing, identifying, and managing cybersecurity risks, including implementation of our cybersecurity risk management program. Our head of Information Technology has extensive experience in cybersecurity risk management and, along with the cybersecurity risk management team, has subject matter expertise in varied topics including data integrity, IT risk, enterprise architecture, third-party risk, threat intelligence, incident response, and regulatory compliance. Our Board of Directors oversees cybersecurity risk and strategy, and the Audit Committee of the Board of Directors oversees information security compliance as part of its broader compliance oversight mandate. Together, this ensures that the Board of Directors has a comprehensive view of the Company’s cybersecurity risk profile and framework. Senior officers of the Company regularly receive briefings on cybersecurity matters, who in turn regularly report to the Board of Directors and its committees on such matters. The Board of Directors receives cybersecurity updates from senior management, including our head of Information Technology, at least twice per year, and the Audit Committee receives quarterly reports on any notable incidents or control issues that may have occurred during the quarter. The Company’s Chief Executive Officer and other senior officers are responsible for the ongoing assessment and management of the risks the Company faces. These enterprise risks (including cybersecurity risks) are formally assessed annually by management as part of the Company’s robust Enterprise Risk Management program. At least annually, the Board of Directors - as a whole and through its committees - oversees the Company’s risk profile and management’s policies and processes for assessing and managing risk.

Company Information