Nextracker Inc. 10-K Cybersecurity GRC - 2024-05-28

Page last updated on July 16, 2024

Nextracker Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-05-28 17:19:19 EDT.

Filings

10-K filed on 2024-05-28

Nextracker Inc. filed a 10-K at 2024-05-28 17:19:19 EDT
Accession Number: 0001628280-24-025460

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Risk management and strategy Nextracker places emphasis on addressing cybersecurity threats and effectively managing associated risks. Our cybersecurity program is designed to identify, assess, and proactively manage material risks. Our approach to cybersecurity is not a one-time effort but an ongoing process. We engage in monitoring, risk assessments, and robust security measures designed to ensure the confidentiality, integrity, and availability of our information systems, including critical computer networks, hosted services, communication systems, hardware, and software and to protect critical data, including our employees’ and customers’ data, intellectual property, confidential and proprietary data, and strategic competitive information. We address cybersecurity challenges and enhance our overall risk management efforts by adopting and working to integrate recognized best practices, standards, and controls such as the CIS 18 Critical Security Controls and the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF). Our cybersecurity program includes some key aspects such as (i) a Cybersecurity Leader who oversees our day-to-day program and who is a long-term member of both ISC2 and ISACA organizations, which specialize in cybersecurity and governance, (ii) a cybersecurity council comprised of a cross-section of management with oversight over our program, (iii) incident response, and (iv) ongoing security awareness training. At Nextracker, we maintain a practical approach to cybersecurity. Our cybersecurity risk management program (an integral part of our overall Enterprise Risk Management Program) is designed to incorporate established best practices and industry standards, drawing guidance from both CIS 18 and NIST CSF. Within our program, we conduct internal and external security-based activities, including reviews and assessments of our third-party service providers and vendors. Some of our activities include: 1. Information Security Assessments : We collaborate with internal and external partners to evaluate our security. 2. Vulnerability Scanning and Penetration Testing : Engaging third-party service providers to assess external and internal vulnerabilities and potential threats. 3. Cyber Risk Register Reviews : Regularly review our internal risk register to stay vigilant against potential and identified risks. 4. Risk Prioritization : We prioritize and address risks through our dedicated cybersecurity risk management program and the cybersecurity council. 42 We monitor the threat environment for potential risks, employing various methods, including automated detection tools, environment scans, and investigations of potential threats and reports. We also use threat intelligence feeds and vulnerability databases to monitor our systems, and have incident response processes designed to ensure swift action. As of the date of this report, we are not aware of any cybersecurity threats or incidents that have materially affected or are reasonably expected to materially affect our business. However, we acknowledge the evolving nature of cybersecurity threats and remain committed to enhancing our protective measures as needed. For more detailed information about our company’s specific cybersecurity risks, please refer to the risk factor titled “Cybersecurity or other data security incidents could harm our business, expose us to liability and cause reputational damage” in Item IA. Risk Factors of this Form 10-K. Governance Our Board of Directors has oversight responsibility for our overall enterprise risk management, and has delegated cybersecurity risk management oversight to the Audit Committee of our Board of Directors. The Audit Committee of our Board of Directors is responsible for reviewing internal risk assessments with respect to cybersecurity, including assessments of the overall threat landscape and related strategies and investments. Management is responsible for day-to-day risk management activities, including identifying and assessing cybersecurity risks, establishing processes to ensure that potential cybersecurity risk exposures are monitored, implementing appropriate mitigation or remediation measures and maintaining cybersecurity programs. Our cybersecurity programs are under the direction of our Security Leader. Our Security Leader reports regularly to the cybersecurity council, management and the Audit Committee concerning our significant cybersecurity threats and risks, the processes we have implemented to address them, and various reports, summaries, or presentations on cybersecurity threats, risks, and mitigation. The Audit Committee also reports to our Board of Directors on cybersecurity matters as needed.


Company Information

NameNextracker Inc.
CIK0001852131
SIC DescriptionSearch, Detection, Navigation, Guidance, Aeronautical Sys
TickerNXT - Nasdaq
Website
CategoryLarge accelerated filer
Fiscal Year EndMarch 30