Thermon Group Holdings, Inc. 10-K Cybersecurity GRC - 2024-05-29

Page last updated on July 16, 2024

Thermon Group Holdings, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-05-29 16:46:06 EDT.

Filings

10-K filed on 2024-05-29

Thermon Group Holdings, Inc. filed a 10-K at 2024-05-29 16:46:06 EDT
Accession Number: 0001489096-24-000099

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Risk Management Thermon’s cybersecurity risk management system is a comprehensive framework that helps the Company identify, assess, and mitigate known cybersecurity risks. The system is designed to protect the confidentiality, integrity, and availability of the Company’s information assets. The system includes a risk assessment process that identifies and assesses the Company’s cybersecurity risks. The risk assessment process is based on the security principles set forth in the National Institutes of Standards and Technology Common Industry Format Cybersecurity Framework and includes the following steps: - Identification of assets - Identification of threats - Identification of vulnerabilities - Assessment of risk The system is primarily implemented by the Company’s cybersecurity team. This team is responsible for: - Developing and implementing the risk assessment process - Developing and implementing the risk mitigation strategy - Developing and implementing the risk monitoring and reporting process - Training the Company’s employees on cybersecurity risk management The Company’s cybersecurity risk management system is reviewed and updated on an annual basis. This includes a comprehensive incident response plan. The review process is designed to ensure that the system remains effective and efficient as the cybersecurity threat landscape evolves. The Company currently uses a third-party system for training our people on cybersecurity risks as well as strategies to mitigate those risks through interactive learning and tests. The Company tracks the compliance and performance of the relevant people who participate in the training. Monitoring is another key component of the cybersecurity risk management system. We employ 24/7 monitoring and regular testing to mitigate threats and possible weaknesses. Additionally, we maintain insurance coverage for cybersecurity attacks. Governance The Company’s Chief Executive Officer (“CEO”), through the appropriate reporting channels, is responsible for the cybersecurity risk management program. The Company’s information technology department is responsible for developing and implementing the Company’s cybersecurity policies, procedures, and strategies; overseeing the Company’s cybersecurity risk assessment process; and monitoring the Company’s cybersecurity risk profile. The Company’s cybersecurity risk management program is subject to periodic review and updates. The Company’s Board of Directors is responsible for overseeing the Company’s cybersecurity risk management program through the Audit Committee. The Board receives quarterly reports on the Company’s cybersecurity risk profile and the effectiveness of the Company’s cybersecurity risk management program. 21 During the past year, there have been no material risks from cybersecurity threats or prior cybersecurity incidents that have materially affected or are reasonably likely to materially affect the Company’s business strategy, results of operations, or financial condition. Despite our cybersecurity risk management program and the associated controls, and those of our third-party providers, we may be vulnerable to cyber-attacks, computer viruses, security breaches, ransomware attacks, inadvertent or malicious employee actions, program failures, and other risks that could materially impact our financial condition, results of operations and cash flows. For risks regarding cybersecurity and our information systems, please refer to Item 1A. “Risk Factors” in this annual report.

Company Information