IEH Corp 10-K Cybersecurity GRC - 2024-06-14

Page last updated on July 16, 2024

IEH Corp reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-06-14 16:25:26 EDT.

Filings

10-K filed on 2024-06-14

IEH Corp filed a 10-K at 2024-06-14 16:25:26 EDT
Accession Number: 0001213900-24-052905

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cyber Security All companies utilizing technology are subject to the risk of breaches of or unauthorized access to their computer systems. The Company maintains a cyber risk management program designed to identify, assess, manage, mitigate, and respond to cybersecurity threats. The Audit Committee of our Board of Directors and our management are actively involved in the oversight of our risk management program, of which cybersecurity represents an important component. We have established policies, standards, processes and practices for assessing, identifying, and managing material risks from cybersecurity threats and incidents. Our policies, processes and procedures include, among other things, external penetration testing using an experienced third-party company conducted every three years; a cybersecurity incident response and recovery plan; periodic and ongoing security awareness training for employees; the use of several comprehensive vulnerability analysis systems to evaluate software vulnerabilities both internally and externally; and mechanisms to detect and monitor unusual network activity. The Company also requires that all third-party vendors that have access to or handle sensitive information undergo a risk-based vendor security assessment. We also maintain controls and procedures that are designed to promptly escalate certain cybersecurity incidents so that decisions regarding public disclosure and reporting of such incidents can be made by management and our Board of Directors in a timely manner. There can be no guarantee that our policies and procedures will be properly followed in every instance or that those policies and procedures will be effective. Our cyber risk management program is based on recognized best practices and standards for cybersecurity and information technology, including the National Institute of Standards and Technology (“NIST”) Cybersecurity Framework. Our cybersecurity risks are identified and addressed through a comprehensive, cross- functional approach. The Company’s Vice President of Engineering is primarily responsible for the implementation of defense capabilities and risk mitigation strategies in connection with the Company’s information security and cybersecurity risks. The Company’s Vice President of Engineering, in coordination with the Company’s senior management, works collaboratively across the Company to implement the cyber risk management program. To facilitate the success of the Company’s cybersecurity program, cross-functional teams throughout the Company address cybersecurity threats and respond to cybersecurity incidents. Through ongoing communications with these teams, the Company’s Vice President of Engineering and senior management are informed about and monitor the prevention, detection, mitigation and remediation of cybersecurity threats and incidents in real time, and report such threats and incidents to the Audit Committee of the Board of Directors when appropriate. Our Audit Committee takes the lead on behalf of our Board of Directors in monitoring risk management, which includes overseeing the Company’s management of its cybersecurity and data privacy. The Audit Committee meets on a quarterly basis with our Vice President of Engineering, General Counsel and Chief Financial Officer, who provide quarterly reports concerning the Company’s information security and cybersecurity risks. Although we have not been materially impacted by any cybersecurity incident to date, we are subject to cybersecurity threats, as discussed in Item 1A. Risk Factors, including in the risk factor entitled " Our business and operations would suffer in the event of system failures, cyber-attacks or a deficiency in our cyber-security ." 17

Company Information