Credo Technology Group Holding Ltd 10-K Cybersecurity GRC - 2024-06-24

Page last updated on July 16, 2024

Credo Technology Group Holding Ltd reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-06-24 17:13:11 EDT.

Filings

10-K filed on 2024-06-24

Credo Technology Group Holding Ltd filed a 10-K at 2024-06-24 17:13:11 EDT
Accession Number: 0001628280-24-029629

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk Management and Strategy We have established policies and processes for assessing, identifying, and managing material risk from cybersecurity threats. These policies and processes are intended to protect the confidentiality, integrity, and availability of our critical information systems and our critical data, including intellectual property and confidential information that is proprietary, strategic, or competitive in nature. We conduct periodic risk assessments to identify cybersecurity threats. These risk assessments include identifying reasonably foreseeable potential internal and external risks, the likelihood of occurrence and any potential damage that could result from such risks, and the sufficiency of existing policies, procedures, systems, controls, and other safeguards in place to manage such risks. We also use third-party service providers from time to time in connection with our risk assessment processes. As part of our overall risk management program, we provide training to employees at all levels on cybersecurity awareness and the protection of confidential information. In addition, we have established a cybersecurity incident response process that includes procedures for detecting and responding to cybersecurity incidents. The Company also participates in a cybersecurity risk insurance policy. For additional information regarding whether any risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, are reasonably likely to materially affect our company, including our business strategy, results of operations, or financial condition, please refer to Item 1A, “Risk Factors,” in this annual report on Form 10-K , including the risk factors entitled “Cybersecurity breaches, cyberattacks, and other disruptions to information technology systems could disrupt our operations, compromise the confidentiality of our data or our intellectual property, and adversely affect our business, reputation, operations, and financial results” and “Our business may be impacted by information technology system failures or network disruptions, and lack of redundancy.” Governance Our Board considers cybersecurity risk as part of its overall risk oversight function and has delegated to the Nominating and Corporate Governance Committee of the Board (the NCG Committee) overall oversight of cybersecurity matters and other policies and internal controls regarding cybersecurity risks. The Audit Committee of the Board (the Audit Committee) is responsible for oversight of disclosure controls with respect to potential cybersecurity incidents as well as the Company’s compliance with SEC rules applicable to cybersecurity risk management. In fiscal 2024 the Audit Committee received reports on our cybersecurity risk management initiatives. In addition, our management team updates the Board with respect to the Company’s overall cybersecurity risk posture and initiatives in order to improve our cybersecurity risk controls. As necessary, the Audit Committee will oversee management’s responses to any significant cybersecurity incidents including any disclosures required by law. The full Board also receives a briefing from management on our cyber risk management program at least annually. Our management team, which includes our IT management team, is responsible for day-to-day implementation, management and evaluation of our cybersecurity risk assessment and management processes. The IT management team has primary responsibility for our overall cybersecurity risk management program, including monitoring the prevention, detection, mitigation, and remediation of cybersecurity incidents, and works in partnership with our other business leaders, including our Chief Legal Officer, Vice President of Systems Engineering, and internal audit function, as needed. Our IT management team supervises both our internal cybersecurity personnel and any retained external 56 cybersecurity consultants. Our Director of IT has served in various roles in information technology and information security for over 15 years. Our cybersecurity incident response process is designed to escalate significant cybersecurity incidents to a team of business leaders, including, but not limited to, our Vice President of Systems Engineering, Chief Legal Officer, and Chief Financial Officer. In the case of a cybersecurity incident, this team of business leaders will work with our incident response team to help determine the severity of the impact of a cybersecurity incident, as well as to help mitigate and remediate cybersecurity incidents of which they are notified. The incident response team will also work under the oversight of legal counsel and the Audit Committee to determine whether an incident is material for disclosure purposes under applicable law.

Company Information