CAL-MAINE FOODS INC 10-K Cybersecurity GRC - 2024-07-23

Page last updated on July 23, 2024

CAL-MAINE FOODS INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-07-23 16:11:17 EDT.

Filings

10-K filed on 2024-07-23

CAL-MAINE FOODS INC filed a 10-K at 2024-07-23 16:11:17 EDT
Accession Number: 0001562762-24-000177

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Risk Management and Strategy We understand the importance of cybersecurity and its role in the success of our Company. Our business operations depend on the effective use of our information systems in order to properly serve our customers, manage our business and track and report our financial results. Our technology operations consider risks from cybersecurity threats in the implementation and execution of our business processes. We have considered and assessed the risks from cybersecurity threats as part of our overall risk assessment process using the National Institute of Standards and Technology (“NIST”) Cybersecurity Framework. In order to identify, assess and manage material risks arising from cybersecurity threats, we maintain internal resources to monitor and quickly respond to such threats. We perform vulnerability scans and penetration testing designed to test the effectiveness of our security practices. We engage third-party service providers to assist in the evaluation of our internal controls over our information systems through audit and consulting services to test the design and operational effectiveness of security controls. We continually monitor our systems to detect and identify cybersecurity threats. Prior to contracting with third-party vendors, we perform risk assessments of the vendors and require the vendors to manage cybersecurity risks to our business operations as well as notify us of any potential or known cybersecurity risks. We also require our employees to complete training programs to increase their awareness of and sensitivity to cybersecurity threats. These training programs include the identification of such threats and the proper responses to a potential breach of cybersecurity that aligns with our adopted processes. The Company has implemented a response process in the event of a cybersecurity incident through its crisis management plan. The process includes the cooperation of the information technology team and our management team to properly detect and respond to these incidents. These responses include determination of the potential impact and materiality of the incident, potential disclosure and litigation matters, and mitigation of actual or potential damage to our systems or reputation arising from the incident. An action plan is implemented to respond to any potential cybersecurity breach in order to continue to effectively serve our customers and conduct our operations with as little interruption as practicable. The information technology team reviews the response process on a regular basis to ensure that it is designed to be effective and to encompass current or new cybersecurity threats. As of July 23, 2024, we are not aware of any risks from cybersecurity threats, including as a result of prior cybersecurity incidents, that have materially affected or that we believe are reasonably likely to materially affect the Company, including our business strategy, results of operations or financial condition. See “Item 1A. Risk Factors” for further discussion about risks from cybersecurity threats. Governance The Board is responsible for the oversight of management’s process for identifying and mitigating risks related to cybersecurity threats. On a quarterly basis, the Director of Information Technology provides a report to the Audit Committee regarding ongoing processes to improve and update our current cybersecurity protocols, new cybersecurity threats, results of internal assessments, and any recent cybersecurity incidents. The Audit Committee will make the Board aware of any information it deems necessary or appropriate in order for the Board to effectively oversee the Company’s cybersecurity risk management and strategy. The Director of Information Technology and the team he manages are responsible for the operation and maintenance of our information systems, including the assessment, identification and management of risks from cybersecurity threats. Together, the Director of Information Technology and his team have over 150 years of experience in the information technology and security environment. Our Chief Financial Officer, to whom the Director of Information Technology reports, has served as Chief Financial Officer and a Board member since 2018 and has over 40 years of risk management experience. 22


Company Information

NameCAL-MAINE FOODS INC
CIK0000016160
SIC DescriptionAgricultural Prod-Livestock & Animal Specialties
TickerCALM - Nasdaq
Website
CategoryLarge accelerated filer
Fiscal Year EndMay 31