ANGIODYNAMICS INC 10-K Cybersecurity GRC - 2024-07-25

Page last updated on July 25, 2024

ANGIODYNAMICS INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-07-25 16:13:50 EDT.

Filings

10-K filed on 2024-07-25

ANGIODYNAMICS INC filed a 10-K at 2024-07-25 16:13:50 EDT
Accession Number: 0001628280-24-032989

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cyber Security. Risk Management and Strategy We have designed and implemented a cybersecurity risk management program to help us identify, assess, and mitigate cybersecurity risks relevant to our business, based on the National Institute of Standards and Technology (NIST) Cyber Security Framework 2.0. Our cybersecurity risk management program includes: - dedicated third-party cybersecurity professionals who analyze cybersecurity threats, define cybersecurity policy and requirements, implement protections, and monitor and respond to cybersecurity incidents; - cybersecurity regulatory based risk assessments for the Company’s systems and applications (where required); - a formal incident response plan, in which incidents are classified based upon the severity, impact, and the potential harm that can be caused by the incident; - annual information security training program for all employees, including phishing awareness training; - working closely with application development and infrastructure & operation teams to embed security considerations into the foundation of technology; - engagement of third-party service providers to conduct assessment of the Company’s cybersecurity risk management program, penetration testing, and vulnerability testing; and - a third-party risk assessment process for service providers, suppliers, and vendors. Risks from cybersecurity threats are integrated into AngioDynamics’ enterprise risk management (ERM) program. The ERM program establishes a risk management framework that seeks to identify, assess, and mitigate risks that could materially impact the Company’s business and operation. To date, the Company is not aware of any cybersecurity incident that has had or is reasonably likely to have a material impact on the Company’s business or operations. However, despite our security measures, there can be no assurance that the Company, or the third parties with which we interact, will not experience a cybersecurity incident in the future that may materially affect us. See Item 1A. Risk Factors under, A cyber-attack or other breach of our, our distributors, or our supply chain partners’ information technology systems could have a material adverse effect on our business, financial condition and/or results of operations. Governance The cybersecurity risk management program is led by the Senior Vice President, Information Technology (“SVP of IT”). Our SVP of IT has over 28 years of experience assisting public and privately held companies in a variety of industries, leading several enterprise-wide transformation initiatives to adapt to changing cybersecurity threats. Our SVP of IT reports to the Chief Executive Officer (CEO), who works closely with the Executive Committee to guide strategic direction and IT decisions to drive business outcomes. Our Board of Directors is engaged in the Company’s ERM program and receives briefings on the outcomes of the ERM program and the steps the Company takes to mitigate risks that the program identifies. The Board oversees the Company’s cybersecurity strategies, systems, and controls to ensure reliability and prevent unauthorized access. The Audit Committee discusses policies with respect to risk assessment and risk management, including risks associated with the reliability and security of the Company’s information technology and security systems, and the steps management has undertaken to monitor and control such exposures. The Board of Directors receives regular updates on the Company’s cybersecurity risk management program from the SVP of IT.

Company Information