OPEN TEXT CORP 10-K Cybersecurity GRC - 2024-08-01

Page last updated on August 1, 2024

OPEN TEXT CORP reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-08-01 17:17:21 EDT.

Filings

10-K filed on 2024-08-01

OPEN TEXT CORP filed a 10-K at 2024-08-01 17:17:21 EDT
Accession Number: 0001002638-24-000052

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk Management and Strategy As a leader in Information Management and cybersecurity we recognize the importance of assessing, identifying, and managing risks associated with cybersecurity threats. These risks include, among other things, operational risks; intellectual property theft; fraud; extortion; harm to employees or customers; violation of privacy or security laws and other litigation and legal risk; and reputational risks. At OpenText, cybersecurity risk management is an integral part of our overall enterprise risk management program. Our cybersecurity risk management program aligns with industry best practices such as the National Institute of Standards and Technology (NIST) Cybersecurity Framework, and the International Organization for Standardization (ISO)/International Electro-technical Commission (IEC) ISO/IEC 27001 standard. This provides a framework for identifying, monitoring, evaluating, and responding to cybersecurity threats and incidents, including those associated with the use of our software, applications, services, and cloud and hybrid infrastructures developed or provided by third-party vendors and service providers. Our framework includes steps for identifying the source of a cybersecurity threat or incident, assessing the severity and risk of a cybersecurity threat or incident, implementing cybersecurity mitigation or remediation strategies, and informing our management and our Board of material cybersecurity threats and incidents. OpenText has a cross-functional incident response team, led by our cybersecurity team and comprised of representatives from our information technology, cybersecurity, finance, and legal teams. The cybersecurity team primarily is responsible for the monitoring and assessment of potential cybersecurity occurrences such as data breaches, intrusions, and other security incidents and implementing our detailed incident response plan. Our incident response plan includes processes and procedures for assessing potential internal and external threats, activation and notification, crisis management, and post-incident recovery designed to safeguard the confidentiality, availability, and integrity of the Company and our customers information assets. Our cybersecurity team is responsible for assessing our cybersecurity risk management program and our incident response plan. We have devoted significant financial and personnel resources to implement security measures to meet regulatory requirements and customer expectations, and we intend to continue to make investments to maintain the security of the Company and its customers data and information management infrastructure. We have also implemented a review process to assess the security profile and data protection practices of third-party service providers that have exposure to our systems. We review and update our cybersecurity policies, standards and procedures annually, or more frequently as needed, to account for changes in the threat landscape, as well as in response to legal and regulatory developments. Our internal audit department has a team responsible for IT and information security (including cybersecurity) audits. We also engage third-party cybersecurity consultants to conduct additional audits of our cybersecurity processes, provide assessments of our risk management programs and identify potential cybersecurity vulnerabilities. Our cybersecurity efforts also include mandatory training for all employees and contractors on OpenText’s security and privacy policies as well as other ancillary trainings on topics such as phishing emails and other social engineering tactics. In Fiscal 2024, we did not identify any cybersecurity threats or incidents or risks of such incidents that have materially affected or are reasonably likely to materially affect our business strategy, results of operations, or financial condition. However, despite our efforts, we cannot eliminate all risks from cybersecurity threats or incidents or provide assurances that we have not experienced an undetected cybersecurity incident. For more information about these risks, see “Risk Factors-Risks Related to our Business and Industry” in this Annual Report on Form 10-K. Governance Our Board of Directors is responsible for monitoring and assessing the Company’s cybersecurity risk management as part of its overall responsibility of risk oversight. The Board’s Audit Committee is responsible for overseeing risks related to our accounting, financial statements and financial reporting process, including the Company’s cybersecurity incident materiality assessment and relevant disclosures. For more information, see Part III, Item 11, “Board’s Role in Risk Oversight.” Our Chief Information Security Officer (CISO) is responsible for day-to-day risk management activities, including identifying and assessing cybersecurity risks, establishing processes in an effort to ensure that potential cybersecurity risk exposures are monitored, implementing appropriate mitigation or remediation measures and maintaining cybersecurity programs. Our CISO is responsible for providing a single consolidated view of the Company’s enterprise cybersecurity risk in various industries. OpenText’s CISO reports to the Chief Digital Officer (CDO) who is responsible for OpenText’s broader IT program, which includes the Company’s ability to remediate and recover from a cybersecurity incident while minimizing impacts to the business and operations. Management, including the CDO, updates the Audit Committee and the Board of Directors on the Company’s cybersecurity programs, material cybersecurity risks, and mitigation or remediation strategies as needed or appropriate.

Company Information