Fabrinet 10-K Cybersecurity GRC - 2024-08-20

Page last updated on August 22, 2024

Fabrinet reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-08-20 07:05:01 EDT.

Filings

10-K filed on 2024-08-20

Fabrinet filed a 10-K at 2024-08-20 07:05:01 EDT
Accession Number: 0001408710-24-000032

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY. Risk Management and strategy We have established policies and processes for assessing, identifying, managing and disclosing, as necessary, risks from cybersecurity threats, and have integrated these processes into our overall risk management systems and processes as described below. The foundation of our cybersecurity program is based on the International Organization for Standardization (ISO) and the National Institute of Standards and Technology (NIST) Cybersecurity Framework. We routinely assess material risks from cybersecurity threats, including from any potential unauthorized occurrence on or conducted through our information systems that may result in adverse effects on the confidentiality, integrity, or availability of our information systems or any information residing therein. These risk assessments are designed to identify internal and external risks, the likelihood and potential damage that could result from such risks, and the sufficiency of existing policies, procedures, systems, and safeguards in place to manage such risks. Following these risk assessments, we evaluate whether and how to re-design, implement, and maintain safeguards intended to address and minimize identified risks and continue monitoring and testing the effectiveness of such safeguards. Our VP of Information Technology and Information Security (“VP of IT/IS”), who reports to our Chief Executive Officer, manages our cybersecurity and information security risk assessment and mitigation process. We have established an internal IT security committee that includes our VP of IT/IS and other members of our information security, information technology, internal audit/compliance, and finance teams, to instill a thoughtful security culture across Fabrinet. Our employees are made aware of our cybersecurity policies through mandatory trainings during onboarding and on an annual basis. We also engage and consult with third parties in connection with our risk assessment processes, including advisors, consultants and auditors. These service providers assist us to design and implement our cybersecurity policies and procedures, as well as to monitor and test our safeguards. We deploy multiple tools and processes to monitor the prevention, detection, mitigation, and remediation of cybersecurity incidents, both internal and associated with the use of any third-party service provider. We have not experienced a material security breach in our systems, or, to our knowledge, in our third-parties’ systems, nor incurred any significant expenses or penalties to resolve or settle any security breach in the past three years. For additional information regarding whether any risks from cybersecurity threats are reasonably likely to materially affect our Company, including our business strategy, results of operations, or financial condition, please refer to Item 1A, “Risk Factors-Intellectual Property and Cybersecurity Risks,” in this Annual Report on Form 10-K. Governance One of the key functions of our board of directors is informed oversight of our risk management process, including risks from cybersecurity threats. Our board of directors is responsible for monitoring and assessing strategic risk exposure, and our executive officers are responsible for the day-to-day management of the material risks we face. Our board of directors administers its cybersecurity risk oversight function directly, as well as through the audit committee of the board of directors, which has been tasked with such oversight in the audit committee charter. The audit committee of our board of directors reviews our cybersecurity and information security risks and mitigation strategies. Our VP of IT/IS provides briefings to the audit committee on a quarterly or more often basis as needed regarding our cybersecurity risks and activities, including any recent cybersecurity incidents and related responses and remediation efforts, cybersecurity systems testing, activities of third parties, policies and the like. Our VP of IT/IS is a Certified Information Security Manager (CISM) and has more than 9 years of experience implementing cybersecurity at technology companies. Our VP of IT/IS, together with our internal IT security committee, is primarily responsible for assessing and managing our material risks from cybersecurity threats. We have internal guidelines governing our identification, assessment, communication, and escalation upon the occurrence of a cybersecurity incident. Depending on the nature and severity of an incident, this process provides for escalating notification to the chair of the audit committee, among others as needed, to manage our response.

Company Information