SYNAPTICS Inc 10-K Cybersecurity GRC - 2024-08-23

Page last updated on August 23, 2024

SYNAPTICS Inc reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-08-23 17:18:09 EDT.

Filings

10-K filed on 2024-08-23

SYNAPTICS Inc filed a 10-K at 2024-08-23 17:18:09 EDT
Accession Number: 0000950170-24-100261

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Risk Management and Strategy Our cybersecurity risk management program is part of our overall approach to enterprise risk management. Our cybersecurity risk management program seeks to protect our information systems by managing and reducing material risks from cybersecurity threats and by responding to and mitigating cybersecurity incidents. We have designed our cybersecurity risk management program using certain industry practices and frameworks as a guide, including those established by the International Organization for Standardization and the National Institute of Standards and Technology, although we may not meet all technical standards, specifications, or requirements. We employ a cross-functional approach to preserving the confidentiality, security and availability of the employee, customer, supplier and partner information that we collect and store. We have implemented cybersecurity processes, measures and controls to assist management in our assessment, identification and management of risks from cybersecurity threats. Our Information Security team monitors events, analyzes threats, and coordinates our incident response pursuant to our incident response plan, which includes the process to be followed for reporting of incidents. Our cybersecurity risk management involves identifying information assets and potential threats, assessing and prioritizing risks, employing various tools and techniques, including vulnerability scanning and penetration testing. Based on the risk assessment, appropriate security measures are implemented. We conduct annual and ongoing security awareness and behavioral change training for employees to educate them on cybersecurity best practices and train them to recognize phishing attempts. We also assess and manage cybersecurity risks associated with third-party service providers, including those in our supply chain or vendors who have access to our data or systems. Our cybersecurity process is iterative, with regular reviews and updates to help improve and respond to a dynamic and continuously evolving threat landscape. We describe whether and how risks from cybersecurity threats have materially affected or are reasonably likely to materially affect us, our business strategy, results of operations, or financial condition under the heading “We face risks associated with security breaches or cyberattacks,” included as part of our risk factors disclosures in Item 1A. Risk Factors of this Annual Report on Form 10-K. In the last three fiscal years, we have not experienced a cybersecurity incident which has been determined to be material, and the expenses we have incurred from cybersecurity incidents and threats were immaterial, including penalties and settlements, of which there were none. Governance Our Board of Directors is responsible for risk management oversight and has delegated to our Audit Committee oversight responsibility for reviewing the effectiveness of our governance and management of cybersecurity risks. The Audit Committee biannually reviews our policies and practices with respect to risk management, including cybersecurity risks, and reports its findings to the full Board of Directors. The Audit Committee also receives a report containing information security risk posture details, remediation plan execution progress and pertinent threat intelligence updates from the Chief Information Security Officer (“CISO”) and Sr. Director of Internal Audit on a biannual basis. At least annually, but more frequently as necessary, threats from cybersecurity risks and our action plans relating to those risks also are considered by the full Board during meeting discussions of enterprise risks. Members of management, including the Chief Executive Officer, Chief Financial Officer, Chief Information Officer, and Chief Legal Officer may also report directly to the Board of Directors on significant risk management issues, including cybersecurity threats and incidents. We have an Information Security Management Steering Committee (the “ISMS Committee”), comprised of our CISO, as well as members of our executive team, including our Chief Information Office and Chief Legal Officer. Our Chief Information Officer and CISO, in coordination with the ISMS Committee, work collaboratively to implement our enterprise-wide cybersecurity strategy, policy, standards, architecture, and processes. Our InfoSec team communicates with and reports to the CISO, enabling the CISO, CIRT, and ISMS Committee to monitor the prevention, detection, mitigation, and remediation of cybersecurity incidents. Our CISO has over 28 years of experience managing global IT operations, including strategy, applications, infrastructure, information security, support and execution.

Company Information