LAM RESEARCH CORP 10-K Cybersecurity GRC - 2024-08-29

Page last updated on August 29, 2024

LAM RESEARCH CORP reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-08-29 14:10:55 EDT.

Filings

10-K filed on 2024-08-29

LAM RESEARCH CORP filed a 10-K at 2024-08-29 14:10:55 EDT
Accession Number: 0000707549-24-000106

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity We recognize the significant role of information security in safeguarding our valuable intellectual property along with the confidentiality, integrity and availability of the data of our customers, employees, and suppliers. We have implemented certain policies, procedures, and systems that are designed to identify and address material risks related to cybersecurity and cybersecurity incidents. We have a comprehensive enterprise risk management (“ERM”) program, which is implemented by management and overseen by our Board of Directors (“Board”). Our identification, assessment, and management of material risks from cybersecurity threats is integrated into the Company’s overall ERM system and processes. Our ERM program is designed to leverage existing management processes to (i) identify critical enterprise risks, including both information security and cybersecurity risks, (ii) design and implement appropriate risk mitigation strategies, and (iii) assess the status of risks and mitigation plans. A key component within our ERM framework is a robust information security risk management program, which includes: - risk assessments designed to help identify risks to our critical systems, information, services, and our broader global information systems environment; - a security team principally responsible for managing (i) our cybersecurity risk assessment processes, (ii) our security controls, and (iii) our response to cybersecurity incidents; - the use of external service providers, where appropriate, to aid in assessing specific risks, providing benchmarking data, providing information regarding trends or recent regulatory changes applicable to our risk profile, or to test or otherwise assist with aspects of our security processes; - the periodic engagement of an independent third-party expert to evaluate our security capabilities; - mandatory annual cybersecurity awareness training of our employees, including incident response personnel and senior management, as well as conducting periodic tests with our user population to reinforce good information security practices; - a cybersecurity incident response plan that includes procedures for responding to cybersecurity incidents, including those impacting the Company’s manufacturing sites; - processes to identify vulnerabilities, breach attempts and possible criminal activity by external parties; and - processes to assess the practices of our suppliers and third-party service providers relative to protecting the security of our information. The Company holds ISO 27001-2022 certification for information security at our corporate headquarters. Our Chief Information Security Officer (“CISO”), who has over 30 years of experience in information security and technology leadership, has primary responsibility for (i) leading our global information security program, (ii) managing the cybersecurity risks identified as part of the ERM program, and (iii) developing, implementing, and enforcing security policies and maintaining information security systems. Our global information security program, led by our CISO, includes dedicated teams specialized in (i) identity access management, (ii) data protection, (iii) incident response, (iv) vulnerability governance, (v) security operations and engineering (vi) governance, risk, and compliance, and (vii) insider risk and intelligence. The members of the information security team are responsible for managing, maintaining, and monitoring the systems and processes that prevent, detect, mitigate and remediate cybersecurity incidents, and for informing our CISO of status of such systems and processes, as well as any significant incidents. Our Board is responsible for overseeing our strategy and approach to addressing information security risks, including managing and assessing risks from cybersecurity threats, both directly and through the audit committee. The audit committee is responsible for reviewing and monitoring the Company’s cybersecurity and information security policies and its internal controls regarding cybersecurity and information security. In addition, the audit committee is responsible for regularly reporting to the Board on the substance of such reviews and, as necessary, recommending to the Board such actions as it deems appropriate. Our CISO reports on information security risks at least quarterly to the audit committee and at least annually to the Board. We experience cybersecurity and other threats and incidents in the course of our operations. To date, we have not determined that such threats and incidents have materially and adversely affected the Company, including our business strategy, results of operations or financial condition. Furthermore, to date, we have not determined that such threats and incidents are reasonably likely to materially and adversely affect the Company, including our business strategy, results of operations or financial condition. For additional information on certain risks associated with cybersecurity, please refer to “Our Business Relies on Technology, Data, Intellectual Property and Other Sensitive information That is Susceptible to Cybersecurity and Other Threats or Incidents” in Item 1A: Risk Factors . Lam Research Corporation 2024 10-K 25 Table of Content

Company Information