BRADY CORP 10-K Cybersecurity GRC - 2024-09-06

Page last updated on September 6, 2024

BRADY CORP reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-09-06 07:09:34 EDT.

Filings

10-K filed on 2024-09-06

BRADY CORP filed a 10-K at 2024-09-06 07:09:34 EDT
Accession Number: 0000746598-24-000065

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Brady has strategically included cybersecurity risk management into an integrated Company-wide risk management framework, which consists of administrative, operational, physical, and technical processes that we believe are appropriate to the scope and nature of our business. We believe this integrated approach allows cybersecurity considerations to form an integral part of our corporate and strategic decision-making processes. Management works closely with our information technology security team to continuously evaluate and address cybersecurity risks in alignment with our business and operational needs. Our cybersecurity policies and practices follow the cybersecurity framework of the Center for Internet Security (“CIS”) Controls. Our cybersecurity strategy focuses on continued strengthening of our cybersecurity defense model, improvement of cybersecurity operational efficiencies, and preparedness for evolving business and technology needs including the detection, analysis, and response to known, anticipated and unexpected cybersecurity threats, management of material risks related to cybersecurity threats and resilience against cybersecurity incidents. We regularly assess potential threats and make investments to mitigate the risk of these threats against our critical information and assets by implementing a broad set of information security and cybersecurity measures, including comprehensive monitoring and enhancement of our networks and systems, intrusion prevention defense, rapid detection and response, and threat management capabilities. To supplement our internal resources, we engage external consultants to conduct independent assessments, perform penetration testing, and provide other cybersecurity-related services as needed. In addition, we engage external vendors to review and test key controls within our cybersecurity program. Cybersecurity awareness and training is provided to new employees and annually for current Brady employees, which is designed to educate employees on recognizing information security and cybersecurity concerns, how they can help protect the organization and how to inform the information technology security team of potential incidents. In addition, we implement processes to manage risks associated with our third-party providers, including security assessments prior to engagement and monitoring their compliance with our cybersecurity standards on an ongoing basis. The Audit Committee of our Board of Directors is responsible for the oversight of risks from cybersecurity threats. Management updates the Audit Committee on a quarterly basis regarding our cybersecurity programs. As part of its oversight responsibilities, the Audit Committee regularly discusses and reviews with management, among other items, Brady’s compliance and cybersecurity programs, and any significant cybersecurity matters and related strategic risk management decisions are escalated to the Board of Directors. Our information technology security team reports to our Chief Information Officer (the “CIO”) and is headed by our Vice President of Global IT (the “VP of IT”) . Our CIO is an experienced information technology professional with extensive cybersecurity and information technology risk management experience. The information technology security team regularly informs our CIO, General Counsel and Chief Financial Officer with regard to cybersecurity risks and incidents, and our executive management team evaluates cybersecurity issues quarterly or as needed. Brady has a detailed incident response plan that provides the process and workflow of communication for escalation of cybersecurity incidents to executive leadership to determine if there is a breach warranting further action. The information technology security team, in conjunction with various departments, including finance, corporate communications, legal, regional presidents and the VP of IT, are charged with reviewing any incident under our materiality framework to assess whether further escalation and reporting is required and if an incident could constitute a material cybersecurity incident. Although we have not experienced any material cybersecurity incidents to date, cybersecurity threats could materially affect the implementation of our business strategy, results of operations, or financial condition, as further discussed in our risk factors in Part I, Item 1A of this report.

Company Information