Page last updated on October 1, 2024
COPART INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-09-27 19:06:12 EDT.
Filings
10-K filed on 2024-09-27
COPART INC filed a 10-K at 2024-09-27 19:06:12 EDT
Accession Number: 0000900075-24-000024
Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!
Item 1C. Cybersecurity.
Item 1C. Cybersecurity Risk Management and Strategy We work proactively to identify, evaluate, and manage cybersecurity threats to our business. These threats include disruption and denial of critical systems and infrastructure, intellectual property theft, fraud, extortion, harm to customers and employees, legal and litigation risks, reputational risks, and the breach of confidential business data, which could include personally identifiable information. We employ both holistic and focused processes for identifying, assessing, managing, and disclosing material cybersecurity risks to our business. Our holistic review is part of our general risk management process, and involves our executive leadership team, team members from our finance, legal, tech, and operations teams, and external legal, financial, and risk advisors who are subject matter experts in identifying, assessing, mitigating and reporting material risks. Our focused review involves internal assessment by our cybersecurity team, as well as external review by a cybersecurity consulting services firm, to evaluate our cybersecurity program and our capacity to defend against and respond to potential cybersecurity threats. Through strategic investments over several years, we have established and enhanced a comprehensive cybersecurity program consisting of security toolsets, people, policies, and contracted third-party service providers that provide technical, organizational, and administrative safeguards to protect against and timely respond to cybersecurity threats and incidents. Our cybersecurity strategy is based foremost on defense in depth, and secondarily on resilience. Defense in depth is a strategy of layered security, in which we employ a variety of overlapping controls, tools, and processes to defend against threat actors. Resilience is a strategy focused on business continuity and disaster recovery, with the goal of rapidly restoring, rebuilding, and recovering from any adverse cyber impacts to our business. These controls, tools and processes include technologies designed to detect and defend against unauthorized access to our systems and infrastructure, relevant corporate policies, periodic cybersecurity and privacy training programs, and incident response protocols for preventing, detecting, responding to and recovering from cybersecurity incidents. We use the National Institute for Standards in Technology (NIST) security framework to evaluate our cybersecurity controls, which we work to continuously enhance. We describe whether and how risks from identified cybersecurity threats, including as a result of any previous cybersecurity incidents, have materially affected or are reasonably likely to materially affect us, including our business strategy, financial condition, or results of operations, under the heading “Disruptions to our information technology systems, including failure to prevent outages, maintain security, and prevent unauthorized access to our information technology systems and other confidential information, could disrupt our business and materially and adversely affect our reputation, consolidated results of operations, and financial condition” included as part of our risk factor disclosures included in Item 1A of this report, which disclosures are incorporated by reference herein. Governance Our Board of Directors has delegated oversight of our cybersecurity program to our Audit Committee, and this oversight responsibility is reflected in our Audit Committee charter. Our Audit Committee receives quarterly updates from our chief information security officer on the status of these programs. Our Audit Committee also receives a detailed presentation from our chief information security officer on our cybersecurity program annually, which includes the results of an external third-party assessment. Our Audit Committee is comprised solely of independent directors, with one member who is a subject matter expert in technology and cybersecurity. Our management team is responsible for assessing and managing our material risks from cybersecurity threats, and has appointed a chief information security officer to lead our global cybersecurity organization for this purpose. Our executive management team and key members of our broader finance, legal, tech and operations organizations receive detailed monthly briefings from our chief information security officer on the status of our cybersecurity program and our readiness to prevent, detect, mitigate and recover from cybersecurity incidents. Our chief information security officers leads our incident response team for addressing and recovering from identified cybersecurity incidents. Our incident response team includes key members of our tech, legal and executive management teams to manage our response efforts, which includes timely compliance with applicable contractual and regulatory notification obligations.
Company Information
| Name | COPART INC |
| CIK | 0000900075 |
| SIC Description | Retail-Auto Dealers & Gasoline Stations |
| Ticker | CPRT - Nasdaq |
| Website | |
| Category | Large accelerated filer |
| Fiscal Year End | July 30 |