WD 40 CO 10-K Cybersecurity GRC - 2024-10-21

Page last updated on October 21, 2024

WD 40 CO reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-10-21 16:21:26 EDT.

Filings

10-K filed on 2024-10-21

WD 40 CO filed a 10-K at 2024-10-21 16:21:26 EDT
Accession Number: 0000105132-24-000064

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Cybersecurity Risk Management and Strategy Management is responsible for cybersecurity risk management, which is part of our enterprise risk management and business continuity processes. We regularly evaluate our cybersecurity risk profile as well as the status and activities of our cybersecurity program, which aligns to the industry-recognized Center for Internet Security or CIS framework. We employ a defense-in-depth strategy which involves multiple layers of security controls to help prevent and detect possible risks and employ measures to protect our systems from business disruption. Our cybersecurity program includes tools and activities to prevent, detect, and analyze current and emerging cybersecurity threats, as well as plans and strategies to address threats and incidents. We also engage with third-party service providers, who possess expertise in information technology and cybersecurity, to aid in the design, implementation, and management of our cybersecurity infrastructure and protocols. As part of our continuing education, employees are required to participate in cybersecurity awareness training at the commencement of their employment and annually thereafter. We reinforce this training with monthly internal phishing tests and cybersecurity newsletters to educate our employees on the latest cybersecurity threats and the most effective preventative measures. As of the date of this Annual Report, we have not identified any cybersecurity threats that have had, or are likely to have, a material impact on our operations, including our business strategy, financial results, or financial condition. For more information on the risks associated with cybersecurity, refer to the “Risk Factors” section contained in Item 1A of this Form 10-K. Cybersecurity Governance Management is responsible for implementing our cybersecurity program. Our Chief Financial Officer works with our Vice President of Global Information & Technology (“IT”) and regional IT members to lead our enterprise-wide information security program and manage our Cybersecurity Incident Response Plan. With over 30 years of experience in technology and information systems leadership our Vice President, Global Information & Technology oversees a global network of cybersecurity experts with an average of 25 years of experience. These teams work closely with internal stakeholders to develop, implement, and maintain a comprehensive security strategy that protects our enterprise and supports our business objectives. They also coordinate incident response efforts and proactively address emerging security threats. The recommendations of the management team are considered when updating our information security policies, procedures, and standards. The Audit Committee oversees our cybersecurity risk and mitigation strategies. This committee is regularly briefed by management on the status and effectiveness of our cybersecurity initiatives, including policies and actions taken to monitor, identify, evaluate, mitigate, and report significant risks. The Audit Committee has specific training in overseeing cybersecurity risks, including a member who has earned Carnegie Mellon’s CERT (Certificate in Cyber-Risk Oversight) and another with a certificate earned over cybersecurity risk. In addition, the Audit Committee receives periodic briefings from external experts in the area and regularly reports its oversight activities to the full board.

Company Information