MACOM Technology Solutions Holdings, Inc. 10-K Cybersecurity GRC - 2024-11-12

Page last updated on November 12, 2024

MACOM Technology Solutions Holdings, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-11-12 16:02:31 EST.

Filings

10-K filed on 2024-11-12

MACOM Technology Solutions Holdings, Inc. filed a 10-K at 2024-11-12 16:02:31 EST
Accession Number: 0001493594-24-000060

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. Cybersecurity. Risk management and strategy. We recognize the importance of developing, implementing and maintaining cybersecurity measures designed to safeguard our information systems and protect the confidentiality, integrity and availability of our data. Managing Material Risks & Integrated Risk Management 25 In the ordinary course of our business, we and our third-party service providers collect, maintain and transmit sensitive data on our networks and systems, including Company and third-party intellectual property and proprietary or confidential business information (such as research data and personal information). The secure maintenance of this information is critical to our business and reputation. In addition, we are heavily dependent on the functioning of our information technology infrastructure to carry out our business processes. While we have adopted administrative, technical and physical safeguards to protect such systems and data, our systems and those of third-party service providers and customers may be vulnerable to a cyber-attack. We have adopted processes designed to identify, assess and manage material risks from cybersecurity threats. Those processes include response to and an assessment of internal and external threats to the security, confidentiality, integrity and availability of our data and information systems, along with other material risks to our operations, at least annually or whenever there are material changes to our systems or operations. We have strategically integrated cybersecurity risk management into our broader risk management framework to promote a company-wide culture of cybersecurity risk management. Our risk management team collaborates with our Head of Information Security to evaluate and address cybersecurity risks in alignment with our business objectives and operational needs. We have processes to detect potential vulnerabilities and anomalies through technical safeguards and have adopted policies and procedures around internal and external notification of cybersecurity incidents. Engaging Third Parties on Risk Management As part of our risk management process, we engage with a range of outside providers, including cybersecurity assessors, consultants, legal advisors and auditors, to conduct periodic internal and external assessments, including, but not limited to, penetration testing. Our collaboration with these third parties also includes regular audits, threat assessments and consultation on security enhancements. Overseeing Third-party Risk We rely on the third parties for various business functions. In certain circumstances, our third-party services providers have access to some of our information systems and data, depending on the nature of their engagements with us, and we rely on such third parties for the continuous operation of our business operations. Because we are aware of the risks associated with third-party service providers, we conduct vendor diligence and security assessments of third-party providers before engagement and maintain ongoing monitoring to oversee compliance with our cybersecurity standards. Monitoring Cybersecurity Incidents The Head of Information Security implements and oversees processes for the monitoring of our information systems. This includes, but is not limited to, the deployment of security measures and system audits to identify potential vulnerabilities. In the event of a cybersecurity incident, we have implemented an incident response plan, which includes actions to mitigate the impact and long-term strategies for remediation and prevention of future incidents. Risks from Cybersecurity Threats As of the date of this report, we are not aware of a cybersecurity incident that resulted in a material effect on our business strategy, results of operations or financial condition, but we cannot provide assurance that we will not be materially affected in the future by such risks or any future material incidents. Despite our continuing efforts, we cannot guarantee that our cybersecurity safeguards will prevent breaches or breakdowns of our or our third-party service providers’ information technology systems, particularly in the face of continually evolving cybersecurity threats and increasingly sophisticated threat actors. A cybersecurity incident may materially affect our business, results of operations or financial condition, including where such an incident results in reputational, competitive or business harm or damage to our brand, lost sales, reduced demand, loss of intellectual property rights, significant costs or the Company being subject to government investigations, litigation, fines or damages. For more information, see “Our business and operations could suffer in the event of a security breach, cybersecurity incident or disruption of our information technology systems” under Item 1A. Risk Factors. Governance. Board of Directors Oversight Our Board of Directors has established oversight mechanisms to manage risks from cybersecurity threats. Our Audit Committee has primary responsibility for oversight of cybersecurity. At least once per year and following any material cybersecurity incidents, the Audit Committee reviews our assessment and management of information security, cybersecurity and technology risks, including the information security and risk management programs and strategies and mitigation strategies. The Audit Committee also reviews the response to data security incidents and breaches as well as the management of third-party cybersecurity risk. Management’s Role Managing Risk At the management level, our cybersecurity program is managed by our Head of Information Security, who reports to our Vice President of Information Technology. Our Head of Information Security has over twenty-five years of information technology 26 experience, with five years of experience in the information security space. Our Head of Information Security holds a Bachelor of Science in Computer Science and a Master of Business Administration.

Company Information