ROCKWELL AUTOMATION, INC 10-K Cybersecurity GRC - 2024-11-12

Page last updated on November 12, 2024

ROCKWELL AUTOMATION, INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-11-12 15:34:04 EST.

Filings

10-K filed on 2024-11-12

ROCKWELL AUTOMATION, INC filed a 10-K at 2024-11-12 15:34:04 EST
Accession Number: 0001024478-24-000107

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk Management and Strategy The Company has a cybersecurity risk management program that is designed to assess, identify, manage, and govern risks from cybersecurity threats. Our cybersecurity risk management program is a key component of our overall enterprise risk management strategy. The Company’s cybersecurity risk management program focuses on risk and threat identification, protection, detection, response, and recovery, designed to protect the confidentiality, integrity, and availability of critical systems and data. The Company’s cybersecurity incident response and crisis management plans are components of the cybersecurity risk management program, focusing on effective response to cybersecurity incidents or attacks. We monitor our internal technology for cybersecurity threats, and we use various security capabilities to mitigate the risk of these threats. Additionally, the Company provides annual cybersecurity and information security awareness training for all employees and contractors. The Company maintains a robust, risk-based approach to identifying and overseeing cybersecurity risks presented by third parties, including vendors, service providers, and other external users of the Company’s systems, as well as the systems of third parties that could adversely impact our business in the event of a cybersecurity incident affecting those third-party systems. Governance The Company’s cybersecurity program is led by the Chief Information Security Officer (CISO). Our CISO has more than 30 years of technology and cybersecurity leadership experience and is a Certified Information System Security Professional (CISSP), and a Certified Information Systems Auditor (CISA). The CISO reports to the Chief Information Officer (CIO). The CISO leads a team that is responsible for executing cybersecurity strategy, to support risk management, and protection of Company systems, products, and employee and customer information. As the foundation of the cybersecurity program, the Company maintains cybersecurity policies and procedures that are informed by recognized security frameworks and applicable regulations, laws, and standards. We use various frameworks, standards, guidelines, and best practices as a guide to help us identify, assess, and manage cybersecurity risks relevant to our business. The Company engages third parties to assess our cybersecurity posture and program maturity. We also consider cybersecurity, along with other top risks for the Company, within our ERM framework. The ERM framework includes internal reporting at the business and enterprise levels, with consideration of key risk indicators, trends, and countermeasures for cybersecurity and other types of significant risks. During the year ended September 30, 2024, the Company has not identified risks from cybersecurity threats, including as a result of prior cybersecurity incidents, that have materially affected or are reasonably likely to materially affect the Company, including its business strategy, results of operations, or financial condition. Nevertheless, the Company recognizes cybersecurity threats are ongoing and evolving, and we continue to remain vigilant. For more information on the Company’s cybersecurity-related risks, see Item 1A. Risk Factors . The Company’s Disclosure Committee is a part of the cybersecurity risk program as it meets quarterly to review cyber incidents that have occurred during the quarter, and additionally, as needed, to discuss any potentially material cybersecurity incidents. The Disclosure Committee, which includes senior leaders from finance and accounting, legal, investor relations, and corporate communications, is responsible for determining if risks from cybersecurity threats have materially affected or are reasonably likely to materially affect, the organization such that public disclosure is necessary. Additional management governance is provided by an Enterprise Security Council, comprised of key senior business leadership with diverse experiences and responsibilities. The Enterprise Security Council oversees key cybersecurity and product security matters and initiatives, including policy, standards, strategy, program metrics, and cybersecurity risk escalation. Cybersecurity oversight by the Board of Directors is shared between the full Board and the Audit Committee. The full Board of Directors receives periodic updates on the cybersecurity threat landscape, recent cybersecurity events, our cybersecurity strategy, and cybersecurity program priorities. The Audit Committee receives updates on information security, including internal controls and external reporting processes. The Audit Committee also receives updates from the Disclosure Committee with respect to cybersecurity incidents reviewed by the Disclosure Committee.

Company Information