Clearfield, Inc. 10-K Cybersecurity GRC - 2024-11-15

Page last updated on November 15, 2024

Clearfield, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-11-15 12:45:50 EST.

Filings

10-K filed on 2024-11-15

Clearfield, Inc. filed a 10-K at 2024-11-15 12:45:50 EST
Accession Number: 0001171843-24-006402

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Risk Management and Strategy We believe cybersecurity plays a strategic role in ensuring smooth business operations. We are committed to developing, implementing and maintaining cybersecurity measures and processes that are designed to safeguard our information systems, data and operations, and to assess, identify and manage cybersecurity threats that may impact our business. 16 We operationalize our cybersecurity program through an information security management system based on the ISO/IEC 27001:2022 standard. This does not imply that we meet any particular technical standards, specifications, or requirements - only that we use the ISO/IEC 27001:2022 standard as a guide in designing and implementing our cybersecurity program. We believe designing and building our cybersecurity program around best practices and principles helps support robust business continuity. Our cybersecurity program is integrated into our overall risk management system and processes. Key elements of our cybersecurity risk management program include, among others: ● Ongoing cybersecurity training and testing for our employees; ● Regular patching, vulnerability scanning, penetration testing, and network monitoring; ● Robust IT infrastructure to help reduce opportunities for adverse exploitation; ● Operational processes that reinforce cybersecurity policies and IT controls; ● Regular audits to assess our cybersecurity posture, maturity, and progress; ● A cybersecurity incident response plan operationalized in a governance, risk, and compliance (“GRC”) platform; and ● A third-party risk management process for vendors that includes annual assessments and Service Organization Control Type 2 (SOC 2) reviews While we have experienced cybersecurity incidents and expect to continue to be subject to such incidents, to date we have not experienced any cybersecurity incidents that have materially affected our business strategy, financial condition, or results of operations. The cybersecurity threat landscape continues to evolve and escalate. We are subject to ongoing risks from cybersecurity threats that could materially affect our business strategy, financial condition, or results of operations, as further described in Part I, Item 1A, “Risk Factors” of this Annual Report on Form 10-K. Governance Our Board of Directors includes cybersecurity risk as part of its overall risk oversight function, and has delegated to our Audit Committee responsibility for overseeing, reviewing and discussing with management: (i) our cybersecurity, information technology and data security risks and threats; (ii) the potential impact of those risks and threats on our business, operations, and reputation; and (iii) management’s processes, procedures and actions to identify, assess, monitor, mitigate, and remediate such risks and threats. Management provides the Board and the Audit Committee regular reports and assessments on our cybersecurity program and material cybersecurity risks. In addition, management updates the Board and the Audit Committee, as appropriate, regarding significant cybersecurity incidents should they occur. A cybersecurity incidence response team comprised of key function heads and personnel, including IT, Finance, Legal, and Human Resources, provides operational support for clarifying and acting on cybersecurity issues, including decision-making around materiality, escalation and disclosure. Our cybersecurity program is principally managed by our Chief Information Officer and our Information Security Manager. Together, they have over 50 years of experience in IT, including developing, implementing, and operating IT controls. Our Chief Information Officer and our Information Security Manager manage cybersecurity risks by continually working to reduce risks, respond appropriately to incidents, and invest in hardening our attack surface to improve our cybersecurity posture. Our GRC platform is designed to provide reliability in identifying, tracking, and mitigating cybersecurity risks. We also engage third party assessors, consultants, and auditors to extend internal team capabilities and support our cybersecurity program, including engaging a cybersecurity service provider that provides 24/7 continuous managed detection and response services.

Company Information