GEOSPACE TECHNOLOGIES CORP 10-K Cybersecurity GRC - 2024-11-22

Page last updated on November 26, 2024

GEOSPACE TECHNOLOGIES CORP reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-11-22 16:08:11 EST.

Filings

10-K filed on 2024-11-22

GEOSPACE TECHNOLOGIES CORP filed a 10-K at 2024-11-22 16:08:11 EST
Accession Number: 0001437749-24-036050

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Cybersecurity Breaches and Other Disruptions of Our Information Technology Network and Systems Could Adversely Affect Our Business. Our Senior Vice President of Information Technology (who is also a certified Chief Information Security Officer) manages our security program. Oversight of the program occurs via IT metrics-based updates provided to an Information Technology Steering team (consisting of the executive officers and other key employees of the Company) on a quarterly basis. Additionally, multiple elements of our cybersecurity security program are tested internally and externally on a bi-yearly basis in alignment with our Sarbanes-Oxley information security controls and we engage independent third parties annually to assess the risks associated with our information technology assets. Our cybersecurity program is part of our enterprise risk management strategy and includes policies and procedures designed to safeguard the confidentiality, integrity, and availability of our information assets. Lastly, a cybersecurity risk assessment is provided to our Board of Directors on an annual basis which includes metrics, security incidents, key risk indicators, and risk mitigation plan as well as on the status of material risks, mitigation measures, and incidents related to such risks. Our Board of Directors has overall responsibility for risk oversight, with the Information Technology Steering team assisting the Board in performing this function based on its respective areas of expertise. As such, the Information Technology Steering team performs materiality determinations of cyber incidents and advises the Board of directors accordingly. We maintain a comprehensive cybersecurity risk management program that aligns to the National Institute of Standards and Technology (NIST) Cyber Security Framework and adopts a variety of cybersecurity best practices across the enterprise. We leverage industry-leading cybersecurity vendors that provide the following capabilities: Managed Detection and Response (MDR); a Security Operations Center (SOC) that monitors the Company’s IT assets on a 24x7x365 basis; tools to interdict emails with phishing links and malware payloads; data leak protection tools that provide real-time interdiction of data transfers outside of normal business usage; vulnerability detection and automated patching tools; firewalls and instruction detection systems; multi-factor authentication mechanisms; mobile device management systems; penetration testing; and various third-party assessments. Our critical IP data is maintained on segmented, access-controlled data stores. We utilize a variety of backup mechanisms for its data including both warm and cold storage solutions. Lastly, we utilize token-based technologies to support Payment Card Industry Data Security Standard (PCI DSS) compliant safe handling and protection of credit card data. We have a defined security policy that is reviewed on an annual basis. We have established response procedures for cyber-security incidents and tests the procedures on a periodic basis. We provide robust computer-based cybersecurity and wire fraud / phishing awareness training to all new employees as well as training to existing employees on an annual basis. We have not experienced material information security incidents in the last three years nor have we incurred any material expenses related to penalties and/or settlements related to a material breach nor have we been materially affected or reasonably likely to have had a material adverse effect on us, our business strategy, results of operations, or financial condition. Nevertheless, we do carry a cybersecurity insurance policy. 17

Company Information