Page last updated on November 26, 2024
Vestis Corp reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-11-22 16:18:14 EST.
Filings
10-K filed on 2024-11-22
Vestis Corp filed a 10-K at 2024-11-22 16:18:14 EST
Accession Number: 0001967649-24-000060
Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!
Item 1C. Cybersecurity.
Item 1C. Cybersecurity. Risk Management and Strategy The Company maintains comprehensive policies, procedures, and controls to protect the Company’s information systems and related data from cybersecurity threats and incidents. The Company’s cybersecurity risk management program is aligned with the International Standards Organization (ISO 27001:2022) and mapped to National Institute of Standards Special Publication 800-53 Revision 5 (NIST 800-53). The Company’s cybersecurity program is integrated into the Company’s overarching enterprise risk management program. The Company’s Chief Information Security Officer (CISO) is responsible for managing the Company’s cybersecurity program and reporting on cybersecurity matters to management, the Cyber Governance Committee, and the Company’s board of directors. The CISO has over twenty years of cybersecurity and technology experience, originating with cryptography and security experience as a military officer and progressing through senior management roles at prominent global audit and technology consulting corporations. The CISO leads the Company’s cybersecurity and information technology compliance department which is staffed with technical and compliance personnel with the appropriate experience and certifications required to accomplish the department’s mandates. The CISO is supervised by the Company’s Chief Technology Officer. The Company’s maintains a Cyber Governance Committee, which meets quarterly, and interfaces with other functional areas within the Company, including, but not limited to, legal, internal audit, accounting, risk management, human resources, as well as external third-party partners. The CISO serves as the chair of the committee, which has been tasked with providing governance and oversight of the Information Security and Management System and to provide governance during major cybersecurity incidents. The Company engages third parties to assist with the monitoring components of the security infrastructure that we have deployed. As required, the Company engages consultants and third parties to assist with penetration testing, tabletop incident response exercises, or other activities necessary to comply with various standards and certifications that we require to operate as a business. The Company provides regular awareness training to our employees and consultants using our collaboration platforms, including periodic phishing tests, to help identify, avoid, and mitigate cybersecurity threats, as well as targeted security training for key departments dealing with sensitive data types. Where needed, the Company seeks appropriate certifications from vendors and contractually requires adherence to data privacy and security requirements from its vendors. Where service providers are materially utilized, the company obtains SOC1 or SOC2 reports and complies with complementary user entity controls to keep those attestations valid. The Company operates technologies that are exposed to the internet, and although robust cybersecurity programs, technologies, and safeguards are deployed to help protect the Company’s operations and assets, the Company by nature is exposed to material cybersecurity attacks that are either generally targeted at companies that operate on the internet, or the Company by nature remains exposed to attacks that are specifically directed at the Company’s technology systems exposed to the internet. Governance The Company’s Board of Directors provide ultimate oversight of the Company’s cybersecurity risk management program. As reflected in the Audit Committee’s charter, the Board of Directors has specifically delegated responsibility for oversight of cybersecurity matters to the Audit Committee. The CISO presents quarterly updates to the Audit Committee on the Company’s cyber risks and threats, status of projects to strengthen the Company’s information security systems, and emerging threats. During the normal course of business, the Company has experienced and expects to continue to experience cyber-based attacks and other attempts to compromise our information systems, although none, to our knowledge, has had a material adverse effect on our business, financial condition or results of operations. The Company does not believe that any risks from cybersecurity threats, nor any previous cybersecurity incidents, have materially affected the Company. However, the sophistication of cyber threats continues to increase, and the preventative actions the Company has taken and continues to take to reduce the risk of cyber incidents and protect its systems and information may not successfully protect against all cyber incidents. For more information on how cybersecurity risk may materially affect the Company’s business strategy, results of operations, or financial condition, please refer to Item 1A, “Risk Factors.”
Company Information
| Name | Vestis Corp |
| CIK | 0001967649 |
| SIC Description | Wholesale-Miscellaneous Nondurable Goods |
| Ticker | VSTS - NYSE |
| Website | |
| Category | Large accelerated filer |
| Fiscal Year End | September 26 |