Azenta, Inc. 10-K Cybersecurity GRC - 2024-11-26

Page last updated on November 27, 2024

Azenta, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-11-26 19:20:10 EST.

Filings

10-K filed on 2024-11-26

Azenta, Inc. filed a 10-K at 2024-11-26 19:20:10 EST
Accession Number: 0001437749-24-036289

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk Management We have implemented a cybersecurity risk management program intended to protect the confidentiality, integrity, and availability of our critical systems and information. Our cybersecurity risk management program is an element of and is integrated into our overall enterprise risk management program, and is a key component of our annual organizational risk assessment. Our cybersecurity risk management program is based in part on, and incorporates elements of, the National Institute of Standards and Technology (NIST) Cybersecurity Framework and International Organization for Standardization 27001 (ISO 27001) Framework. In general, we seek to address cybersecurity risks through a comprehensive, cross-functional approach that is focused on preserving the confidentiality, security and availability of the information that we collect and store by identifying, preventing and mitigating cybersecurity threats and effectively responding to cybersecurity incidents when they occur. Our cybersecurity risk management program utilizes a variety of technical and process controls that are designed to identify, protect against, detect, respond to, and recover from cybersecurity threats, including: ● risk assessments designed to help identify material cybersecurity risks to our critical systems, information, products, services, and our broader enterprise information technology (“IT”) environment; ● a security team that is principally responsible for managing (1) our cybersecurity risk assessment processes, (2) our security controls and policies, and (3) our response to cybersecurity incidents; ● the use of external service providers, where appropriate, to assess, test, or otherwise assist with aspects of our security controls; ● cybersecurity awareness training for our employees, incident response personnel, and senior management; ● assessment of material cybersecurity risks posed by third-party service providers, including risks to employee, customer and financial information; ● a cybersecurity incident response protocol that includes procedures for responding to cybersecurity incidents; and ● business continuity plans. As part of the above processes, we engage, as necessary, consultants and other third parties, to review our cybersecurity incidents if material to help quantify the impact and identify areas for continued focus, improvement, and compliance. Our processes also address cybersecurity threat risks associated with our use of third-party service providers, including our suppliers and manufacturers or who have access to confidential, proprietary, personal, or employee data, or to our systems. In addition, cybersecurity considerations affect the selection and oversight of our third-party service providers. We perform diligence on third parties that have access to our systems, data or facilities that house such systems or data, and continually monitor cybersecurity threat risks identified through such diligence. Additionally, we generally require those third parties that could introduce significant cybersecurity risk to us to agree by contract to manage their cybersecurity risks in specified ways, and to agree to be subject to cybersecurity audits or audits for System and Organization Controls (SOC) compliance. We have been, and expect to continue to be, subject to cybersecurity risks and incidents related to our business. We have not experienced any material cybersecurity incidents during the last fiscal year. For more information about the cybersecurity risks we face, see Item 1A - Risk Factors of this Annual Report on Form 10-K. Governance Our Board considers cybersecurity risk as part of its enterprise risk management oversight function. The Board delegates oversight of the cybersecurity risk management program to the Audit Committee. This oversight includes periodic reports from management concerning cybersecurity related risks. The management of the program is the responsibility of our Risk Management Committee, comprised of our Chief Financial Officer, Chief Digital & Information Officer, Chief Accounting Officer and General Counsel. Our Chief Digital & Information Officer, who has over 30 years of extensive work experience in the field of technology and cybersecurity, leads our team of cybersecurity professionals and provides the Risk Management Committee with periodic reports on our cybersecurity risks and any material cybersecurity incidents. Our team of cybersecurity professionals monitors the prevention, mitigation, detection, and remediation of cybersecurity incidents through the cybersecurity risk management and processes described above, including the operation of our incident response plan. The Risk Management Committee provides updates to the Audit Committee on our cybersecurity risk management program as appropriate, including updates on (1) any critical cybersecurity risks; (2) ongoing cybersecurity initiatives and strategies; (3) applicable regulatory requirements; and (4) industry standards. The Risk Management Committee also notifies the Board of any significant and/or material cybersecurity incidents (suspected or actual) and provides updates on the incidents as well as cybersecurity risk mitigation activities as appropriate.

Company Information