Page last updated on November 28, 2024
Leslie’s, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-11-27 16:07:32 EST.
Filings
10-K filed on 2024-11-27
Leslie’s, Inc. filed a 10-K at 2024-11-27 16:07:32 EST
Accession Number: 0000950170-24-131476
Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!
Item 1C. Cybersecurity.
Item 1C. Cybersecurity We have implemented and maintain a robust cybersecurity program to assess, identify, and manage risks from cybersecurity threats that may result in material adverse effects on the confidentiality, integrity, and availability of our information systems and the data residing therein. Our board of directors, with assistance from the audit committee, oversees the Company’s management of risks arising from cybersecurity threats. The audit committee regularly reviews the measures implemented by the Company to identify and mitigate risks from cybersecurity threats. As part of such reviews, the audit committee receives reports and presentations from members of our team responsible for overseeing the Company’s cybersecurity risk management, including certain IT leadership and our legal team, which may address a wide range of topics including recent developments, evolving standards, vulnerability assessments, third-party and independent reviews, the threat environment, technological trends and information security considerations arising with respect to the Company’s peers and third parties. The audit committee also reports to the board of directors at least annually on cybersecurity matters. We have an incident response plan under which certain cybersecurity incidents are escalated within the Company to senior executives on the cybersecurity risk management committee, and, where appropriate, reported to the Board and Audit Committee in a timely manner. At the management level, our cybersecurity risk management committee, comprised of senior executives representing functional and business areas, including our legal team, has broad oversight of the Company’s risk management processes. Members of the Company’s cybersecurity risk management committee includes certain IT leadership and the General Counsel. The committee meets regularly to discuss the risk management measures implemented by the Company to identify and mitigate data protection and cyber security risks. Certain IT leadership and the General Counsel attend each cybersecurity risk management committee meeting to report on ongoing cybersecurity matters. Our IT leadership also works closely with our legal team to oversee compliance with legal, regulatory and contractual security requirements. Our Vice President of Security and Compliance, who has cybersecurity knowledge and skills gained from work experience at the Company, heads the team responsible for implementing, monitoring and maintaining cybersecurity and data protection practices across our business. The cybersecurity team receives reports on cybersecurity threats from a number of experienced information security team members responsible for various parts of the business periodically and in conjunction with management, regularly reviews risk management measures implemented by the Company to identify and mitigate data protection and cybersecurity risks. Our cybersecurity processes include automated tools and technical safeguards managed and monitored by our cybersecurity team and include mechanisms, controls, technologies, systems, and other processes designed to prevent or mitigate data loss, theft, misuse, or other security incidents or vulnerabilities affecting the data and maintain a stable information technology environment. For example, we regularly conduct penetration and vulnerability testing, security audits, and tabletop exercises. We conduct regular employee training on cybersecurity. We also employ systems and processes designed to oversee, identify, and reduce the potential impact of a security incident at a third-party vendor, service provider or customer that otherwise implicates third-party technology and systems we use. In addition, we consult with outside advisors and experts, when appropriate, to assist with assessing identifying and managing cybersecurity risks, including to anticipate future threats and trends, and their impact on the Company’s risk environment. Due to evolving cybersecurity threats, it has and will continue to be difficult to prevent, detect, mitigate, and remediate cyber incidents. We consider cybersecurity threats, along with other significant risks that we face within our overall enterprise risk management framework. In the last fiscal year, we have not identified risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents, that have materially affected us, but we face certain ongoing cybersecurity risks threats that if realized, are reasonably likely to materially affect us. Additional information on cybersecurity risks we face can be found in Part I, Item 1A “Risk Factors” of this Report.
Company Information
| Name | Leslie’s, Inc. |
| CIK | 0001821806 |
| SIC Description | Retail-Retail Stores, NEC |
| Ticker | LESL - Nasdaq |
| Website | |
| Category | Large accelerated filer |
| Fiscal Year End | September 27 |