SANMINA CORP 10-K Cybersecurity GRC - 2024-11-27

Page last updated on November 28, 2024

SANMINA CORP reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-11-27 14:21:11 EST.

Filings

10-K filed on 2024-11-27

SANMINA CORP filed a 10-K at 2024-11-27 14:21:11 EST
Accession Number: 0000897723-24-000056

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk Management and Strategy We have implemented a cybersecurity risk management program based on multiple cybersecurity frameworks, primarily the National Institute of Standards and Technology Cybersecurity Framework (800-171), as well as information security standards issued by international bodies. We use this program, which is integrated into our overall enterprise risk management framework, to help us identify, assess, and manage cybersecurity risks relevant to our business. We employ various measures to help manage our cybersecurity risks, including end-to-end email encryption, two-factor authentication for access to Company applications, strong password requirements and firewall and email protection against malware and phishing campaigns. We augment these protective technologies with security monitoring and detection capabilities to limit the impact of cybersecurity incidents. Our program includes processes designed to identify material risks related to the use of third party service providers, such as cloud service providers. We provide cybersecurity and information security compliance training to relevant employees at least once per year, tracking completion and requiring testing, and conduct simulated phishing campaign tests. We also provide additional specialized training for our security team and for employees with access to certain sensitive information. Our SCI Technology subsidiary has been certified under the U.S. Cybersecurity Maturity Model Certification (CMMC) program. We also engage third-party experts to improve our cybersecurity posture, including through penetration testing. We have adopted a cybersecurity and privacy incident reporting framework to assess and manage cybersecurity incidents, which includes escalation procedures based on the nature and severity of the incident, assessment of public disclosure considerations and reporting to the Audit Committee and the Board. As of the date of this report, we do not believe that any risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, have materially affected or are reasonably likely to materially affect our Company, including our business strategy, results of operations or financial condition. However, despite our security measures, there can be no assurance that we, or third parties with which we interact, will not experience a cybersecurity incident in the future that will materially affect us. For more information on our cybersecurity related risks, see “Item 1A. Risk Factors - Cyberattacks and other disruptions of our information technology network and systems could interrupt our operations, lead to loss of our customer and employee data and subject us to damages.” Governance Our Board has primary responsibility for overseeing risks associated with our information technology, including cybersecurity. Our Board receives regular reports from our Chief Information Officer (“CIO”) regarding our information systems and technology and associated policies, processes and practices for managing and mitigating cybersecurity and technology-related risks. Our Audit Committee oversees our SEC reporting process generally, including with respect to any required disclosures relating to a material cybersecurity event. At the management level, our Vice President, IT Security leads our enterprise-wide cybersecurity program and is primarily responsible for assessing and managing our material risks from cybersecurity threats. In performing his role, the Vice President, IT Security monitors the prevention, detection, mitigation, and remediation of cybersecurity risks and incidents and is a key stakeholder and participant in the Company’s cybersecurity and privacy incident reporting framework described above. Our Vice President, IT Security reports to our CIO who, in turn, reports directly to our Chief Executive Officer. Our Vice President, IT Security is an experienced cybersecurity professional with more than 20 years of experience building and leading cybersecurity, risk management, and information technology teams, and holds industry-recognized cybersecurity certifications, including Certified Information Systems Security Professional (CISSP) certification.

Company Information