Inotiv, Inc. 10-K Cybersecurity GRC - 2024-12-04

Page last updated on December 4, 2024

Inotiv, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-12-04 17:14:36 EST.

Filings

10-K filed on 2024-12-04

Inotiv, Inc. filed a 10-K at 2024-12-04 17:14:36 EST
Accession Number: 0001628280-24-049947

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C - CYBERSECURITY Cybersecurity Risk Management and Strategy Inotiv’s cybersecurity risk management framework is grounded in external standards, specifically those of the National Institute of Standards and Technology (NIST) and the Center for Internet Security (CIS). These guidelines provide a strong, structured foundation designed to systematically protect business operations, customer data, and intellectual property in an environment of rapidly evolving cyber threats. We deploy a multifaceted security strategy that includes multi-factor authentication (MFA), advanced malware defenses, and comprehensive endpoint protection supported by Extended Detection and Response (XDR) technology. Additionally, we leverage the expertise of a third-party provider of Managed XDR services, which provides continuous monitoring across our environment to respond swiftly to potential security events. To reinforce our commitment to cybersecurity, we engage in regular third-party assessments and testing to validate and strengthen our defenses. Independent experts review our incident response and disaster recovery plans, evaluating our capacity to respond to cyber incidents and restore business continuity under adverse conditions. We further enhance our security posture by commissioning robust internal and external penetration tests conducted by third-party providers. These assessments rigorously evaluate our systems for potential vulnerabilities, enabling us to mitigate threats proactively and strengthen resilience against both known and emerging threats. By staying aligned with industry standards and engaging expert resources, we continuously adapt Inotiv’s cybersecurity practices to meet today’s challenges and anticipate future risks. Our organization employs a comprehensive process to oversee and identify cyber threats associated with third-party service providers. For critical systems that handle confidential data, we conduct annual third-party security reviews to evaluate and mitigate potential risks. These reviews include a multifaceted approach combining security questionnaires, in-depth manual assessments of vendor security practices, and automated rating systems to assess vendors’ cybersecurity postures. Governance of Cybersecurity Management Our cybersecurity governance structure is specifically designed to provide a clear chain of responsibility and accountability for assessing, managing, and mitigating cybersecurity risks. The Vice President of Information Security, who reports directly to the Chief Technology Officer (“CTO”), a member of our Executive Committee, leads our cybersecurity initiatives. Together, the Vice President of Information Security and the CTO bring a combined 50 years of technology experience with over 20 years dedicated to IT and security leadership. The Vice President of Information Security is tasked with overseeing cybersecurity risk assessments, implementing strategic security initiatives, and ensuring alignment with evolving regulatory requirements. The Vice President of Information Security provides weekly briefings to the CTO. Additionally, the Vice President of Information Security presents updates to the Executive Committee and the Board of Directors at least annually, although these updates generally occur on a quarterly basis. These presentations cover critical security issues and significant emerging threats. The Board of Directors, through its Audit Committee, is responsible for the oversight of Inotiv’s cybersecurity risk management practices. The Audit Committee reviews and assesses our approach to risk management, including risk associated with cybersecurity, against industry standards and regulatory obligations. We believe this governance structure is integral to maintaining high-level visibility and accountability across all levels of leadership. By providing the Board of Directors with regular and detailed updates on cybersecurity initiatives and significant developments in the threat landscape, we foster transparency and maintain cybersecurity as a central priority within the organization. The Board of Directors’ involvement in cybersecurity governance underscores our commitment to safeguarding our operations and stakeholders from digital risks. With dedicated oversight from both executive leadership and the Board of Directors, we integrate cybersecurity into our risk management and governance frameworks. To date, there have not been any previous cybersecurity incidents that materially affected, or are reasonably likely to materially affect, us. However, we are subject to ongoing risks from cybersecurity threats that could materially affect us, including our business strategy, results of operations, or financial condition, as further described in Item 1A. Risk Factors - Risks Related to Technology and Cybersecurity .

Company Information