NORDSON CORP 10-K Cybersecurity GRC - 2024-12-18

Page last updated on December 18, 2024

NORDSON CORP reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-12-18 17:04:14 EST.

Filings

10-K filed on 2024-12-18

NORDSON CORP filed a 10-K at 2024-12-18 17:04:14 EST
Accession Number: 0000072331-24-000177

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Cybersecurity Risk Management and Strategy Nordson Corporation manages cybersecurity risks by implementing processes for assessment, identification, and mitigation of cybersecurity threats. Nordson’s cybersecurity program is designed to align with the National Institute of Standards and Technology (“NIST”) Cybersecurity Framework, enabling us to develop policies regarding information access, asset protection and personal data security. However, this does not mean that we meet any particular technical standards, specifications or requirements, but rather that we use the NIST Cybersecurity Framework as a guide to help us identify, assess and manage cybersecurity risks and threats relevant to our business. We strive to protect our information assets through key cybersecurity measures, such as the implementation of multifactor authentication and advanced malware defenses, and we collaborate with internal stakeholders to establish layered cybersecurity defenses and restricted access based on business needs. We conduct regular continuous education sessions for our employees on cybersecurity awareness, including confidential information protection and simulated phishing attacks. We engage with experts to assist with regular third-party penetration testing to evaluate our program against industry standards. We also have standing engagements with incident response experts and external counsel to enhance our cybersecurity resilience. We frequently collaborate with cybersecurity experts to share insights on threats, best practices and emerging trends. Our cybersecurity risk management is a critical component of our comprehensive business continuity and enterprise risk management programs. Our information security team regularly collaborates with cross-functional subject matter experts and leaders to assess and enhance our cybersecurity risk posture and preparedness. Management employs the following defense mechanisms throughout the enterprise: employee training program to increase cybersecurity awareness, vulnerability management to identify and address potential weaknesses, multifactor authentication for secure access, tabletop exercises to simulate and prepare for potential incidents, and evaluation of third-party service providers, business partners and cloud suppliers, including through assessments of their cybersecurity practices prior to service utilization. To date, management has not identified any risks from cybersecurity threats, including as a result of previous cybersecurity incidents, that have materially affected or are reasonably likely to materially affect Nordson Corporation, including its business strategy, results of operations or financial condition. See “Item 1A. Risk Factors, Increased information technology threats and cybersecurity incidents and threats could pose a risk to our systems, networks, products, solutions and services and those of our business partners.” above for more information. While we are committed to safeguarding our information and the proprietary and confidential information they contain, we note that no security measures can guarantee complete protection against cybersecurity incidents. Governance The Board of Directors, as a whole, has overarching responsibility for overseeing our strategic and operational risks. The Audit Committee specifically monitors risk management, including cybersecurity threats. Management, led by the Vice President, Information Systems and Technology, regularly reports to the Board of Directors, primarily through the Audit Committee, providing an annual report on specific risks, mitigation efforts, and a review of Nordson’s cybersecurity maturity. Management is responsible for day-to-day assessment and management of cybersecurity threats and risks. Nordson’s Senior Director of Security and Compliance, primarily leads these efforts. The Vice President, Information Systems and Technology is responsible for oversight of Nordson’s entire global IT operations, including the cybersecurity program and brings more than 25 years of experience and leadership across various information technology engineering, business and management roles, including direct oversight of strategic direction, program execution and operational excellence of technology initiatives. Nordson Corporation The Senior Director of Security and Compliance assesses cybersecurity readiness using a variety of tools, including internal assessment tools as well as third-party control tests, vulnerability assessments, audits and evaluation against industry standards. Our security and compliance organization elevates issues relating to cybersecurity to our Chief Executive Officer and Board of Directors, such as potential threats or vulnerabilities. We also seek to prevent, detect, mitigate and remediate cybersecurity incidents by employing various defensive and continuous monitoring techniques using recognized industry frameworks and cybersecurity standards. Our Vice President, Information Systems and Technology meets regularly with the Audit Committee to review our information technology systems and discuss key cybersecurity risks. Additionally, the Director, Internal Audit and Chief Financial Officer presents an overview of our global enterprise risk management program, including cybersecurity risks, to the Audit Committee, which is subsequently reported to the Board of Directors.

Company Information