Mission Produce, Inc. 10-K Cybersecurity GRC - 2024-12-19

Page last updated on December 19, 2024

Mission Produce, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-12-19 16:19:39 EST.

Filings

10-K filed on 2024-12-19

Mission Produce, Inc. filed a 10-K at 2024-12-19 16:19:39 EST
Accession Number: 0001802974-24-000053

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity and Information Technology Our Board of Directors considers cybersecurity risk to be an important potential risk to our business. The Board of Directors has delegated to the Audit Committee oversight of cybersecurity and other information technology risks affecting the Company. The Audit Committee periodically evaluates our cybersecurity strategy to ensure its effectiveness. Management provides regular reports to the Audit Committee and the Board of Directors regarding cybersecurity and other information technology risks. Our Chief Information Officer oversees our information security program . His teams are responsible for leading enterprise-wide cyber resilience strategy, policy, standards, architecture, and processes. We devote significant resources to protecting and continuing to improve the security of our computer systems, software, networks, and other technology assets. Our security efforts are designed to preserve the confidentiality, integrity, and continued availability of all information owned by, or in the care of, the Company and protect against, among other things, cybersecurity attacks by unauthorized parties attempting to obtain access to confidential information, destroy data, disrupt, or degrade service, sabotage systems, or cause other damage. Our information security program is integrated into our overall enterprise risk management program and shares common reporting channels and governance processes that apply to other legal, compliance, strategic, operational, and financial risk areas. We identify and address information security risks by employing a defense-in-depth methodology that provides multiple, redundant defensive measures and prescribes actions to take in case a security control fails or a vulnerability is exploited. We leverage internal resources, along with strategic external partnerships, to mitigate cybersecurity threats to the Company. We have partnerships for Security Operations Center (SOC) services and various third-party assessments . We deploy both commercially available solutions and proprietary systems to manage threats to our information technology environment actively. Certain of our information technology applications are externally audited as part of our Sarbanes-Oxley audit program and our controls include information security standards. We design and assess our information security program based on the National Institute of Standards and Technology Cyber Security Framework (NIST CSF). This does not imply that we meet any particular technical standards, specifications, or requirements, only that we use the NIST CSF as a guide to help us identify, assess, and manage cybersecurity risks relevant to our business. We regularly engage appropriate external resources regarding emerging threats to navigate the diverse cybersecurity landscape. In addition to ensuring adequate safeguards are in place to minimize the chance of a successful cyber-attack, the Company has established well-defined response procedures to effectively address cyber events that may occur despite these robust safeguards. These response procedures are designed to identify, analyze, contain, and remediate such cyber incidents to ensure a timely, consistent, and compliant response to actual or attempted data incidents impacting the Company. The Company devotes appropriate resources and enlists partners to adapt to the evolving threat landscape. The Company takes data protection seriously and ensures employees understand their role in keeping the Company safe from cyber-attacks. We employ a robust information security and training program for our employees, including mandatory computer-based training, regular internal communications, and ongoing end-user testing to measure the effectiveness of our information security program. As part of this commitment, we require our employees to complete a Cybersecurity Awareness eCourse and acknowledge our Information Security policies. In addition, we have an established schedule and process for regular phishing awareness campaigns that are designed to emulate real-world contemporary threats and provide immediate feedback (and, if necessary, additional training or remedial action) to employees. We have experienced no material information security breaches in the last three years. As such, we have not spent any material amount of capital on addressing information security breaches in the last three years, nor have we incurred any material expenses from penalties and settlements related to a material breach during this same time. We also carry third-party cybersecurity insurance. 17

Company Information