Page last updated on December 20, 2024
Broadcom Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-12-20 17:26:46 EST.
Filings
10-K filed on 2024-12-20
Broadcom Inc. filed a 10-K at 2024-12-20 17:26:46 EST
Accession Number: 0001730168-24-000139
Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!
Item 1C. Cybersecurity.
ITEM 1C. CYBERSECURITY Risk Management and Strategy Our cybersecurity risk management program is intended to protect the confidentiality, integrity and availability of our critical systems and information. Our program includes processes for identifying, assessing and managing material risks from cybersecurity threats that are guided by the National Institute of Standards & Technology’s Cyber Security Framework, the ISO 27001 international standard for information security and other applicable industry benchmarks. Our cybersecurity risk management program is integrated into our overall enterprise risk management system and processes, and includes: - a team of professionals within our Global Technology Organization team who are responsible for identifying and mitigating cybersecurity risks and managing our security controls and response activities; - risk assessment processes designed to identify cybersecurity risks to our critical systems, information, products, services and our broader enterprise IT environment; - an annual tabletop exercise to simulate a response to a cybersecurity incident; and - mandatory training annually and upon hiring for all employees on data privacy and cybersecurity topics. When appropriate, we utilize independent, external service providers to assess, test or otherwise assist with certain aspects of our cybersecurity risk management program and related processes, including for penetration testing, threat monitoring and incident response. We also employ a vendor risk assessment process to mitigate risks presented by certain third-party service providers, and we require such providers to manage their cybersecurity risks in conformance to industry standards, notify us of relevant cybersecurity events and satisfy additional contractual requirements. As of the date of this Annual Report on Form 10-K, we are not aware of any risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, that have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations, or financial condition. See Item 1A. Risk Factors, “Cyber security threats or other security breaches, or any other impairment of the confidentiality, integrity or availability of our IT systems, or those of one or more of our corporate infrastructure vendors, could have a material adverse effect on our business” in this Annual Report on Form 10-K for additional information about our cybersecurity-related risks. Cybersecurity Governance Our Board of Directors is actively involved in overseeing our cybersecurity risk management and shares oversight responsibility and processes with the Audit Committee of the Board of Directors (the “Audit Committee”). Our management, including our Chief Information Officer (“CIO”), in consultation with our Chief Information Security Officer (“CISO”), reviews with the Audit Committee at least quarterly our cybersecurity security policies, practices and protective measures, threat intelligence, cybersecurity incidents and related risks. At least quarterly, our CIO also provides the Audit Committee with an update on our enterprise security program that includes procedures and policies for testing vulnerabilities, responding to cybersecurity threats, and training and evaluating our employees. The Audit Committee and management also update our Board of Directors at least quarterly on our cybersecurity performance and risk profile and the effectiveness of our cybersecurity processes. Our management, including our CIO and CISO, are responsible for assessing and managing material risks from cybersecurity threats. Our CIO oversees our Global Technology Organization that has primary responsibility for our overall cybersecurity risk management program. Our CIO, who reports to our Chief Executive Officer, has over 20 years of experience managing global IT operations, including strategy, applications, infrastructure, information security, support and execution. Our CISO, who reports to the CIO, has approximately 30 years of cybersecurity experience assessing and managing cybersecurity programs. Our management is informed about and monitors the prevention, detection, mitigation, and remediation of cybersecurity risks and incidents through various means, which may include, among other things, threat intelligence and other information obtained from governmental, public or private sources, including external consultants engaged by us, and alerts and reports produced by security tools deployed in our IT environment.
Company Information
| Name | Broadcom Inc. |
| CIK | 0001730168 |
| SIC Description | Semiconductors & Related Devices |
| Ticker | AVGO - Nasdaq |
| Website | |
| Category | Large accelerated filer |
| Fiscal Year End | November 2 |