Page last updated on December 27, 2024
INGLES MARKETS INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-12-27 16:15:01 EST.
Filings
10-K filed on 2024-12-27
INGLES MARKETS INC filed a 10-K at 2024-12-27 16:15:01 EST
Accession Number: 0000050493-24-000018
Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!
Item 1C. Cybersecurity.
Item 1C. CYBERSECURITY The Company has processes in place to identify, assess and manage risks from information security vulnerabilities and cybersecurity threats. The Company maintains and updates tools, controls, technologies, methods, systems and other processes that are designed to prevent, detect, escalate, investigate, mitigate and remediate data loss, theft, misuse, unauthorized access or other security incidents or vulnerabilities that may affect the Company’s information systems and data. The Company uses an enterprise vulnerability management platform to scan IT assets and report any known vulnerabilities associated with such IT assets. This platform enables the Company’s Information Security Team to identify and prioritize solutions necessary to remediate any identified vulnerabilities. The Company’s policies require that remediation be performed in a timely manner, including the completion of follow-up scanning to confirm the remediation of any identified vulnerabilities. Further, the Company’s incident response program enables the identification and management of information security threats, risks and incidents. The incident response program is powered by technology that enables threat and event correlation across enterprise systems, user behavior analytics, anomalous behavior identification, network detection and response, end point detection and response, and an incident tracking system. The Company promptly engages the Computer Security Incident Response Team (“CSIRT”) if a security incident is observed. The CSIRT is composed of lead personnel from the Company’s IT department and employees who have been trained on the handling of information security incidents. The CSIRT may also engage third party incident response investigators that are on retainer to assist in incident response. The Company uses the National Institute of Standards and Technology’s Cybersecurity Framework (NIST CSF) as a guide for cyber risk management. The Center for Internet Security (CIS) Benchmarks and the Payment Card Industry (PCI) Security Standards are also followed to ensure compliance with the Payment Card Industry Data Security Standard (PCI-DSS) and to assist with managing risk. The Company has information technology security practices designed to protect its information technology systems and data and to monitor for potential cybersecurity threats. These practices are integrated into the Company’s risk management framework and include: Cybersecurity controls embedded in the Company’s information technology systems; Regular implementation of changes to the Company’s information technology systems to address potential threats and vulnerabilities; Incident response program, including proactive simulations to identify and manage cybersecurity threats, risks and incidents; Participation in industry forums and collaboration with peers; and Security awareness and data protection training for applicable employees. Additionally, the Company assesses and manages cybersecurity threats associated with its third party service providers’ information technology systems that could compromise the Company’s information security or data. Identified cybersecurity threats are communicated to management for review, response and mitigation as appropriate. The Company evaluates risk associated with the engagement of any third-party through a lifecycle-based approach, conducting risk-based due diligence before an engagement, using contractual provisions to address risk, and, for certain third-parties, engaging in architectural review and validation prior to an engagement. The Company has an Information Security Team composed of employees and a managed detection and response partner providing 24/7 coverage. Additionally, the Company utilizes third parties to assist with penetration testing, attack simulation, threat intelligence reporting, detection and incident response, as well as review and enhancement of associated response plans and processes. The Company’s Vice President of Information Technology, Director of Information Security, Director of Systems Engineering, and Director of Retail Platforms manage the Company’s information security policies and have oversight of our cybersecurity systems and methodologies risks, as well as assessing and managing cybersecurity risk. The Director of Information Security holds cybersecurity certifications as a Certified Information Systems Security Professional and GIAC Penetration Tester. Risk is evaluated on an ongoing basis to determine the likelihood and magnitude of a potential impact. In addition, the Director of Internal Audit is a Certified Internal Auditor and is actively involved in the annual internal general IT controls audit and partners with a third party to assist. The results of all internal audits, including information technology issues, are shared with the Company’s Audit Committee of the Board of Directors which reports to the full Board of Directors. The Company is constantly evolving its information security strategy and responses for new and emerging threats. As of the date of this Annual Report on Form 10-K, the Company has not encountered risks from cybersecurity threats that have materially affected, or are reasonably likely to materially affect, the Company’s business strategy, results of operations or financial position. 14
Company Information
Name | INGLES MARKETS INC |
CIK | 0000050493 |
SIC Description | Retail-Grocery Stores |
Ticker | IMKTA - Nasdaq |
Website | |
Category | Large accelerated filer |
Fiscal Year End | September 27 |