Perimeter Solutions, Inc. 10-K Cybersecurity GRC - 2025-02-20

Page last updated on February 20, 2025

Perimeter Solutions, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-02-20 12:27:02 EST.

Filings

10-K filed on 2025-02-20

Perimeter Solutions, Inc. filed a 10-K at 2025-02-20 12:27:02 EST
Accession Number: 0001880319-25-000021

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. Cybersecurity Risk Management and Strategy The Company proactively manages its cybersecurity and data privacy risks with organizational and technical controls including a comprehensive set of policies and procedures for assessing, identifying, and managing material risks from cybersecurity threats which have been integrated into the Company’s overall risk management strategy and processes. The Company seeks to address cybersecurity risks through a comprehensive approach that is focused on implementing robust protective measures, promoting user awareness and education, continuously monitoring for potential threats, and swiftly responding to any security incidents to ensure the confidentiality, integrity, and availability of sensitive information. The Company’s Incident Response Team, which is comprised of members of the finance, legal, information technology and operations teams conduct annual tabletop exercises in which various levels of management participate in simulated data security/privacy scenarios that the Company, its customers, vendors and/or its personnel may face in the future. The Company engages external resources to refresh the subject matter of these exercises and to continually challenge the Company’s management in these exercises. Annual formal training using an online platform is required for all employees. Topics include how to identify suspicious activities and occurrences related to social engineering, phishing, viruses, and insider threats. In addition, we actively engage with key vendors and industry communities as part of our continuing efforts to evaluate and enhance the effectiveness of our information security policies and procedures and have processes in place to oversee and identify the risk of cybersecurity threats associated with our use of these third-party vendors. We generally require third parties to, among other things, maintain security controls to protect our confidential information and data, and notify us of material cybersecurity threats that may impact our business. In 2024, we did not identify any cybersecurity threats, including as a result of any previous cybersecurity incidents, that have materially affected or are reasonably likely to materially affect the Company, including its business strategy, results of operations, or financial condition. Governance Our Board has oversight of our strategic and business risk management and has delegated the oversight of cybersecurity risk management to the Company’s Audit Committee. The Company’s Audit Committee is responsible for overseeing all matters relating to the security of and risks related to the Company’s information technology systems and procedures, including its cybersecurity and other information technology risks. The Audit Committee is responsible for ensuring the Company has processes in place for assessing, identifying and managing material risks from cybersecurity threats. The Company’s information security program is managed by the Company’s Incident Response Team , which is responsible for leading our enterprise-wide cybersecurity strategy, policy, standards, architecture, and processes. Members of the Incident Response Team have extensive global experience in developing and executing information technology 34 Ta b le of Contents strategies. The Incident Response Team, which includes the Chief Financial Officer (“CFO”), in collaboration with the Audit Committee, monitor the prevention, detection, mitigation and remediation of cybersecurity incidents. The CFO provides periodic reports to our Audit Committee, as well as other members of our senior management as appropriate. These reports occur at least annually and include updates on the Company’s cyber risks and threats, the status of projects to strengthen our information security systems, assessments of the information security program, and the emerging threat landscape.

Company Information