ROPER TECHNOLOGIES INC 10-K Cybersecurity GRC - 2025-02-24

Page last updated on February 24, 2025

ROPER TECHNOLOGIES INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-02-24 17:06:17 EST.

Filings

10-K filed on 2025-02-24

ROPER TECHNOLOGIES INC filed a 10-K at 2025-02-24 17:06:17 EST
Accession Number: 0000882835-25-000008

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Roper’s Cybersecurity Program Roper maintains a global Cybersecurity Program supervised by the Vice President of Cybersecurity that outlines required cybersecurity controls for all Roper businesses. Given the decentralized nature of Roper’s operating model, day-to-day management and implementation of the Cybersecurity Program and deployment of the program’s cybersecurity controls are managed locally by each of Roper’s 28 business units, including localized information security management. In addition, because Roper’s businesses generally operate independently and maintain separate infrastructure and systems, we believe the risk of an enterprise-wide cybersecurity incident is somewhat reduced. While cybersecurity technologies and implementation may differ based on the needs and risk profile of each individual business, Roper has also implemented cybersecurity tools and managed services to centrally monitor certain aspects of the Cybersecurity Program. Roper deploys cybersecurity practices and tools across all of its businesses designed to protect data, maintain resilient operations, and limit the impact of cybercrime. We deploy a Managed Detection and Response solution across all of our business units and our Corporate infrastructure designed to address the detection, response, and remediation effectiveness for cybersecurity threats. This solution is intended to provide real-time visibility of the endpoint footprint across the enterprise, including patch management and vulnerabilities, device encryption, and cybersecurity threats and detections. Additionally, this solution is designed to provide real-time monitoring of identity-based attacks, as well as monitoring of the deep, dark and social webs for cybersecurity threats targeting Roper’s businesses. The Cybersecurity Program includes controls designed to oversee and identify risks from cybersecurity threats associated with third parties as they are leveraged by Roper’s businesses in their respective software code development processes or for other purposes that require third-party access to critical infrastructure. The controls include, as appropriate, regularly assessing management of access controls and the cybersecurity risks posed by third parties. Roper performs cybersecurity risk assessments to assess compliance with mandated cybersecurity controls and to assess the likelihood and impact of specific cyberattacks. Cybersecurity risk assessments are periodically performed to assess internal compliance with cybersecurity strategy and the implementation of cybersecurity controls, which would include the validation of cybersecurity control implementation through testing. Areas identified for enhancement and improvement are monitored and tracked to remediation by the Roper cybersecurity team, including the Vice President of Cybersecurity. Cybersecurity risk is also addressed in, and monitored by, the Company’s enterprise risk management program. We maintain a centralized incident response process with a third-party forensic partner on retainer. In addition, we have cybersecurity insurance policies in place. Roper maintains a Cybersecurity Incident Response Plan (“CSIRP”), which requires each Roper business to designate a Cybersecurity Incident Response Team that is responsible for receiving, reviewing, and responding to cybersecurity incident reports and activities. Cybersecurity incidents are required to be promptly reported to the Roper cybersecurity team, who then monitors such incidents through their resolution. We work on security awareness with our employees throughout the year with annual cybersecurity training and monthly simulated phishing campaigns to better identify and report unusual behavior and to mitigate the likelihood and impact of possible cybersecurity incidents. Cybersecurity Governance The Cybersecurity Program is supervised by Roper’s Vice President of Cybersecurity , who has related experience including cybersecurity, IT, Cloud, and Security Compliance . The Vice President of Cybersecurity has obtained a B.S. in Management Information Systems, a Master’s in Business Administration, and a Master’s in Management Information Systems. She also maintains the following industry cybersecurity certifications: CISA, CISSP, GSEC, GCED, GSA, and a Boardroom Certified Qualified Technology Expert (QTE). Our Board of Directors (the “Board”) has not delegated responsibility for cybersecurity matters to a committee. Rather, the Board believes that due to the importance and continually evolving nature of risks from cybersecurity threats, all members of the Board should participate in the oversight of these topics. As a result, management briefs the Board on cybersecurity matters during regularly scheduled Board meetings. Roper’s Vice President of Audit Services also periodically briefs the Audit Committee on cybersecurity matters and related risks, as needed. The Vice President of Audit Services also reports to the Audit Committee on matters, including cybersecurity matters, that are addressed and monitored pursuant to the Company’s enterprise risk management program. Roper has also established a Cyber Disclosure Committee chaired by the Vice President of Cybersecurity to track and evaluate potentially material cybersecurity incidents and to assess their potential impact on the organization. This process builds upon 17 the CSIRP and provides a framework for Roper management to monitor potentially material cybersecurity incidents. The Cyber Disclosure Committee reports its activities and findings, as appropriate, to the Chief Executive Officer, Chief Financial Officer, Principal Accounting Officer, and General Counsel, and, if appropriate, to the Board of Directors. Although we have experienced cybersecurity incidents, these incidents have not materially affected Roper, including its business strategy, results of operations, or financial condition. See “Item 1A. Risk Factors, We rely on information and technology, including third-party cloud computing platforms and other third-party business partners, for many of our business operations which could fail and cause disruption to our business operations.” above for more information. While we work to maintain our Cybersecurity Program, there can be no assurance that such actions will be sufficient to prevent cybersecurity incidents or mitigate all risks from cybersecurity threats or potential risks to such systems, networks, and data or those of our third-party providers.

Company Information