Super Micro Computer, Inc. 10-K Cybersecurity GRC - 2025-02-25

Page last updated on February 25, 2025

Super Micro Computer, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-02-25 16:43:51 EST.

Filings

10-K filed on 2025-02-25

Super Micro Computer, Inc. filed a 10-K at 2025-02-25 16:43:51 EST
Accession Number: 0001375365-25-000004

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk Management and Strategy We have in place certain infrastructure, systems, policies, and procedures that are designed to proactively and reactively address risks from cybersecurity threats. Our information security management program seeks to follow processes set forth in recognized industry standards, and we evaluate and evolve our security measures as appropriate. We maintain a cybersecurity incident response plan that we periodically practice and update as needed. The identification, assessment and management of cybersecurity risk is integrated into our overall enterprise risk management program that is ultimately overseen by the Board. We consult with external parties, such as third-party cybersecurity firms, to provide, among other things, monitoring of systems, threat intelligence, and employee cybersecurity training. We also use third parties to assist our risk management processes by conducting security assessments. SMCI | 2024 Form 10-K | 43 We have a vendor risk assessment process to oversee and identify risks from cybersecurity threats associated with our use of third-party service providers. These processes consist of the distribution and review of questionnaires designed to identify cybersecurity risks associated with the engagement of third parties. We also periodically audit cybersecurity practices of certain third-party service providers. We employ a number of protective measures, including firewalls, anti-virus and endpoint detection and response technologies, regular annual training of employees with respect to cybersecurity and testing employee competence with anti-phishing policies followed up by additional remedial training as needed. While there have been cyber incidents in the past, none of these incidents, individually or in aggregate, had a material adverse effect on our business strategy, operations, or financial conditions. Refer to “Risk factors” in Item 1A of this Form 10-K for additional information about cybersecurity-related risks. Governance As part of its broader risk oversight activities, our Board maintains oversight of cybersecurity matters, including managing and assessing risks from cybersecurity threats. The Audit Committee also reviews the adequacy and effectiveness of our information security policies and practices and the internal controls regarding information security risks. The Audit Committee receives updates relating to cybersecurity risk from management, including from our Director of Information Security. The Board also periodically receives reports on risks from cybersecurity threats from our Director of Information Security. Cybersecurity risk is primarily managed by our Directors of Information Security and Information Technology. These individuals have decades of experience in managing cybersecurity risk for public companies. Additionally, we have established a cross-functional Cybersecurity Committee, consisting of executive-level leadership, including representatives from the Finance, Marketing, IT, Legal, Internal Audit, and other teams, that meets periodically to review cybersecurity risks, incidents, and assess emerging threats. The Committee is also informed of our responses to such risks, incidents and threats. Our cybersecurity incident response plan also contains mechanisms to notify executive management of cybersecurity incidents. As part of the plan, an executive-level leadership team may be activated and can act to direct our response efforts, to include mitigation and remediation activities, when appropriate.

Company Information