Page last updated on March 3, 2025
PERRIGO Co plc reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-02-28 13:27:22 EST.
Filings
10-K filed on 2025-02-28
PERRIGO Co plc filed a 10-K at 2025-02-28 13:27:22 EST
Accession Number: 0001585364-25-000014
Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!
Item 1C. Cybersecurity.
Item 1C Cybersecurity ITEM 1C. CYBERSECURITY RISK MANAGEMENT AND STRATEGY Cybersecurity is an important part of our risk management program and an area of increasing focus for our Board of Directors and management. We use a risk-based approach to identify, assess, protect, detect, respond to and recover from cybersecurity threats. While management is responsible for the day to day risk management, the Board of Directors, is responsible for the Company’s overall risk oversight function, including cybersecurity risks. The Nominating & Governance Committee (“NGC”) supports the Board of Directors by overseeing cybersecurity risks, policies and objectives. The Audit Committee supports the Board of Directors in overseeing the framework for risk assessments and enterprise risk management (“ERM”) process. The Company’s cybersecurity policies, standards and processes are designed and implemented in light of the requirements of the National Institute of Standards and Technology (“NIST”) frameworks for cybersecurity and privacy. Recognizing that no single technology, process or business control can effectively prevent or mitigate all risks, we employ multiple technologies, processes and controls, all working as part of a cohesive strategy to minimize risk including the following: - We emphasize security and resiliency through business assurance capabilities and incident response plans designed to identify, evaluate, and remediate incidents when they occur. We regularly review and update our plans, policies and technologies and conduct regular training exercises and crisis management preparedness activities to test their effectiveness. - Perrigo leverages the NIST cybersecurity framework to measure the capability of its cybersecurity program and we conduct third party assessments to measure the NIST ratings. - We maintain a cybersecurity risk register which is reviewed periodically with relevant stakeholders. Risks that are higher in impact are included within our Enterprise Risk Register which is reviewed with Executive Leadership and the Board of Directors. - Our processes used to identify, assess, protect, detect, respond to and recover from cybersecurity threats is regularly tested by external parties through penetration testing, and other exercises designed to assess and test our cybersecurity health, resiliency and the effectiveness of our program. - Management invests in organization capability and technology to manage and identify cybersecurity and information security risks. Our Company has information security employees across the globe, enabling us to monitor and promptly respond to threats and incidents, identify and maintain oversight of cybersecurity risks associated with third parties, evaluate and deploy cybersecurity technologies, and educate associates on cybersecurity risks. - We maintain cyber insurance coverage to help mitigate possible costs associated with a potential incident. - We have implemented an information and cybersecurity awareness program designed to educate and test employee maturity at least annually, and regularly throughout the year employees receive training regarding phishing and other threat actor schemes, the inherent risks involved in human interaction with information and operational technology, and new and emerging technologies. We have processes in place designed to allow us to oversee and identify risks from cybersecurity threats associated with our use of third party service providers and suppliers through our Supplier Cyber Risk Assessment process, which assesses third-party cybersecurity controls through a combination of risk assessment questionnaires, commercially available risk data and security rating platforms. We also include cybersecurity and information security language in our contracts where applicable. We require our suppliers and partners to report cybersecurity incidents to us so that we can assess the impact of such an incident on us and have dedicated processes to respond to cybersecurity incidents at third parties. We have established processes to contain the impact of potential security incidents on Perrigo’s third party service providers. 33 Perrigo Company plc - Item 1C Cybersecurity As of December 31, 2024, we are unaware of any risks from cybersecurity threats (including previous cybersecurity incidents) that may have materially affected or are reasonably likely to materially affect the Company’s business strategy, results of operations or financial condition. We have experienced and may continue to experience cybersecurity incidents; however, w e do not believe any cybersecurity incidents incurred to date have materially affected our Company, including our business strategy, results of operations, or financial condition. While we continue to employ resources to monitor our systems and protect our infrastructure, these measures may prove insufficient, and that could subject us to significant risks. For further discussion of how these and other potential cybersecurity risks may impact our business, refer to the risk factor under heading " A cybersecurity breach, disruption or misuse of our information systems, or our external business partners’ information systems could have a material adverse effect on our business" in Item 1A. Risk Factors - Operational Risks . GOVERNANCE Our overall information security efforts are led by the Chief Information Security Officer (“CISO”) . The CISO has substantial experience in cybersecurity, including knowledge, skills, certifications, and background in the field. The CISO holds several key certifications including Certified Information Systems Security Professional (“CISSP”), Certified Secure Software Lifecycle Professional (“CSSLP”) and Certified Ethical Hacker (“CeH”). While management is responsible for day-to-day risk management, the Board of Directors is responsible for the Company’s overall risk oversight function, including cybersecurity risks, and includes oversight by several committees. The NGC, comprised solely of independent directors, supports the Board of Directors by overseeing cybersecurity risks, policies and objectives. As a part of its duties, the NGC regularly provides reports to the full Board of Directors. The NGC routinely engages with the Chief Financial Officer (“CFO”), the CISO and Senior Vice President on a range of cybersecurity-related topics, including threats to the environment and vulnerability assessments, policies and practices, technology trends and regulatory developments. The NGC conducts regular committee meetings prior to each regular Board of Directors meeting and convenes additional sessions as necessary to address a specific cybersecurity threat. Perrigo has an incident response team comprised of the CISO and senior leadership from Legal, Human Resources and Finance. We have a formalized breach management protocol and playbooks that are tested periodically. Perrigo uses a panel of forensic and third party service providers to assist the Company with its response in the event of a cybersecurity incident. We employ escalation procedures designed to notify management of certain specific cybersecurity threats or incidents. If deemed appropriate, management will notify the NGC, which may convene to discuss the cybersecurity threat before reporting to the Board of Directors on the matter. ITEM 2. PROPERTIES Our world headquarters is located in Dublin, Ireland, and our North American base of operations is located in Grand Rapids, Michigan. We manufacture products at 16 worldwide locations and have R&D, logistics, and office support facilities in many of the regions in which we operate. We own approximately 80% of our facilities and lease the remainder. Our primary facilities by geographic area were as follows at December 31, 2024: Country Number of Facilities Segment(s) Supported Ireland 1 CSCA, CSCI United States 40 CSCA, CSCI France 6 CSCI Belgium 3 CSCI China 4 CSCA United Kingdom 4 CSCI Germany 3 CSCI Switzerland 3 CSCI Austria 3 CSCI Greece 2 CSCI Spain 2 CSCI We believe that our production facilities are adequate to support the business, and our property and equipment are well maintained. Our manufacturing plants are suitable for their intended purposes and have capacities for current and near term projected needs of our existing products. 34 Perrigo Company plc -
ITEM 1C. CYBERSECURITY RISK MANAGEMENT AND STRATEGY Cybersecurity is an important part of our risk management program and an area of increasing focus for our Board of Directors and management. We use a risk-based approach to identify, assess, protect, detect, respond to and recover from cybersecurity threats. While management is responsible for the day to day risk management, the Board of Directors, is responsible for the Company’s overall risk oversight function, including cybersecurity risks. The Nominating & Governance Committee (“NGC”) supports the Board of Directors by overseeing cybersecurity risks, policies and objectives. The Audit Committee supports the Board of Directors in overseeing the framework for risk assessments and enterprise risk management (“ERM”) process. The Company’s cybersecurity policies, standards and processes are designed and implemented in light of the requirements of the National Institute of Standards and Technology (“NIST”) frameworks for cybersecurity and privacy. Recognizing that no single technology, process or business control can effectively prevent or mitigate all risks, we employ multiple technologies, processes and controls, all working as part of a cohesive strategy to minimize risk including the following: - We emphasize security and resiliency through business assurance capabilities and incident response plans designed to identify, evaluate, and remediate incidents when they occur. We regularly review and update our plans, policies and technologies and conduct regular training exercises and crisis management preparedness activities to test their effectiveness. - Perrigo leverages the NIST cybersecurity framework to measure the capability of its cybersecurity program and we conduct third party assessments to measure the NIST ratings. - We maintain a cybersecurity risk register which is reviewed periodically with relevant stakeholders. Risks that are higher in impact are included within our Enterprise Risk Register which is reviewed with Executive Leadership and the Board of Directors. - Our processes used to identify, assess, protect, detect, respond to and recover from cybersecurity threats is regularly tested by external parties through penetration testing, and other exercises designed to assess and test our cybersecurity health, resiliency and the effectiveness of our program. - Management invests in organization capability and technology to manage and identify cybersecurity and information security risks. Our Company has information security employees across the globe, enabling us to monitor and promptly respond to threats and incidents, identify and maintain oversight of cybersecurity risks associated with third parties, evaluate and deploy cybersecurity technologies, and educate associates on cybersecurity risks. - We maintain cyber insurance coverage to help mitigate possible costs associated with a potential incident. - We have implemented an information and cybersecurity awareness program designed to educate and test employee maturity at least annually, and regularly throughout the year employees receive training regarding phishing and other threat actor schemes, the inherent risks involved in human interaction with information and operational technology, and new and emerging technologies. We have processes in place designed to allow us to oversee and identify risks from cybersecurity threats associated with our use of third party service providers and suppliers through our Supplier Cyber Risk Assessment process, which assesses third-party cybersecurity controls through a combination of risk assessment questionnaires, commercially available risk data and security rating platforms. We also include cybersecurity and information security language in our contracts where applicable. We require our suppliers and partners to report cybersecurity incidents to us so that we can assess the impact of such an incident on us and have dedicated processes to respond to cybersecurity incidents at third parties. We have established processes to contain the impact of potential security incidents on Perrigo’s third party service providers. 33 Perrigo Company plc - Item 1C Cybersecurity As of December 31, 2024, we are unaware of any risks from cybersecurity threats (including previous cybersecurity incidents) that may have materially affected or are reasonably likely to materially affect the Company’s business strategy, results of operations or financial condition. We have experienced and may continue to experience cybersecurity incidents; however, w e do not believe any cybersecurity incidents incurred to date have materially affected our Company, including our business strategy, results of operations, or financial condition. While we continue to employ resources to monitor our systems and protect our infrastructure, these measures may prove insufficient, and that could subject us to significant risks. For further discussion of how these and other potential cybersecurity risks may impact our business, refer to the risk factor under heading " A cybersecurity breach, disruption or misuse of our information systems, or our external business partners’ information systems could have a material adverse effect on our business" in Item 1A. Risk Factors - Operational Risks . GOVERNANCE Our overall information security efforts are led by the Chief Information Security Officer (“CISO”) . The CISO has substantial experience in cybersecurity, including knowledge, skills, certifications, and background in the field. The CISO holds several key certifications including Certified Information Systems Security Professional (“CISSP”), Certified Secure Software Lifecycle Professional (“CSSLP”) and Certified Ethical Hacker (“CeH”). While management is responsible for day-to-day risk management, the Board of Directors is responsible for the Company’s overall risk oversight function, including cybersecurity risks, and includes oversight by several committees. The NGC, comprised solely of independent directors, supports the Board of Directors by overseeing cybersecurity risks, policies and objectives. As a part of its duties, the NGC regularly provides reports to the full Board of Directors. The NGC routinely engages with the Chief Financial Officer (“CFO”), the CISO and Senior Vice President on a range of cybersecurity-related topics, including threats to the environment and vulnerability assessments, policies and practices, technology trends and regulatory developments. The NGC conducts regular committee meetings prior to each regular Board of Directors meeting and convenes additional sessions as necessary to address a specific cybersecurity threat. Perrigo has an incident response team comprised of the CISO and senior leadership from Legal, Human Resources and Finance. We have a formalized breach management protocol and playbooks that are tested periodically. Perrigo uses a panel of forensic and third party service providers to assist the Company with its response in the event of a cybersecurity incident. We employ escalation procedures designed to notify management of certain specific cybersecurity threats or incidents. If deemed appropriate, management will notify the NGC, which may convene to discuss the cybersecurity threat before reporting to the Board of Directors on the matter. ITEM 2. PROPERTIES Our world headquarters is located in Dublin, Ireland, and our North American base of operations is located in Grand Rapids, Michigan. We manufacture products at 16 worldwide locations and have R&D, logistics, and office support facilities in many of the regions in which we operate. We own approximately 80% of our facilities and lease the remainder. Our primary facilities by geographic area were as follows at December 31, 2024: Country Number of Facilities Segment(s) Supported Ireland 1 CSCA, CSCI United States 40 CSCA, CSCI France 6 CSCI Belgium 3 CSCI China 4 CSCA United Kingdom 4 CSCI Germany 3 CSCI Switzerland 3 CSCI Austria 3 CSCI Greece 2 CSCI Spain 2 CSCI We believe that our production facilities are adequate to support the business, and our property and equipment are well maintained. Our manufacturing plants are suitable for their intended purposes and have capacities for current and near term projected needs of our existing products. 34 Perrigo Company plc -
Item 1C Cybersecurity As of December 31, 2024, we are unaware of any risks from cybersecurity threats (including previous cybersecurity incidents) that may have materially affected or are reasonably likely to materially affect the Company’s business strategy, results of operations or financial condition. We have experienced and may continue to experience cybersecurity incidents; however, w e do not believe any cybersecurity incidents incurred to date have materially affected our Company, including our business strategy, results of operations, or financial condition. While we continue to employ resources to monitor our systems and protect our infrastructure, these measures may prove insufficient, and that could subject us to significant risks. For further discussion of how these and other potential cybersecurity risks may impact our business, refer to the risk factor under heading " A cybersecurity breach, disruption or misuse of our information systems, or our external business partners’ information systems could have a material adverse effect on our business" in Item 1A. Risk Factors - Operational Risks . GOVERNANCE Our overall information security efforts are led by the Chief Information Security Officer (“CISO”) . The CISO has substantial experience in cybersecurity, including knowledge, skills, certifications, and background in the field. The CISO holds several key certifications including Certified Information Systems Security Professional (“CISSP”), Certified Secure Software Lifecycle Professional (“CSSLP”) and Certified Ethical Hacker (“CeH”). While management is responsible for day-to-day risk management, the Board of Directors is responsible for the Company’s overall risk oversight function, including cybersecurity risks, and includes oversight by several committees. The NGC, comprised solely of independent directors, supports the Board of Directors by overseeing cybersecurity risks, policies and objectives. As a part of its duties, the NGC regularly provides reports to the full Board of Directors. The NGC routinely engages with the Chief Financial Officer (“CFO”), the CISO and Senior Vice President on a range of cybersecurity-related topics, including threats to the environment and vulnerability assessments, policies and practices, technology trends and regulatory developments. The NGC conducts regular committee meetings prior to each regular Board of Directors meeting and convenes additional sessions as necessary to address a specific cybersecurity threat. Perrigo has an incident response team comprised of the CISO and senior leadership from Legal, Human Resources and Finance. We have a formalized breach management protocol and playbooks that are tested periodically. Perrigo uses a panel of forensic and third party service providers to assist the Company with its response in the event of a cybersecurity incident. We employ escalation procedures designed to notify management of certain specific cybersecurity threats or incidents. If deemed appropriate, management will notify the NGC, which may convene to discuss the cybersecurity threat before reporting to the Board of Directors on the matter. ITEM 2. PROPERTIES Our world headquarters is located in Dublin, Ireland, and our North American base of operations is located in Grand Rapids, Michigan. We manufacture products at 16 worldwide locations and have R&D, logistics, and office support facilities in many of the regions in which we operate. We own approximately 80% of our facilities and lease the remainder. Our primary facilities by geographic area were as follows at December 31, 2024: Country Number of Facilities Segment(s) Supported Ireland 1 CSCA, CSCI United States 40 CSCA, CSCI France 6 CSCI Belgium 3 CSCI China 4 CSCA United Kingdom 4 CSCI Germany 3 CSCI Switzerland 3 CSCI Austria 3 CSCI Greece 2 CSCI Spain 2 CSCI We believe that our production facilities are adequate to support the business, and our property and equipment are well maintained. Our manufacturing plants are suitable for their intended purposes and have capacities for current and near term projected needs of our existing products. 34 Perrigo Company plc -
Company Information
| Name | PERRIGO Co plc |
| CIK | 0001585364 |
| SIC Description | Pharmaceutical Preparations |
| Ticker | PRGO - NYSE |
| Website | |
| Category | Large accelerated filer |
| Fiscal Year End | December 30 |