RPC INC 10-K Cybersecurity GRC - 2025-02-28

Page last updated on March 3, 2025

RPC INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-02-28 14:42:35 EST.

Filings

10-K filed on 2025-02-28

RPC INC filed a 10-K at 2025-02-28 14:42:35 EST
Accession Number: 0001558370-25-001922

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk Management and Strategy RPC approaches cybersecurity as an enterprise-wide risk and has created an accountability framework that includes oversight of cybersecurity risks. We have implemented policies and processes designed to detect, prevent, and respond to cybersecurity incidents . To help guide its overall program, RPC has adopted the Center for Internet Security (CIS) framework, which provides prioritized guidance to help defend systems and networks against the most prevalent cyber-attacks as well as support for a Zero Trust. RPC has created a cross-departmental team to screen Company vendors (also known as partners and managed service providers) for vulnerabilities on their own systems and compliance with RPC’s policies and procedures, to mitigate risks potentially caused by third party breaches. As part of its Standard Operating Procedures, RPC has adopted Incident Response Policy (IRP), Data Classification and Handling Policy, and other policies regarding key areas of information security. These policies are reviewed periodically and updated as needed to address emerging risks or gaps in compliance. The IRP also includes guidance on internal and external escalation in the event of an incident or breach. RPC has not experienced a material cybersecurity incident to date. If a material cybersecurity breach occurs, the incident will be reviewed by the cybersecurity team to determine whether further escalation is appropriate. Any incident assessed as potentially being or becoming material will immediately be escalated for further assessment and reported to designated members of our executive leadership team and if deemed necessary, the Board of Directors. The IRP provides for consultation with outside legal counsel and our independent registered public accounting firm as appropriate, including on materiality analysis and disclosure matters, to make the final materiality determination regarding disclosure and other compliance decisions. The Company maintains a cyber liability insurance policy that is designed to cover certain expenses, business losses, business interruption, and fines and penalties associated with a data breach or other similar incident. Cyber liability insurance also provides coverage in the event of a ransomware attack including assistance in the timely remediation of material cyberattacks and incidents. Our business strategy, results of operations and financial condition have not been materially affected by risks from cybersecurity threats , including as a result of previously identified cybersecurity incidents, but we cannot provide assurance that they will not be materially affected in the future by such risks or any future material incidents. For more information on our cybersecurity related risks, see Item 1A Risk Factors of this Annual Report on Form 10-K. Governance Role of the Board On an annual basis, the Board reviews and approves the overall enterprise risk management approach and processes implemented by management to identify, assess, manage, and mitigate risk. The Board has delegated its responsibility for oversight of the Company’s cybersecurity and information security framework and risk management to the Audit Committee . The Audit Committee receives information and updates at least quarterly and actively engages with senior leaders with respect to the effectiveness of the Company’s cybersecurity and information security framework, data privacy, and risk management. In addition, the Audit Committee receives reports summarizing threat detection and mitigation plans, audits of internal controls, training and certification, and other cyber related priorities and initiatives, as well as timely updates from senior leaders on material incidents relating to information systems security, including cybersecurity incidents . The Audit Committee includes members with experience in risk management including risks related to cybersecurity. 20 Role of Management RPC’s cybersecurity program is overseen by the Chief Information Officer (CIO) as well as several key members of RPC’s Enterprise Technology team . These key leaders collectively have over 50 years of experience in network security, cybersecurity and enterprise risk management. The Chief Executive Officer and CIO receive regular updates on cybersecurity matters, results of mitigation efforts related to existing risks and cybersecurity incident response and remediation. These leaders communicate closely with members of RPC’s Information Security Committee (ISC) which oversees the adopted CIS Control Framework, governs the Company’s information security programs and monitors the effectiveness of the Company’s cybersecurity and technology risk management practices. In addition, ISC provides oversight to align security strategies with business objectives. The Company also maintains business continuity and disaster recovery plans.

Company Information