GORMAN RUPP CO 10-K Cybersecurity GRC - 2025-03-03

Page last updated on March 3, 2025

GORMAN RUPP CO reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-03 12:02:15 EST.

Filings

10-K filed on 2025-03-03

GORMAN RUPP CO filed a 10-K at 2025-03-03 12:02:15 EST
Accession Number: 0001437749-25-005856

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY The Company recognizes the importance of developing, implementing, and maintaining cybersecurity measures to ensure the security of our information systems and networks and the confidentiality, availability, and integrity of our data. Risk management and strategy The Company continues to build its culture of security and has integrated cybersecurity risk management into our broader enterprise risk management process. This integration ensures that cybersecurity considerations are an integral part of our decision-making processes and operational practices. Our information technology department, including employees dedicated to the area of cybersecurity risk management, works closely with our senior management team to continuously evaluate and address cybersecurity risks in alignment with our business objectives and operational needs. Employees within the information technology department that are focused on cybersecurity attend periodic external training to stay current on potential cybersecurity risks and threats and how to best protect the Company from these risks and threats. 12 The Company provides training to all employees that reinforces the Company’s information technology risk and security management policies, standards and practices, as well as the expectation that employees comply with these policies. The training assists employees with identifying potential cybersecurity risks and threats and how to protect the Company’s resources and information. This training is mandatory for all employees globally on a periodic basis, and it is supplemented by firmwide internal and external service providers testing initiatives, including frequent phishing tests. In addition to the employee training program, the Company has created an information security incident response policy and team. The response team includes the Executive Officers of the Company, the Vice President of Information Technology, the Manager of IT Security, the Vice President of Human Resources and other functional and operational area experts as needed. The risks related to cybersecurity, including the effectiveness of our training programs, are monitored on an ongoing basis by our information technology department and external service providers. In addition, to assess the incident response policy, annually the Company conducts cybersecurity incident response training exercises to evaluate the effectiveness of the Company’s cybersecurity incident response strategies and tactics. The Company recognizes the complexity and evolving nature of cybersecurity threats. The Company utilizes a number of third-party software solutions, including full-time external monitoring, that are intended to detect and prevent potential cybersecurity threats. In addition, Gorman-Rupp engages with a range of external experts, including cybersecurity assessors, consultants, and auditors, in evaluating and testing our risk management systems. These external experts leverage their specialized knowledge and insights on cybersecurity to assess and enhance our internal policies and processes through regular audits, threat assessments, and consultation on security enhancements and strategies. We have not encountered cybersecurity challenges that have materially impaired our operations or financial standing. See Item 1A. Risk Factors - General Risk Factors - Cybersecurity threats. Governance The Board of Directors believes that control and management of risk are primary responsibilities of senior management of the Company. As a general matter, the entire Board of Directors is responsible for oversight of this important senior management function. The Audit Committee is responsible to the Board for the organizational oversight of the Company’s comprehensive enterprise risk management plan, including cyber risks. The Audit Committee is composed of board members with diverse expertise, including risk management, technology, and finance, equipping them to oversee cybersecurity risks effectively. Senior management plays a pivotal role in informing the Audit Committee on cybersecurity risks. The information technology department regularly informs the Chief Financial Officer (CFO) of all aspects related to cybersecurity risks and incidents. This ensures that senior management is kept abreast of the cybersecurity posture and potential risks. The senior management team presents updates to the Audit Committee quarterly and, as necessary, to the full Board. These regular reports include detailed updates on the Company’s performance preparing for, preventing, detecting, responding to and recovering from cyber incidents, if applicable.

Company Information