Innovex International, Inc. 10-K Cybersecurity GRC - 2025-03-03

Page last updated on March 3, 2025

Innovex International, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-03 17:03:09 EST.

Filings

10-K filed on 2025-03-03

Innovex International, Inc. filed a 10-K at 2025-03-03 17:03:09 EST
Accession Number: 0000950170-25-031003

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. Innovex maintains a cyber risk management program designed to identify, assess, manage, mitigate, and respond to cybersecurity threats. The underlying controls of the cyber risk management program are based on recognized best practices and standards for cybersecurity and information technology, including the National Institute of Standards and Technology (“NIST”) and the Cybersecurity Framework. Innovex has an annual assessment, performed by a third party, of the Company’s cyber risk management program against the NIST Cybersecurity Framework. Innovex contracts a Cyber Security Operations Center operating in three locations to provide 24/7 monitoring of its global cybersecurity environment and to coordinate the investigation and remediation of alerts. An annual incident response drill is in place to prepare support teams in the event of a significant incident. Cyber partners are a key part of Innovex’s cybersecurity infrastructure. Innovex partners with leading cybersecurity companies and organizations, leveraging third-party technology and expertise. Innovex engages with these partners to monitor and maintain the performance and effectiveness of products and services that are deployed in Innovex ’s environment. Innovex’s VP of IT reports to Innovex’s Chief Financial Officer and is the head of the Company’s cybersecurity team. The VP of IT is responsible for assessing and managing Innovex’s cyber risk management program, informs senior management regarding the prevention, detection, mitigation, and remediation of cybersecurity incidents and supervises such efforts. The cybersecurity team has decades of experience selecting, deploying, and operating cybersecurity technologies, initiatives, and processes around the world, and relies on threat intelligence as well as other information obtained from governmental, public or private sources, including external consultants engaged by Innovex. The Audit Committee of the board of directors oversees Innovex’s cybersecurity risk exposures and the steps taken by management to monitor and mitigate cybersecurity risks. The IT department briefs the Audit Committee on the effectiveness of Innovex’s cyber risk management program, typically on a semiannual basis. In addition, cybersecurity risks are reviewed by the Innovex board of directors, at least annually, as part of the Company’s corporate risk mapping exercise. Innovex faces risks from cybersecurity threats that could have a material adverse effect on its business, financial condition, results of operations, cash flows or reputation. Innovex has experienced, and will continue to experience, cyber incidents in the normal course of its business. However, prior cybersecurity incidents have not had a material adverse effect on Innovex’s business, financial condition, results of operations, or cash flows. See “Item 1A. Risk Factors-Risks Related to Technology Advancement- We are subject to cyber security risks. A cyber incident could occur and result in information theft, data corruption, operational disruption and/or financial loss” and “Item 1A. Risk Factors-Risks Related to Technology Advancement-We have experienced IT system disruptions and cyber attacks in the past, and a failure of our IT infrastructure and cyber attacks could adversely impact us in the future.”

Company Information