RAYONIER ADVANCED MATERIALS INC. 10-K Cybersecurity GRC - 2025-03-06

Page last updated on March 6, 2025

RAYONIER ADVANCED MATERIALS INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-06 14:22:36 EST.

Filings

10-K filed on 2025-03-06

RAYONIER ADVANCED MATERIALS INC. filed a 10-K at 2025-03-06 14:22:36 EST
Accession Number: 0001597672-25-000008

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk Management and Strategy Our information technology systems serve an important role in the efficient operation of our business. Identifying, assessing and managing material risks from cybersecurity threats are activities integrated into our overall risk management system. Cybersecurity risks are identified and addressed through coordinated efforts of our internal information technology security audit teams, internal governance and compliance reviews. Our security program also involves the engagement of external consultants to assist us with the review of our assessment and risk mitigation strategies for cybersecurity threats and the development of new approaches as needed. To safeguard our information technology systems against cyber threats, we conduct regular risk assessments to identify and address both new and recurring vulnerabilities. These efforts include tabletop exercises and penetration testing, which provide valuable insights to enhance our cybersecurity posture. We also utilize advanced tools that continuously monitor and evaluate our systems, enabling proactive prevention, detection, investigation, resolution and recovery from cybersecurity incidents. Cybersecurity events, including those reported to us by third-party service providers , are assessed for their severity and potential impact on our business using both quantitative and qualitative criteria, ensuring appropriate prioritization for response and remediation. Our information technology systems have been, and we expect will continue to be, subject to cyber intrusion attempts. We describe whether and how risks from cybersecurity threats have materially affected or are reasonably likely to materially affect our business, results of operations or financial condition under the risk factor “Loss of our intellectual property and sensitive data or disruption of our manufacturing operations due to a cybersecurity incident could materially adversely impact our business” found in Item 1A-Risk Factors. Governance Our Audit Committee is responsible for the oversight of risk from cybersecurity threats and includes one committee member with significant cybersecurity consulting experience. On a quarterly basis, the Audit Committee receives reports from senior management on our cybersecurity program covering our strategies and processes for the identification, assessment and mitigation of material cybersecurity risks. These reports also include updates on existing and emerging cybersecurity trends and threat landscapes, along with the status of ongoing projects aimed at strengthening our information security systems and improving our cyber readiness. To ensure clarity and accountability, these reports are segmented into key areas of focus, including incident response updates, emerging threat analyses and project progress metrics. Under the oversight of our Audit Committee, our CEO-chaired Enterprise Risk Management team and our chartered Cybersecurity Governance Committee convene at least quarterly to assess the identification and mitigation of cybersecurity risks, ensure the effective execution of our cybersecurity strategy and verify that our cybersecurity processes are adequately strengthened. The Cybersecurity Governance Committee is also responsible for evaluating findings and proposals presented by external consultants and developing the appropriate remediation actions. These teams are informed of cybersecurity threats and incidents through their management of the cybersecurity risk management and strategy processes described above, and report any such items to the Audit Committee as deemed appropriate. The individuals responsible for the day-to-day management and assessment of cybersecurity risks include our Vice President of Information Technology and our Senior Director of IT Cybersecurity and Infrastructure, both of whom bring extensive expertise in cybersecurity risk management. The Vice President of IT has over 30 years of experience in enterprise IT strategy and governance, with a strong background in project management and ERP implementations. The Senior Director of IT Cybersecurity and Infrastructure has over 25 years of experience in manufacturing IT, specializing in enterprise infrastructure, process control and cybersecurity. Additionally, our internal security and risk management teams consist of professionals with specialized expertise in intrusion detection and prevention, network security and endpoint defense, thereby ensuring a comprehensive approach to cybersecurity risk assessment and mitigation.

Company Information