NCS Multistage Holdings, Inc. 10-K Cybersecurity GRC - 2025-03-10

Page last updated on March 10, 2025

NCS Multistage Holdings, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-10 16:52:42 EDT.

Filings

10-K filed on 2025-03-10

NCS Multistage Holdings, Inc. filed a 10-K at 2025-03-10 16:52:42 EDT
Accession Number: 0001437749-25-006851

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity We maintain a cyber risk management program designed to identify, assess, manage, mitigate, and respond to cybersecurity threats. An analysis of the impact, likelihood, and management preparedness of cybersecurity threats to our strategic priorities is part of our risk management process. The underlying controls of the cyber risk management program are based on recognized best practices and standards for cybersecurity and information technology, including the National Institute of Standards and Technology (“NIST”) Cybersecurity Framework (“CSF”) and the Center for Internet Security (“CIS”) Critical Security Controls. We partner with leading cybersecurity companies and organizations to enhance our cybersecurity infrastructure, leveraging third-party technology and expertise to monitor and optimize the performance of our deployed cybersecurity products and services. We also engage with third party firms to help identify, assess, and manage cybersecurity risks in alignment with cybersecurity standards and best practices. We use a third-party provider to supplement the continuous monitoring of our cybersecurity environment and to help coordinate the investigation and remediation of events. The Company evaluates third-party risk for critical suppliers through ongoing security reviews, provided that for third-party providers that are part of the Company’s financial reporting system, security controls are assessed through a more detailed review of events. Our incident response plan documents the procedures for assessing and managing cybersecurity events. This plan includes protocols for identifying the nature and scope of a cybersecurity threat, including whether it originates from a third -party provider, and assessing its potential impact. Our incident response team includes senior personnel, including the general counsel, and the heads of human resources and information technology, as well as our cybersecurity senior manager. Any material cybersecurity events are reported to our Board. In addition, employees are provided with online training courses to build awareness around potential cybersecurity threats and are tested periodically to maintain their focus in this important area. The information technology group has decades of experience selecting, deploying, and operating cybersecurity technologies, initiatives, and processes. The group reports to our Chief Financial Officer. Our cybersecurity senior manager, who has held roles in security, infrastructure management, and enterprise information technology management, is responsible for assessing and managing the cyber risk management program, informs senior management regarding the prevention, detection, mitigation, and remediation of cybersecurity incidents and supervises such efforts. The Audit Committee of our Board oversees our cybersecurity risk program and receives periodic presentations from management regarding the Company’s efforts to monitor and mitigate cybersecurity risks. The Board is composed of members with diverse expertise including risk management and technology, equipping them to oversee cybersecurity risks effectively. The cybersecurity program is reviewed by our Board, at least annually. In addition to scheduled briefings, ad hoc discussions regarding emerging or potential cybersecurity risks ensure the Board remains informed and engaged in strategic decision-making related to cybersecurity. We face risks from cybersecurity threats that could have a material adverse effect on our business, financial condition, results of operations, cash flows or reputation. We have experienced, and will continue to experience, cyber incidents in the normal course of our business. However, prior cybersecurity incidents have not had a material adverse effect on our business, financial condition, results of operations, or cash flows. - See Item 1A. “Risk Factors - We are subject to cybersecurity risks. A cyber incident could occur and result in information theft, data corruption, operational disruption and/or financial loss.” for more information about these and other risks related to information security.

Company Information