Page last updated on March 11, 2025
Summit Midstream Corp reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-11 16:42:09 EDT.
Filings
10-K filed on 2025-03-11
Summit Midstream Corp filed a 10-K at 2025-03-11 16:42:09 EDT
Accession Number: 0002024218-25-000020
Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!
Item 1C. Cybersecurity.
Item 1C. Cybersecurity Risk Management, Strategy and Governance. Cybersecurity Oversight and Management Board Oversight of Cybersecurity Matters The Audit Committee is tasked with overseeing the Company’s cybersecurity matters. Pursuant to the Audit Committee’s charter, one of the Audit Committee’s responsibilities is to discuss the Company’s major risk exposures with management, including those related to cybersecurity, and the steps taken by management to monitor and control such exposures, including the Company’s risk assessment and risk management guidelines, policies and practices. The Audit Committee reports to the entire Board of Directors periodically regarding its oversight of cybersecurity matters. In developing such updates to the Board of Directors, the Audit Committee relies in large part on periodic updates from Company management. Management of Cybersecurity Matters The Company’s management assumes executive responsibility for assessing, identifying, and managing cybersecurity risks and incidents. In particular, the Senior Vice President, Engineering and Operations (SVP, E&O) reports directly to the President, Chief Executive Officer, and Chairman of the Board and holds the highest level of executive responsibility for assessing and managing all cybersecurity threats, incidents, and risks at the Company, as well as developing and implementing all cybersecurity risk management, strategy, and governance recommendations. The SVP, E&O holds key skills, experience, and competencies related to the management of cybersecurity matters. In particular, our current SVP, E&O has over 30 years of experience leading IT and OT physical security and cybersecurity. The SVP, E&O is supported by critical internal positions within the Company, including but not limited to the Director of Information Technology, Vice President of Operational Technology and dedicated IT and OT resources with cybersecurity responsibilities. The SVP, E&O is further supported by various external parties, including but not limited to cybersecurity service providers, consultants, and other third parties engaged on an as-needed basis. 57 The Company’s management has processes in place by which it is informed of and monitors the prevention, detection, mitigation, and remediation of cybersecurity risks. These processes include, but are not limited to: - Maintaining an updated inventory and management of digital assets; - Ensuring familiarity and compliance with cybersecurity frameworks, including the National Institute of Standards and Technology’s Cybersecurity Framework and ISO 27001; - Updating and maintaining an internal incident response plan; - Conducting risk assessments of the Company’s cybersecurity policies, practices, and tools; - Employing appropriate antivirus, anti-malware, firewall, endpoint detection and response, backup and recovery software, multifactor authentication, virtual private network, account change monitoring, patch management, web content filter, spam filter and reporting, and vulnerability management software; - Conducting regular vulnerability scans of the Company’s digital and operational infrastructure; - Requiring employees to complete a Cybersecurity Awareness Program, which includes computer-based training; and - Reviewing and evaluating developments in the threat landscape. The Company’s management also has processes in place to oversee and identify material risks from cybersecurity threats associated with its use of third-party service providers. These processes include, but are not limited to: - Maintaining an inventory of all third-party vendors engaged by the Company and assessing each vendor’s level of access to the Company’s IT and OT systems and information ; and - Implementing access controls that restrict vendor access to only specific Company systems and information necessary to perform their service. The SVP, E&O provides updates to the Audit Committee at its quarterly meetings regarding management of the Company’s cybersecurity matters, including any new cybersecurity threats, incidents, risks, risk management solutions, trainings or education, infrastructure upgrades, or governance changes. As of March 11, 2025, the Company’s business strategy, operations, or financial condition have not been materially affected by and are not likely to be materially affected by, any cybersecurity threats or incidents.
Company Information
| Name | Summit Midstream Corp |
| CIK | 0002024218 |
| SIC Description | Natural Gas Transmission |
| Ticker | SMC - NYSE |
| Website | |
| Category | Accelerated filer Smaller reporting company |
| Fiscal Year End | December 30 |