Endo, Inc. 10-K Cybersecurity GRC - 2025-03-13

Page last updated on March 13, 2025

Endo, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-13 09:56:04 EDT.

Filings

10-K filed on 2025-03-13

Endo, Inc. filed a 10-K at 2025-03-13 09:56:04 EDT
Accession Number: 0002008861-25-000007

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity The Company has procedures and safeguards designed to detect and/or prevent unauthorized access to confidential information and defend against cyber-attacks, both internally and with the assistance and partnership of cybersecurity experts, with a view toward addressing the ever-evolving threat landscape and changing cybersecurity regulations. As part of its role in risk oversight, the Audit & Finance Committee of the Company’s Board (Audit & Finance Committee) reviews the Company’s program for managing information security risks, including data privacy and data protection. Our cybersecurity framework, which is based on the National Institute of Standards and Technology Cybersecurity Framework, includes risks and controls embedded into our processes and technology, and measured and monitored by cybersecurity subject matter specialists. All employees and contractors with access to our Company’s systems must also complete mandatory comprehensive cybersecurity trainings periodically and participate in simulations which are deployed to educate and prepare users for cyber-attacks and similar risks. Our information security program is guided by the Chief Information Security Officer (CISO) who reports to the Chief Information Officer (CIO), who reports to the Company’s Interim CEO. The current CISO has approximately twenty five years of experience serving in information security leadership roles across financial, software, government and life sciences industries, including previously operating in the role of the CISO for several large companies, and possesses the requisite education, skills, experience and industry certifications expected of an individual assigned to these duties. The IT Security Team, which is comprised of certain other cybersecurity focused team members, is responsible for addressing the dynamic threats against our electronic systems and assisting the workforce with handling system incidents, including centralizing the reporting, detection and response to incidents . Incident management and response processes define the recommended teams, actions and procedures needed to recognize and respond to an incident; assess the situation quickly and effectively; notify the appropriate individuals and organizations about the incident; organize the Company’s response activities, including activating a command center; escalate the Company’s response efforts based on the severity of the incident; and support the business recovery efforts being made in the aftermath of the incident. Additionally, third-party security experts are regularly engaged to monitor, assess, review and analyze the information technology landscape. The Company’s incident response framework also defines the roles with respect to cybersecurity risk oversight and assigns responsibility to the IT Security Team. The IT Security Team members have: (i) completed extensive cybersecurity training; (ii) have experience assessing cybersecurity incidents; (iii) actively participate in industry and government forums; and (iv) collaborate with our peers to understand and improve cybersecurity intelligence, vulnerability management and defense strategies. Our internal audit team performs audits of our information systems and network security. The audit scope, timing and frequency of our cybersecurity control framework is integrated into the Company’s overall risk management process and the planning for, and results of, those audits are reviewed with the Audit & Finance Committee. We regularly assess and monitor our cybersecurity risks and incidents and report them to our senior management and Audit & Finance Committee. Our Audit & Finance Committee oversees our cybersecurity strategy and governance and reviews our cybersecurity policies and practices on a periodic basis. Additionally, and as further discussed above, the Audit & Finance Committee is briefed multiple times a year or as needed by the CISO and/or CIO and, if applicable as determined by the Company’s senior leadership, external advisors on the current and emerging cybersecurity threats and trends and the effectiveness of our cybersecurity controls and response capabilities. We conduct due diligence security assessments of certain third-party providers before engagement, have contractual rights to and gather data on the effectiveness of vendor systems and protocols and monitor compliance with our cybersecurity standards. The monitoring includes periodic assessments and ongoing monitoring by the IT Security Team. This approach is designed to mitigate risks related to data breaches or other security incidents originating from third-parties. As of the date of this report, we have not experienced any cybersecurity threats or incidents that have materially affected, or reasonably likely to materially affect, the Company, including our business strategy, results of operations, or financial condition. Refer to “Our operations could be disrupted if our information systems fail or are not upgraded or are subject to cyber-attacks” in Part I, Item 1A of this report for additional information on risks from cybersecurity threats.

Company Information