NATURAL GAS SERVICES GROUP INC 10-K Cybersecurity GRC - 2025-03-17

Page last updated on March 17, 2025

NATURAL GAS SERVICES GROUP INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-17 16:05:46 EDT.

Filings

10-K filed on 2025-03-17

NATURAL GAS SERVICES GROUP INC filed a 10-K at 2025-03-17 16:05:46 EDT
Accession Number: 0001084991-25-000024

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Information Technology and Cybersecurity Risks. Our IT systems and digital technology has been an important part of our operations and our ability to compete successfully. We continue to invest in technology solutions to improve inefficient systems, to streamline and automate workflows and to provide digital and mobile applications for our field service personnel. We are committed to maintaining robust cybersecurity measures, continuously evaluating and updating our cybersecurity practices, and being prepared to respond to and recover from cybersecurity incidents. We face ongoing risk from cybersecurity threats. There can be no assurance that our efforts will prevent or mitigate all cybersecurity events, which, if realized, could have a material impact on our operations and financial results. See Part I, Item 1A “Risk Factors” of this Report for additional information. Cybersecurity Incidents We have not experienced any material cybersecurity incidents nor have we identified risks from known threats that could likely materially impact our operations or financial results. 22 Management of Cybersecurity Risk We maintain a Cybersecurity Event Plan (“Cybersecurity Plan”) which outlines how we identify and manage our cybersecurity risk. The Cybersecurity Plan contains the following elements: - Incident Identification and Reporting - outlines the steps used to promptly identify cybersecurity risks and report those through appropriate means; - Incident Assessment - after collecting information about a potential risk or threat, a protocol has been developed and outlined that will allow a cross-functional team to assess the threat; - Incident Containment - provides for action to be taken to isolate and attempt to contain and minimize any potential threat; - Resolution and Recovery - outlines the steps to be taken, based upon the incident and the systems potentially impacted, to mitigate the potential impact of the threat and restore system access and functionality in the minimum amount of time; - Training and Awareness - development of training and awareness programs to allow employees to understand how to promptly respond in the event of a perceived threat. Governance Our Board of Directors has an active role in oversight of our risks and is assisted by our management in the exercise of these responsibilities. Our Manager of Information Technology (“IT Manager”) prepares and provides a presentation to the Board of Directors at each of its quarterly meetings, which includes updates on cybersecurity. Our IT Manager is responsible for assessing and managing risks from cybersecurity threats and carrying out our formal cybersecurity event plan. Our IT Manager is also responsible for reporting material incidents to our Chief Executive Officer, who in turn will report to the Lead Independent Director. Our IT Manager has over 20 years of IT experience in the energy industry.

Company Information