Page last updated on April 15, 2025
AstroNova, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-04-15 15:00:33 EDT.
Filings
10-K filed on 2025-04-15
AstroNova, Inc. filed a 10-K at 2025-04-15 15:00:33 EDT
Accession Number: 0000950170-25-054163
Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!
Item 1C. Cybersecurity.
Item 1C. Cybersec urity Cybersecurity Risk Management and Strategy We continue to invest substantially in cybersecurity risk management, which is a core part of our overall enterprise risk management program. Our security program is based on ISO27001, NIST 800-53, and GDPR frameworks to support our global business. We utilize various tools and processes to identify, monitor, evaluate, and address cybersecurity threats and incidents, including those involving third-party vendors and service providers. Our process includes identifying the source of a threat or incident, implementing countermeasures and mitigation strategies, and informing management and our board of directors about significant threats and changes in the cybersecurity landscape. We remain committed to investing in risk management tools and processes as cybersecurity threats evolve. Despite our efforts, we cannot guarantee that we can prevent, mitigate, or remediate risks in our own or third-party cybersecurity infrastructure. Our Information Technology team which reports to senior management, is responsible for maintaining our cybersecurity risk management program. They collaborate with third-party security specialists as they believe necessary to conduct thorough risk assessments and system improvements. Together with our third-party security service providers, the Information Technology team oversees cybersecurity incidents, prevention, detection, mitigation, and resolution. We regularly train our employees on cybersecurity awareness and confidential information protection and continuously review and update our policies to adapt to the evolving threat landscape and legal developments. Cybersecurity threats have the potential to materially affect our company, including our business strategy, results of operations, and financial condition. While we have not experienced material adverse effects from cybersecurity threats to date, we recognize the dynamic nature of these risks and remain vigilant in our efforts to mitigate potential impacts. Refer to “Item 1A. - Risk Factors” in this Annual Report on Form 10-K, including, “We could experience a significant disruption in or security breach of our information technology system which could harm our business and adversely affect our results of operations,” for additional discussion on our cybersecurity related risks. Cybersecurity Governance Our management, including our Chief Executive Officer, Chief Financial Officer , Chief Technology Officer (“CTO”), and Information Technology team, is responsible for identifying and assessing cybersecurity risks, establishing monitoring processes and implementing mitigation and remediation measures. In fiscal 2025, we hired a full-time Director of Information Technology, who is a Certified Information Security Professional. Our cybersecurity programs are managed under the direction of our CTO and the Director of Information Technology, with support from internal and external third-party resources. Our IT Steering Committee, which consists of our CEO. CFO, and other senior leadership employees, is responsible for coordinating our day-to-day management of cybersecurity risk. Each quarter, the IT Steering Committee receives reports from the CTO and Director of Information Technology on our cybersecurity program performance and emerging threats and incidents. The IT Steering Committee makes recommendations intended to ensure that hawse have adequate resources to address information technology risks. Our board of directors has ultimate oversight responsibility for our overall enterprise risk management and, with input from our senior management, oversees our cybersecurity risk management. As part of its enterprise risk management efforts, our board of directors regularly receives reports from management on our cybersecurity programs with regard to any risks that may arise from specific cybersecurity threats and incidents. The board of directors oversees management’s programs, policies and processes in place that identify, monitor, assess, and respond to cybersecurity, data privacy, and other information technology risks to which we are exposed. 18
Company Information
| Name | AstroNova, Inc. |
| CIK | 0000008146 |
| SIC Description | Computer Peripheral Equipment, NEC |
| Ticker | ALOT - Nasdaq |
| Website | |
| Category | Accelerated filer Smaller reporting company |
| Fiscal Year End | January 30 |