Permian Resources Corp - (PR)
10-K Filing Date: February 29, 2024
ITEM 1C. CYBERSECURITY
Risk Management and Strategy
We rely on information technology and data to operate our business effectively and recognize the importance of implementing and maintaining cybersecurity systems and processes that allow us to protect the confidentiality, integrity and availability of our information systems and the data residing within them.
In order to monitor our information technology systems and data and to identify potential threats to such, we maintain cybersecurity risk assessment and management programs. Such programs include, but are not limited to, annual security penetration tests performed both externally and internally, bi-annual security assessments against cybersecurity frameworks, continuous vulnerability scanning, incident response processes, monthly and annual security awareness and simulated phishing trainings for our employees, and various system alert monitoring and screenings.
As part of our cybersecurity risk management process, we conduct simulated cybersecurity incidents to ensure that we are prepared to respond to such incidents and to highlight any areas for potential improvement in our cyber incident preparedness. We have a cybersecurity incident management policy and response plan in place. Cybersecurity breaches are evaluated by our information technology teams, which includes our VP of Information Technology. If an incident is deemed to be a breach, it is communicated to our legal department and management for evaluation, including whether the breach requires communication to the Board of Directors or investors through a relevant public filing.
Governance
Our cybersecurity risk management is primarily the responsibility of our VP of Information Technology and information technology teams. Our VP of Information Technology has over 25 years of industry experience in the field of information systems and oversees our risk assessment programs, remediation of known risks, processes for the regular monitoring of our information systems and our employee cybersecurity training programs. Our Board of Directors also oversees cybersecurity risk through our Audit Committee who reviews periodic reporting and updates regarding our risk management associated with cybersecurity.
We have not experienced any cybersecurity incidents that have had a material impact on our business strategy, results of operations or financial condition. For more information about the cybersecurity risks we face, refer to Risk Factors under Part I, Item 1A of this Annual Report.