Ingersoll Rand Inc. - (IR)
10-K Filing Date: February 23, 2024
ITEM 1C. CYBERSECURITY
The Company has implemented controls based on the National Institute of Standards and Technology Cybersecurity Framework (the “NIST CSF”) and the Sarbanes-Oxley Act of 2002. Our Information Technology organization is led by the Chief Information Officer (“CIO”) who is responsible for cybersecurity risk management. The Audit Committee is tasked with
19
oversight of our overall enterprise risk management program, including cybersecurity, and receives recurring cybersecurity updates throughout the year with one full cybersecurity report to the Board of Directors. Directors with experience in cybersecurity and technology play crucial oversight roles for our digital and cybersecurity strategies.
Our cybersecurity program is overseen by the Company’s Chief Information Security Officer (“CISO”) and is designed to protect and preserve the confidentiality, integrity and availability of our information technology assets. Risks and controls are monitored by the CISO and CIO and their evaluation of our overall program drives the nature and scope of our cybersecurity investments. Our CISO reports directly to the CIO and has 20 years of IT experience including leadership roles at various companies with enterprise responsibility for IT audit, IT infrastructure, and cybersecurity. The CISO reports to the Audit Committee on the effectiveness of the Company’s cybersecurity program controls aligned to the NIST CSF framework. We periodically engage external subject matter experts who provide independent qualitative and quantitative assessments of the cybersecurity program maturity and response readiness. We also use processes to oversee and identify material risks from cybersecurity threats associated with our use of third-party technology and systems. In addition, the Company leverages a monthly cybersecurity awareness training program for all employees that is further reinforced through frequent phishing simulations.
Quarterly updates are provided by the CISO to the Cybersecurity Governance Committee comprised of cross functional senior management regarding the effectiveness of cybersecurity program and its ability to monitor the prevention, detection, mitigation, and remediation of cybersecurity incidents. Our Cybersecurity Governance Committee is responsible for monitoring and coordinating enterprise cybersecurity policy and strategy, and for providing guidance to key management and oversight bodies. Our cybersecurity program includes a risk-based incident response plan that provides a documented framework for handling incidents including coordination across multiple parts of the Company.
For a discussion of the risks and uncertainties that cybersecurity incidents may have on us, see “Risk Factors: Information systems failure or disruption, due to cyber terrorism or other actions, may adversely impact our business and result in financial loss to the Company or liability to our customers” in this Form 10-K.