USA Compression Partners, LP - (USAC)

10-K Filing Date: February 13, 2024
ITEM 1C. Cybersecurity
Risk Management and Strategy
Our cybersecurity program is led by our IT department and our Cybersecurity Steering Committee, which consists of IT leadership and certain of our senior management. The members of our IT leadership team have an average of over 25 years of experience in IT operations and over 10 years of experience in IT security, including cybersecurity risk identification and mitigation. Our IT department stays informed of current developments in cybersecurity threats and preventative measures and continuously updates our cybersecurity program based on this knowledge. Additionally, our Cybersecurity Steering Committee
33

meets on a regular basis to assess, identify and manage material cyber risks. We also engage with a range of external specialists, including cybersecurity firms, consultants, and auditors in evaluating and testing our cybersecurity risk management systems, as well as specialized third-party companies that assist in monitoring our information systems. Our collaboration with these third parties includes regular audits, threat assessments, and consultation on security enhancements. These partnerships enable us to access specialized knowledge and insights which we leverage to continuously improve and modernize our cybersecurity program. We use industry-leading security tools, regularly perform security risk assessments and tool reviews with independent third parties to evaluate program effectiveness, and regularly update our security roadmap. Our IT department monitors industry news and updates to stay aware of the cybersecurity landscape, including incidents or issues that may arise involving our third-party service providers. We perform cybersecurity diligence on certain of our third-party service providers, and for third-party service providers with access to our internal information systems, we require them to review and agree to our relevant cybersecurity policies. Our cybersecurity program is designed to align with the National Institute of Standards and Technology’s five-phase Cybersecurity Framework (Identify-Protect-Detect-Respond-Recover). We have integrated cybersecurity risk management into our overall risk management system, ensuring that cybersecurity risks are taken into consideration when managing business objectives and operational needs.
We require all our employees to take monthly training and testing on cybersecurity threats, including how to recognize and properly respond to phishing and social engineering schemes. We have deployed a phishing detection system to report suspicious emails, which are flagged for further review. We install and regularly update antivirus software on all company managed systems and workstations to detect and prevent malicious code from impacting our systems. We have an incident response plan in place in the event of a cybersecurity incident to guide our response and mitigation actions, which includes requiring our IT team to escalate incidents of a certain severity to the appropriate members of management.
As of the date of this report, we have not identified any risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, that have materially affected us, our business strategy, results of operation or financial condition. While we have designed our cybersecurity program with the purpose of minimizing risk and protecting our assets, no cybersecurity measures can eliminate all risks. Therefore, there remains a possibility that we could experience a cybersecurity incident that could have a material impact on our business, results of operations, and financial condition. For more information on this risk, read Part I, Item 1A “Risk Factors – General Risk Factors –Cybersecurity breaches and other disruptions of our information systems could compromise our information and operations and expose us to liability, which would cause our business and reputation to suffer.”
Governance
Our IT leadership updates the Cybersecurity Steering Committee on cybersecurity risks and incidents, ensuring that management is kept aware of USAC’s cybersecurity postures and risks. The Cybersecurity Steering Committee is overseen by, and management periodically provides an update to, the Audit Committee of our Board of Directors regarding our cybersecurity posture and risks, ensuring that the Audit Committee has knowledge and oversight of significant cybersecurity matters and can provide guidance on critical cybersecurity issues.