|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
AdvanSix is committed to protecting the data and confidential information of its business, employees, customers and suppliers. As an organization, we face the risk of cybersecurity breaches and incidents from both external threat actors and from insiders which could compromise the security of our information and networks. Any cybersecurity breach or incident could harm our business or disrupt our operations.
Cybersecurity risk is closely monitored by our executive leadership with governance and oversight by the Audit Committee of the Board, whose oversight is expressly noted in its chartered responsibilities along with broader enterprise risk management. A cybersecurity team, led by the General Counsel, the Chief Information Officer (“CIO”) and the Chief Information Security Officer (“CISO”), is responsible for the management, implementation and operation of the cybersecurity program, alongside qualified internal and external security and IT subject matter experts.
Our CIO leads the Company’s information technology organization and brings over 25 years of experience to the role. She joined AdvanSix as Senior Director, Information Technology in September 2016, and prior to that time, spent 17 years with Honeywell, where she held IT positions of increasing responsibility in the Transportation Systems business and Corporate functions. Before joining Honeywell, our CIO held several roles at Electronic Data Systems (EDS), including system design and development, configuration management and database administration. She earned a Bachelor’s Degree in Psychology and an MBA, in Supply Chain and Business Information Systems, from Michigan State University.
Our CISO leads the Company’s cybersecurity and IT infrastructure organization and brings over 19 years of experience in the areas of technology governance, risk and compliance management, information security and cybersecurity, risk assessments, secure-Software Development Life Cycle (SDLC), security architecting, cloud security design and operations, threat and vulnerability management, Security Information and Event Management (SIEM)/Security Operation Center (SOC), and incident response management. He joined AdvanSix in December 2018 as our Cybersecurity Leader, and prior to that time, he worked as VP and Information Security Officer at MUFG, managing the overall risk management program, design and implementation. Prior to that role, our CISO served as a cybersecurity and privacy manager with PricewaterhouseCoopers, as a technology manager – IT security and infrastructure with Suez Environment North America, and as an IT auditor for Pentair. Our CISO has a Master's Degree in Computer Science from New Jersey Institute of Technology and a Bachelor’s Degree in Mechanical Engineering from University of Madras. In order to stay current with best practices, our CISO regularly completes cybersecurity certification courses and attends industry conferences.
We track the effectiveness of our cybersecurity program using key performance and risk metrics through daily surveillance with dashboard updates provided by the CISO to the General Counsel and the CIO supplemented by regular updates to the senior leadership team, which includes the Chief Executive Officer and the Chief Financial Officer. In addition, the CISO provides cybersecurity updates to the Audit Committee and the full Board. Informational report-outs, with risk metrics and dashboard updates, are provided to the Audit Committee on at least a quarterly basis. At least annually, the full Board is provided an update which includes a review of governance oversight, cybersecurity controls, implemented improvements and mitigations, vulnerability risks, third-party vendors utilized, and status of key initiatives.AdvanSix’s cybersecurity program is based on the National Institute of Standards and Technology (NIST) Cybersecurity Framework and consists of technical, administrative and operational controls working together as an integrated solution. AdvanSix engaged the services of a best-in-class third party cybersecurity firm to conduct an independent comprehensive maturity assessment of our cyber security program across critical areas which align with the NIST Cybersecurity Framework. As a result of the assessment, best practice recommendations were incorporated into the cybersecurity program to improve our cybersecurity posture and program maturity. We regularly monitor the qualitative and quantitative performance of the program and other risk metrics. Key risks are identified, and appropriate mitigations are implemented through a combination of people, process, and technology solutions that are continuously evolving to address a dynamic and increasingly sophisticated threat environment. Based on this framework, we have developed and implemented a comprehensive set of cybersecurity policies and procedures to address the key cybersecurity risks faced by AdvanSix. We continue to assess evolving threats and update our policies and procedures appropriately
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|AdvanSix is committed to protecting the data and confidential information of its business, employees, customers and suppliers. As an organization, we face the risk of cybersecurity breaches and incidents from both external threat actors and from insiders which could compromise the security of our information and networks. Any cybersecurity breach or incident could harm our business or disrupt our operations
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
AdvanSix has developed cybersecurity incident response plans and procedures, including the formation of a designated cybersecurity incident response team with representatives from across the organization. In the event of an actual cybersecurity incident, the cybersecurity incident response plan serves as the guiding framework for the Company including with respect to incident assessment, mitigations and controls, as well as response, recovery, reporting and resolution. We conduct periodic scenario planning sessions and tabletop exercises with the cybersecurity incident response team and other key functional roles in the enterprise to improve our response preparedness in the event of a security incident. AdvanSix has implemented various measures to protect its sites from both physical and cyber-attacks, which take into account applicable data security and other data privacy laws and regulations. Emerging threats and opportunities to further mitigate cybersecurity risk are continuously explored and evaluated. A vulnerability management program continually assesses our environment to identify and remediate system and software vulnerabilities. A data governance policy and data loss prevention program have been implemented to protect our intellectual property and other sensitive data. We also engage independent third parties to perform security assessments on at least an annual basis, which include penetration testing of our external and internal environment.
In summary, the Company’s approach to cybersecurity is intended to assess, identify, and manage risks from cybersecurity threats, implement mitigations and controls consistent with the NIST Cybersecurity Framework and support safe, stable and sustainable operations, while protecting our intellectual property, confidential information, privacy data, operations, and infrastructure.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|the CISO provides cybersecurity updates to the Audit Committee and the full Board. Informational report-outs, with risk metrics and dashboard updates, are provided to the Audit Committee on at least a quarterly basis
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|the Company’s approach to cybersecurity is intended to assess, identify, and manage risks from cybersecurity threats,
|Cybersecurity Risk Role of Management [Text Block]
|
Our CIO leads the Company’s information technology organization and brings over 25 years of experience to the role. She joined AdvanSix as Senior Director, Information Technology in September 2016, and prior to that time, spent 17 years with Honeywell, where she held IT positions of increasing responsibility in the Transportation Systems business and Corporate functions. Before joining Honeywell, our CIO held several roles at Electronic Data Systems (EDS), including system design and development, configuration management and database administration. She earned a Bachelor’s Degree in Psychology and an MBA, in Supply Chain and Business Information Systems, from Michigan State University.
Our CISO leads the Company’s cybersecurity and IT infrastructure organization and brings over 19 years of experience in the areas of technology governance, risk and compliance management, information security and cybersecurity, risk assessments, secure-Software Development Life Cycle (SDLC), security architecting, cloud security design and operations, threat and vulnerability management, Security Information and Event Management (SIEM)/Security Operation Center (SOC), and incident response management. He joined AdvanSix in December 2018 as our Cybersecurity Leader, and prior to that time, he worked as VP and Information Security Officer at MUFG, managing the overall risk management program, design and implementation. Prior to that role, our CISO served as a cybersecurity and privacy manager with PricewaterhouseCoopers, as a technology manager – IT security and infrastructure with Suez Environment North America, and as an IT auditor for Pentair. Our CISO has a Master's Degree in Computer Science from New Jersey Institute of Technology and a Bachelor’s Degree in Mechanical Engineering from University of Madras. In order to stay current with best practices, our CISO regularly completes cybersecurity certification courses and attends industry conferences.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|
AdvanSix has developed cybersecurity incident response plans and procedures, including the formation of a designated cybersecurity incident response team with representatives from across the organization. In the event of an actual cybersecurity incident, the cybersecurity incident response plan serves as the guiding framework for the Company including with respect to incident assessment, mitigations and controls, as well as response, recovery, reporting and resolution. We conduct periodic scenario planning sessions and tabletop exercises with the cybersecurity incident response team and other key functional roles in the enterprise to improve our response preparedness in the event of a security incident. AdvanSix has implemented various measures to protect its sites from both physical and cyber-attacks, which take into account applicable data security and other data privacy laws and regulations. Emerging threats and opportunities to further mitigate cybersecurity risk are continuously explored and evaluated. A vulnerability management program continually assesses our environment to identify and remediate system and software vulnerabilities. A data governance policy and data loss prevention program have been implemented to protect our intellectual property and other sensitive data. We also engage independent third parties to perform security assessments on at least an annual basis, which include penetration testing of our external and internal environment.
In summary, the Company’s approach to cybersecurity is intended to assess, identify, and manage risks from cybersecurity threats, implement mitigations and controls consistent with the NIST Cybersecurity Framework and support safe, stable and sustainable operations, while protecting our intellectual property, confidential information, privacy data, operations, and infrastructure.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Our CIO leads the Company’s information technology organization and brings over 25 years of experience to the role. She joined AdvanSix as Senior Director, Information Technology in September 2016, and prior to that time, spent 17 years with Honeywell, where she held IT positions of increasing responsibility in the Transportation Systems business and Corporate functions.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|In addition, the CISO provides cybersecurity updates to the Audit Committee and the full Board. Informational report-outs, with risk metrics and dashboard updates, are provided to the Audit Committee on at least a quarterly basis. At least annually, the full Board is provided an update which includes a review of governance oversight, cybersecurity controls, implemented improvements and mitigations, vulnerability risks, third-party vendors utilized, and status of key initiatives.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef