The Security Committee of the Board of Directors comprises Richard Beyer, Lynn Dugle and Linnie Haynesworth. Ms. Dugle serves as the Chair of the Security Committee.
Charter of the Security Committee of the Board of Directors of Micron Technology, Inc
The purpose of the Security Committee (the “Committee”) of the Board of Directors (the “Board”) of Micron Technology, Inc. (the “Company”) is to assist the Board with fulfilling its oversight responsibility with respect to the Company’s security of personnel, facilities, information infrastructure and all company information, including, but not limited to, data governance, privacy, compliance, cybersecurity, and oversight of associated risks and other tasks related to the Company’s security functions as the Board may delegate to the Committee from time to time.
2. Membership, Qualifications, and Compensation.
2.01. Appointment. Committee members shall be appointed by and serve at the discretion of the Board. The Committee shall consist of at least two members of the Board. Members of the Committee shall meet the criteria of this Section 2.
2.02. Independence. At least a majority of Committee members shall be “independent” as defined in the listing standards of NASDAQ, as in effect from time to time and in accordance with the time frames specified therein.
2.03. Committee Compensation. The fees and other compensation, if any, paid to members of the Committee shall be determined by the Board in its sole discretion.
3. Committee Chair
Unless the Board elects the Committee Chair, the members of the Committee shall designate a Chair by the majority vote of the full Committee membership.
4. Duties and Responsibilities
In order to carry out the purpose described above, the Committee may undertake those specific duties and responsibilities listed below and such other duties as the Board may from time to time prescribe, unless otherwise noted below.
4.01. Duties regarding Certain Security Matters. Management of the Company has responsibility to manage the Company’s security practices, procedures and controls. The Committee has an oversight role, and in fulfilling that role, may rely on reviews and reports provided by management and the Committee’s advisors. In performing its oversight responsibilities, the Committee shall:
4.01.01. Risk Oversight. Review and discuss with management (i) the Company’s policies, plans, metrics, and programs relating to the physical security of the Company’s facilities and employees as well as enterprise cybersecurity and data protection risks associated with the Company’s security-related infrastructure and related operations and (ii) the effectiveness of the Company’s programs and practices for identifying, assessing, and mitigating such risks across the Company’s business operations;
4.01.02. Preparedness. Review and discuss with management the Company’s cyber crisis preparedness, security breach and incident response plans, communication plans, and disaster recovery and business continuity capabilities with respect to the forgoing;
4.01.03. Oversight of Safeguards. Review and discuss with management the safeguards used to protect the confidentiality, integrity, availability, safety, and resiliency of the Company’s employees, facilities, intellectual property, and business operations;
4.01.04. Compliance Oversight. Receive reports from management on the Company’s compliance with applicable information security and data protection laws and industry standards, new or updated legal implications of security, data privacy, and/or other regulatory or compliance risks to the Company or the Company’s employees, facilities, and business operations, and the threat landscape facing the Company and the Company’s business operations;
4.01.05. Strategic Oversight. Review and advise on the Company’s physical and cybersecurity strategy, crisis or incident management, and security-related information technology planning processes and review strategy for investing in the Company’s security systems with the Company’s Chief Information Officer and Chief Security Officer;
4.01.06. Public Disclosure. Review and discuss with management the Company’s public disclosures, including in its reports filed with the Securities and Exchange Commission, relating to the Company’s security of its employees, facilities, and information technology systems, including privacy, network security, and data security;
4.01.07. Outside Partners. Review and discuss with management the cybersecurity risks associated with the Company’s outside partners (such as vendors, suppliers, operations partners, etc); and
4.01.08. Other Relevant Matters. Review, discuss with management and advise, as appropriate, on other matters as the Committee chairperson or other members of the Committee determine relevant to the Committee’s oversight of the Company’s security of employees, facilities, and information technology protection, including management’s programs and risk assessment, mitigation and management.
4.02. Recommendations to Board. Submit for approval recommendations to the Board with respect to any activities within the scope of the Committee’s duties set forth in this Charter that require approval of the Board.
4.03. Other Duties. Carry out such other activities within the scope of the Committee’s primary purpose or as the Board may from time to time delegate to it.
4.04. Delegation of Board Authority to Committee. The Board may periodically authorize the Committee to have a level of approval authority for all or certain activities within the scope of the Committee’s duties set forth in this Charter and with respect to such activities the Committee shall have the same powers and rights as the Board to authorize and approve such activities up to such level of approval authority. With respect to activities exceeding any such level of approval authority of the Committee, the Committee shall submit for approval recommendations to the Board.
4.05. Consultants and Advisors. The Committee shall have authority to obtain advice and assistance from internal or external legal, accounting, cybersecurity, forensics, technology and such other consultants or advisors, as deemed appropriate by the Committee, for the purpose of completing its duties hereunder. The Committee will review the Company’s third-party audit plan and results conducted by management on an annual basis.
4.06. Reports. The Committee shall report regularly to the Board the Committee’s activities, evaluations and recommendations, as may be appropriate and as are consistent with this Charter.
4.07. Authority to Delegate to Subcommittee. The Committee shall have authority to delegate any of its responsibilities to a subcommittee or subcommittees as it may deem appropriate in its judgment. The subcommittee(s) shall be subject to this Charter.
5.01. Meeting Attendance and Invitees. All non-management directors that are not members of the Committee may attend meetings of the Committee but may not vote. Additionally, the Committee may invite to its meetings any director, officer of the Company and such other persons as it deems appropriate in order to carry out its responsibilities. The Committee may also exclude from its meetings any persons, other than committee members, it deems appropriate in order to carry out its responsibilities.
5.02. Meetings. The Committee shall meet with such frequency and at such intervals as it shall determine necessary to carry out its duties and responsibilities, but in any case not less than four times per year (generally once each quarter). The Committee may establish its own schedule, which it will provide annually to the Board in advance. The Chair of the Committee or a majority of the Committee members may call meetings of the Committee. Meetings of the Committee may be held telephonically.
The Committee shall maintain written minutes of its meetings, which minutes shall be filed with the minutes of the meetings of the Board.
Each member of the Committee shall have one vote on any matter requiring action by the Committee. One-third of the members, but no fewer than two members, shall constitute a quorum. The Committee shall be authorized to take any permitted action only by the affirmative vote of a majority of the Committee members present at any meeting at which a quorum is present, or by the unanimous written consent of all of the Committee members. The Chair shall be entitled to cast an additional vote to resolve any ties.
8. Performance Evaluation.
At least annually, the Committee shall conduct a performance evaluation of the Committee, including a review of this Charter.
Effective June 28, 2021.