ITEM 1C. CYBERSECURITY

 

Risk Management and Strategy

 

Our cybersecurity strategy prioritizes detection, analysis, and response to mitigate unknown and unexpected threats and security risks. Our cybersecurity risk management processes include technical security controls, monitoring systems, employee training, and management oversight to assess, identify, and manage risks from cybersecurity threats. We have implemented a cybersecurity awareness program which covers topics such as phishing, social networking safety, password security and mobile device usage. We have mandatory training in the areas of cybersecurity, privacy, and confidential information handling. To date, we have not experienced any cybersecurity threats or incidents which have materially affected or are reasonably likely to materially affect our business strategy, results of operations, or financial condition, but we cannot provide assurance that they will not have a material impact in the future. See “Risk Factors” in Item 1A of this Annual Report for additional information about our cybersecurity risks.

 

Also as part of our cybersecurity program, we partner with a third-party information technology firm to support and evaluate our cybersecurity and informational security program. This third-party service includes product and software security for data protection and cyber defense, to monitor, detect, prevent, and protect our Company against potential cybersecurity threats.

 

Governance

 

Our Board of Directors has overall responsibility for risk oversight in performing this function. Our Board of Directors assesses cybersecurity and information technology risks and the controls implemented to monitor and mitigate these risks. Our cybersecurity program is overseen by our Health, Safety, and Environmental Director, who has been a Heat Waves employee for over five years and has been in charge of our data protection and product and software security and compliance initiatives for the past several years. Our HSE Director meets regularly with the Board of Directors to share information about potential cybersecurity events and monitor, prevent, and detect potential cybersecurity incidents. The Board of Directors is charged with reviewing our cybersecurity processes for assessing key strategic, operational, and compliance risks. The Board of Directors also discusses relevant incidents in the industry and the evolving threat landscape.