AUGUSTA GOLD CORP. - (AUGG)

10-K Filing Date: March 28, 2024
ITEM 1C. CYBERSECURITY

 

Description of Processes for Assessing, Identifying and Managing Cybersecurity Risks

 

We have a cybersecurity program, which uses technology and processes to help mitigate cybersecurity risks, with our management team working to monitor, assess, identify, and respond to potential cybersecurity incidents that threaten the Company. The program also focuses on security awareness and training for employees and contractors with access to Company facilities or systems. Cybersecurity risks for the Company include financial loss, loss of data, and business interruption. We maintain technology and non-technology based system controls, cybersecurity insurance, a robust backup program, and disaster recovery testing to mitigate these risks.

 

Our cybersecurity program also follows defense in depth principles, which aim to implement various layered access control, detection, prevention, and response measures. We regularly engage with independent third parties to assess our vulnerabilities and help us mitigate cybersecurity-related risks. Our security posture is also tested by internal personnel and independent third parties to gauge its effectiveness from time to time.

 

Management’s Role in Assessing and Managing Cybersecurity Risks

 

The Company’s cybersecurity risk management and strategy processes for assessing, identifying, and managing material risks from cybersecurity threats are managed by members of our management team, primarily our SVP Corporate Affairs. Cybersecurity incidents are to be immediately reported to the Company’s management team for resolution with outsourced IT support team. Information technology general controls, including controls to mitigate cybersecurity risks, are included with management’s testing of internal control over financial reporting.

 

Board of Director’s Oversight of Risks from Cybersecurity

 

Cybersecurity risks are included in an overall enterprise risk management assessment which is reviewed each quarter by the Company’s audit committee. The Company engages third-party specialists on a periodic and rotating basis to review key information technology systems and provide recommendations for system updates and improvements. Results of these reviews are used to update information technology systems within the Company’s information system governance policies. The Company management reviews system and organization control reports (SOC 1, Type 2) for key outsourced information systems to ensure that third-party data processing is subject to appropriate controls and security measures. The Company’s management will also review the Company’s cybersecurity program with the full Board once every year.

 

No Previous Material Cybersecurity Threats

 

We are not aware of any previous cybersecurity threats that have materially affected or are reasonably likely to materially affect the Company. Despite the security and risk management measures that we have implemented and any additional measures we may implement or adopt in the future, our facilities and systems, and those of our third-party service providers, have been and are vulnerable to security breaches, computer viruses, lost or misplaced data, programming errors, scams, burglary, human errors, acts of vandalism, misdirected wire transfers, or other malicious or criminal activities. A successful attack on our information or operational technology systems could have material consequences to the Company. While we devote resources to our security measures to protect our systems and information, these measures cannot provide absolute security. See “Item 1A. Risk Factors” for additional information about the risks to our business associated with a breach or compromise to our information technology systems.