Local Bounti Corporation/DE - (LOCL)
10-K Filing Date: March 28, 2024
Item 1C. Cybersecurity
Cybersecurity Risk Management and Strategy
We recognize the importance of assessing, identifying, and managing material risks associated with cybersecurity threats. These risks include, among other things, operational risks; intellectual property theft; fraud; extortion; harm to employees or customers; violation of privacy or security laws; other litigation and legal risks; and reputational risks. We have implemented several cybersecurity processes, technologies, and controls to aid in our efforts to assess, identify, and manage any material risks.
Our process for identifying and assessing material risks from cybersecurity threats operates alongside our broader overall risk management process. As part of our overall risk management process, our Vice President of Internal Audit collaborates with subject matter specialists throughout the Company, as necessary, to gather insights for identifying and assessing material risks throughout the Company, including cybersecurity threat risks.
In addition, we have a cybersecurity specific risk assessment process, which helps identify our cybersecurity threat risks. We also have business processes to provide for the availability of critical data and systems, maintain regulatory compliance, identify and manage our risks from cybersecurity threats, and protect against, detect, and respond to cybersecurity incidents.
Our Cybersecurity Incident Response Plan ("IRP") coordinates the activities we take to prepare for, detect, respond to and recover from cybersecurity incidents, which include processes to detect, analyze, validate, investigate
44
contain, and remediate the incident, as well as to comply with potentially applicable legal obligations and mitigate brand and reputational damage. Our processes also address cybersecurity threat risks associated with third-party service providers that may have access to our data or systems. Third-party risks are included within our broader overall risk assessment process, as well as our cybersecurity-specific risk identification program, both of which are discussed above. In addition, cybersecurity considerations may affect the selection and oversight of our third-party service providers.
Cybersecurity Governance
Cybersecurity is an important part of our risk management processes and an area of increasing focus for our Board and management. The Audit Committee of our Board is responsible for the oversight of risks from cybersecurity threats. The Audit Committee regularly receives an overview from management of our cybersecurity activities. Material cybersecurity threat risks may also be considered during separate Board discussions of important matters such as enterprise risk management, budgeting, and other relevant matters.
Our processes around cybersecurity risk management and strategy are led by our Chief Information Officer ("CIO"), who reports directly to our Chief Executive Officer. Our CIO meets with the Audit Committee of our Board as part of the governance process described above. This individual has prior work experience in various roles involving managing information security and risk management, developing cybersecurity strategy, and implementing cybersecurity programs. The IT subject matter experts meet quarterly to review the cybersecurity framework provided by National Institute of Standards and Technology and evaluate current cybersecurity processes and procedures.