Aqua Metals, Inc. - (AQMS)

10-K Filing Date: March 28, 2024
Item 1C.

Cybersecurity

 

At Aqua Metals, Inc., we are committed to protecting our information systems, data, and sensitive information from unauthorized access, breaches, and cyber-attacks. In this section, we provide an overview of our cybersecurity practices and the measures we have implemented to mitigate cybersecurity risks. We have established comprehensive cybersecurity policies and procedures that outline the standards and guidelines for safeguarding our digital assets. These policies cover areas such as access controls, data encryption, network security, incident response, and employee awareness training. We regularly conduct thorough assessments to identify and evaluate potential cybersecurity risks. These assessments help us understand our vulnerabilities and prioritize our efforts to mitigate those risks. We have implemented risk management strategies that include proactive monitoring, and vulnerability scanning. Due to evolving cybersecurity threats, it has and will continue to be difficult to prevent, detect, mitigate, and remediate cybersecurity incidents. While we have not experienced any material cybersecurity threats or incidents as of the date of this Report, our cybersecurity program might not be able to prevent or mitigate future successful attacks, threats or incidents.

 

To prevent cyber threats, we have implemented a multi-layered approach to security. This includes firewalls, intrusion detection and prevention systems, and regular software patching. We also enforce strong password policies and implement two-factor authentication for sensitive systems. In the event of a cybersecurity incident, we have a well-defined incident response plan in place. This plan includes procedures for containment, investigation, and recovery. We also maintain backups of critical data to ensure business continuity in case of a breach or system failure.

 

We believe that cybersecurity is a shared responsibility. We provide regular training and awareness programs to educate our employees about best practices, potential threats, and their role in maintaining a secure environment. This includes phishing awareness, social engineering training, and ongoing communication about emerging threats.

 

Governance

 

Cybersecurity holds a critical position within our risk management framework, drawing significant attention from both our Board and management. Oversight of cybersecurity risks is vested in our Audit Committee, which regularly receives updates from senior management. These updates, provided as needed, feature insights from our leaders in information security. Topics covered include the identification of existing and emerging cybersecurity threats, progress reports on risk mitigation efforts, disclosure of cybersecurity incidents, and updates on key information security initiatives. Furthermore, our Board members engage in informal discussions with management regarding cybersecurity news and assess any revisions made to our cybersecurity risk management strategies.

 

 

17

 

© 2024 Material-Incidents. All rights reserved.