Volcon, Inc. - (VLCN)
10-K Filing Date: March 28, 2024
Risk Management and Strategy
We have established policies and procedures for assessing, identifying, and managing material risk from cybersecurity threats. We monitor cybersecurity threats, including any potential unauthorized occurrence on or conducted through our information systems that we use through third party providers that may result in adverse effects on the confidentiality, integrity, or availability of our information systems or any information residing therein.
We conducted a NIST risk assessment and perform as needed updates to our risks to identify cybersecurity threats, as well as assessments in the event of a material change in our business practices that may affect information systems that are vulnerable to such cybersecurity threats. We engage a managed service provider (“MSP”) and other third parties in connection with our cybersecurity and information technology risk assessment processes and our MSP also assists us with managing and monitoring our network and local compute systems. These service providers assist us in designing and implementing our cybersecurity policies and procedures, as well as monitoring and testing our safeguards. Personnel at all levels and departments are made aware of our cybersecurity policies through communications.
As of December 31, 2023, and through the date of the filing of this report, we are not aware of any cybersecurity incidents that have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations or financial condition. For additional information regarding risks from cybersecurity threats, please refer to Item 1A, “Risk Factors,” in this Annual report on Form 10-K.
Governance
One of the key responsibilities of our board of directors is informed oversight of our risk management process, including risks from cybersecurity threats. Our board of directors is responsible for monitoring and assessing strategic risk exposure, and our executive officers are responsible for the day-to-day management of the material risks we face.
Our Executive Vice-President and Chief Financial Officer (“CFO”) is primarily responsible for assessing and managing our material risks from cybersecurity threats. In this regard, our CFO has assistance from service providers, other consultants and third parties. Our CFO has served as an executive officer for three years and prior to this was an audit and advisory partner at a public accounting firm overseeing financial statement audits of public and private companies. Audit procedures performed for his clients included evaluating internal controls and risk assessment evaluations over information technology and cybersecurity policies.
Our CFO oversees our cybersecurity policies and procedures, including those described in “Risk Management and Strategy” above. Under such policies and procedures, our CFO is responsible for reporting to our board of directors regarding any cybersecurity incident including the results of cybersecurity risk assessments.