Zeo Energy Corp. - (ZEO)
10-K Filing Date: March 25, 2024
Cybersecurity Risk Management and Strategy
We have developed and implemented, and continue to implement, cybersecurity risk management processes intended to protect the confidentiality, integrity, and availability of our critical systems and information. Primary cybersecurity oversight responsibility is shared by our board of directors, our audit and compliance committee (“Audit Committee”), and senior management.
Our cybersecurity risk management program includes physical, technological, and administrative controls intended to support our cybersecurity and data governance framework, including protections designed to protect the confidentiality, integrity, and availability of our key information systems and customer, employee, partner, and other third-party information stored on those systems. These measures include access controls, encryption, data handling requirements, and internal policies that govern our cybersecurity risk management and data protection practices. Our program also includes cybersecurity risk assessment processes designed to help identify material cybersecurity risks to our critical systems and information.
Over the past fiscal year, we have not identified risks from known cybersecurity threats that have materially affected or are reasonably likely to materially affect us, including our operations, business strategy, operating results, or financial condition.
We will continue to monitor and assess our cybersecurity risk management program as well as seek to improve such systems and processes as appropriate. If we were to experience a material cybersecurity incident in the future, such incident may have a material effect, including on our operations, business strategy, operating results, or financial condition. For more information regarding cybersecurity risks that we face and potential impacts on our business related thereto, see the section titled “Risk Factors” in Part I, Item 1A of this Report.
47
Cybersecurity Governance
With oversight from our board of directors, the Audit Committee is primarily responsible for assisting the board in fulfilling its oversight responsibilities relating to risk assessment and management, including cybersecurity and other information technology risks. The Audit Committee oversees management’s implementation of our cybersecurity risk management program, including processes and policies for determining risk tolerance, and reviews management’s strategies for adequately mitigating and managing identified risks relating to cybersecurity threats.
The Audit Committee will receive updates from members of management on our cybersecurity risks at its quarterly meetings, and reviews metrics about cyber threat response preparedness, program maturity, risk mitigation status, and the current and emerging threat landscape. In addition, management will provide updates to the Audit Committee, as necessary, regarding any material cybersecurity threats or incidents, as well as any incidents with lesser impact potential.
The Audit Committee reports to our board of directors regarding its activities, including those related to key cybersecurity risks, mitigation strategies, and ongoing developments, on a quarterly basis, or more frequently as needed. The board of directors also receives updates from management on our cyber risk management program and other matters relating to our data privacy and cybersecurity approach, including risk mitigations to bolster and enhance our data protection and data governance framework.
Our management team is responsible for assessing and managing our material risks from cybersecurity threats and for our overall cybersecurity risk management program on a day-to-day basis. Our management team supervises our efforts to prevent, detect, mitigate, and remediate cybersecurity risks and incidents through various means, including through briefings from internal IT personnel, which may include threat intelligence and other information obtained from governmental, public or private sources, and alerts and reports produced by security tools deployed in our IT environment.