Stronghold Digital Mining, Inc. - (SDIG)
10-K Filing Date: March 08, 2024
Item 1C. Cybersecurity
We recognize the importance of assessing, identifying, and managing risks associated with cybersecurity threats. Accordingly, in adopting our risk assessment program, we seek to address these risks by implementing and maintaining processes, and technologies designed to prevent, detect, and mitigate incidents that could pose cybersecurity risk. Our risk assessment program is part of the Company’s previously approved overall risk management policy included in the operational risks and internal processes that are evaluated regularly by our third-party Information Technology provider.
We are committed to safeguarding our systems and data. We utilize third-party support and providers to conduct risk assessments to evaluate the effectiveness of our systems and processes in addressing threats and to identify opportunities for enhancements. Additionally, we monitor emerging laws, industry standards and regulations related to information security and data protection. Although we have not experienced any cybersecurity incidents or threats that have materially affected or are reasonably likely to materially affect our business strategy, results of operations, or financial condition to date, we cannot provide any assurance that there will not be incidents or threats in the future that may materially affect us, including our business strategy, results of operations, or financial condition.
Pursuant to our risk management policy, responsibility for implementation of the our risk management policy resides with the Chief Financial Officer. The Audit Committee receives an update on the Company’s risk management process, risk trends and any incidents at least annually from the management team. In the event of any incident, the Company expects to notify the Audit Committee immediately, or as soon as possible.
Our cybersecurity policies, standards, processes and practices are regularly assessed by our third-party Information Technology provider. These assessments include a variety of activities including information security assessments and independent reviews of our information security control environment and operating effectiveness. Through our third-party Information Technology provider, we have cybersecurity related policies including an incident response plan. We utilize managed detection and response systems, endpoint protection, content filtering aimed at blocking malware and software to eliminate phishing, malware and fraud. We also utilize two-factor authentication and have business disaster recovery and backup storage systems in place. The Company and its third party consultants conduct cybersecurity training and testing programs on a regular basis.