Vertex Energy Inc. - (VTNR)
10-K Filing Date: March 06, 2024
Item 1C. Cybersecurity
The Company understands the importance of preventing, assessing, identifying, and managing material risks associated with cybersecurity threats. Cybersecurity processes to assess, identify and manage risks from cybersecurity threats have been incorporated as a part of the Company’s overall risk assessment process. These risks include, among other things: operational risks, intellectual property theft, fraud, extortion, harm to employees or customers and violation of data privacy or security laws.
We have processes in place to identify, assess and monitor material risks from cybersecurity threats, including the material risks of the Company. These processes are part of our overall enterprise risk management process and have been embedded in our operating procedures, internal controls and information systems. On a regular basis we implement into our operations these cybersecurity processes, technologies, and controls to assess, identify, and manage material risks. Cybersecurity risks related to our business, technical operations, privacy and compliance issues are identified and addressed through a multi-faceted approach including third party assessments, IT security, governance, risk and compliance reviews. To defend, detect and respond to cybersecurity incidents, we, among other things have undertaken the following measures:
•Advanced Endpoint Protection
•Disparate Firewall Security technology between the edge and internal networks
•Live monitoring for user permission changes;
•Live monitoring for suspicious file access or activities;
•Advanced intrusion detection and automated threat response; which monitors internal activities in addition to external traffic;
•Enrolled in Oil and Gas ("O&G") threat intelligence service;
•Enrolled in US Cybersecurity & Infrastructure Security Agency ("US CISA") data hygiene service; and
•Enrolled in FBI InfraGard threat intelligence.
Incidents are evaluated to determine materiality as well as operational and business impact, and reviewed for privacy impact.
We describe whether and how risks from identified cybersecurity threats, including as a result of any previous cybersecurity incidents, have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations, or financial condition, under the heading “The Company’s information technology systems could suffer interruptions, failures or breaches and our business operations could be disrupted adversely effecting results of operations and the Company’s reputation” included as part of our risk factor disclosures at Item 1A of this Annual Report on Form 10-K.
Cybersecurity is an important part of our risk management processes and an area of focus for our Board and management.
Our Audit Committee is responsible for the oversight of risks from cybersecurity threats. The Board receives information and updates periodically with respect to the effectiveness of our cybersecurity and information security framework, data privacy and risk management, which includes that of the Company. The Board will also be provided updates on any material incidents relating to information systems security and cybersecurity incidents.
69