LanzaTech Global, Inc. - (LNZA)
10-K Filing Date: February 29, 2024
Item 1C. Cybersecurity
Risk Management and Strategy
We have implemented a cybersecurity program for assessing, identifying, and managing cybersecurity risks aligned with the National Institute of Standard and Technology Cybersecurity Framework (NIST CSF) and where appropriate we have integrated these processes into our enterprise risk management framework. We have implemented administrative, technical, and physical safeguards designed to protect our information systems and protect the confidentiality, integrity, and availability of our data. We are continuously working to improve our information technology systems and provide employee awareness training around phishing, malware, and other cyber risks to enhance our levels of protection.
We engage external parties, such as consultants, to enhance our cybersecurity oversight as required. We conduct periodic risk assessments to evaluate our cybersecurity posture, including through annual third-party penetration tests performed by reputable service providers. We conduct risk assessments, as appropriate, on critical third parties who maintain material data or information to help assess and validate the information security capabilities of these third parties. We maintain insurance coverage for cybersecurity insurance as part of our overall insurance portfolio. We also have implemented administrative, technical, and physical safeguards designed to protect our information systems and protect the confidentiality, integrity, and availability of our data.
Governance Related to Cyber Security Risks
The Audit Committee of the Board of Directors has oversight of management's efforts with respect to IT systems and cybersecurity. As part of this oversight, our Chief Information Security Officer (“CISO”) shares quarterly updates regarding any changes around our cybersecurity defenses, ongoing IT initiatives, and emerging threats and plans to pro-actively address these threats with the Audit Committee. During these meetings, the CISO provides the Audit Committee updates regarding any changes around our cyber defenses, ongoing IT initiatives, and emerging threats and plans to pro-actively address these threats. Our Board of Directors has delegated primary responsibility for the oversight of cybersecurity matters to the Audit Committee; however, the full board reviews significant cybersecurity matters as appropriate. The Audit Committee provides updates to the Board of Directors on a quarterly basis on the activities that the Audit Committee oversees, including Cybersecurity.
Our Chief Information Security Officer is responsible for strengthening and continuously monitoring the effectiveness of our cybersecurity program. The individual currently serving in the role of Chief Information Security Officer has over 30 years of information systems and cybersecurity experience within complex and international business verticals such as technology, financial services, biotech, and other scientific organizations. He also holds the Certified Information Systems Security Professional (CISSP) certification. In addition, our cybersecurity steering committee assists in managing certain technical aspects related to cybersecurity. Our cybersecurity steering committee is informed about and monitor the prevention, detection, mitigation, and remediation of cybersecurity incidents through monthly meetings and frequent communications. Regular members of the steering committee consists of participants from the IT infrastructure, Business Systems, AI and Modelling and Scientific Computing teams. Participants from other teams attends on a as-needed basis.
To date, we have not identified any indication of a cybersecurity incident that would have a material impact on our business and consolidated financial statements.