Royale Energy, Inc. - (ROYL)
10-K Filing Date: April 12, 2024
Risk Management and Strategy
The Company’s cybersecurity environment is led by our information technology (IT) contractor, which, in addition to cybersecurity matters, oversees the Company’s IT infrastructure. The IT contractor is responsible for monitoring and managing the security of the Company's corporate network and enterprise systems, including technical controls, and safety protocols and responding to security threats.
The Company maintains a cybersecurity risk management program that establishes safeguards for protecting the confidentiality, integrity, and availability of our data, technology, and information systems. The program includes general controls for managing changes in and access to the Company’s IT environment, cybersecurity awareness and training to help employees identify and mitigate against cybersecurity threats, cybersecurity incident response plans and third-party incident response retainers to help expedite the Company’s response in the event of a cybersecurity incident.
The Company’s IT contractor is primarily responsible for the day-to-day operation of the Company’s cybersecurity program and for identifying cybersecurity threats and incidents and managing the material risks associated with the cybersecurity threats. The Company’s IT contractor engages third-party vendors and cybersecurity consortiums periodically for cybersecurity-related guidance and certifications. In the event of a cybersecurity incident, the Company’s process calls for the IT contractor, Chief Executive Officer and Chief Financial Officer, work to assess and respond to the incident and provide briefings to the Audit Committee of the Board of Directors.
The Audit Committee is responsible for providing oversight over management's processes to identify and evaluate cybersecurity risks to which the Company is exposed and to implement processes and programs to manage cybersecurity risks and mitigate any incidents. The Audit Committee also reports material cybersecurity risks to the Board. We believe this risk management process provides visibility and oversight to allow the Board and executive leadership team to make timely, data-driven decisions ensuring that the Company, its employees, investors, and partners are adequately protected.
As of and for the year ended December 31, 2023, there have been no cybersecurity incidents that have materially affected the Company’s business strategy, results of operations, or financial condition.