Gold Flora Corp. - (GRAM)
10-K Filing Date: April 05, 2024
We have processes in place for assessing, identifying, and managing material risks from potential unauthorized occurrences on or through our electronic information systems that could adversely affect the confidentiality, integrity, or availability of our information systems or the information residing on those systems. These include a wide variety of mechanisms, controls, technologies, methods, systems, and other processes that are designed to prevent, detect, or mitigate data loss, theft, misuse, unauthorized access, or other security incidents or vulnerabilities affecting the data. The data include confidential, proprietary, and business and personal information that we collect, process, store, and transmit as part of our business, including on behalf of third parties. We also use systems and processes designed to reduce the impact of a security incident at a third-party vendor or customer. Additionally, we use processes to oversee and identify material risks from cybersecurity threats associated with our use of third-party technology and systems, including: technology and systems we use for encryption and authentication; employee email; content delivery to customers; back-office support; and other functions.
As part of our risk management process, we conduct application security assessments, vulnerability management, penetration testing, security audits, and ongoing risk assessments. We also maintain a variety of incident response plans that are utilized when incidents are detected.
We have a unified and centrally-coordinated team that is responsible for implementing and maintaining centralized cybersecurity and data protection practices at Gold Flora Corporation in close coordination with senior leadership and other teams across the Company. Reporting to our Director of IT are a number of experienced system administrators and managed service providers "MSP" responsible for various parts of our business, each of whom is supported by a team of trained cybersecurity professionals. In addition to our in-house cybersecurity capabilities, at times we also engage assessors, consultants, auditors, or other third parties to assist with assessing, identifying, and managing cybersecurity risks.
Our cybersecurity risks and associated mitigations are evaluated by senior leadership. Additional information about cybersecurity risks we face is discussed in Item 1A of Part I, “Risk Factors,” under the heading “We may be subject to risks related to security breaches,” which should be read in conjunction with the information above.