Coronado Global Resources Inc. - (CODQL)

10-K Filing Date: February 20, 2024

ITEM 1C. CYBERSECURITY

Risk Management and Strategy:

Coronado

has

implemented

software

governance

tools

assess,

identify,

and

manage

material

risks

from

cybersecurity threats. Coronado heavily relies on information technology systems throughout its operations, and

acknowledges

the

critical

importance

safeguarding

its

digital

assets

and

protecting

sensitive

information.

Regular security assessments are conducted

to monitor technological implementations against

global standards.

Coronado

also

maintains

suite

security

measures

help

defend

against

unauthorized

access

and

misappropriation

technology.

Additionally,

the

Coronado

department

distributes

training

and

awareness

information covering email security,

password security,

data handling security,

and cloud security.

Coronado’s cybersecurity

risk management

is integrated

into its Group

risk management

processes, which

are

governed

the

Group

Risk

Management

Framework

and

Risk

Management

Policy.

The

Risk

Management

Framework and Risk Management Policy outline:

●

Risk management responsibilities;

●

Risk assessment frequency;

●

Risk assessment criteria (likelihood and consequence);

●

The requirement to implement internal controls; and

●

The level within the organization risk assessments are

to be performed.

Certain key controls considered through Coronado’s

internal control processes are linked to cybersecurity

risks,

these include controls over access and change management for key financial

systems. Where the management

these

key

financial

systems

outsourced

third

parties,

Coronado

receives

assurance

reports

the

effectiveness

key

vendor

controls.

Additionally,

Coronado

uses

third

parties

conduct

cybersecurity

penetration testing at Coronado's US and Australian

operations. In 2023, Coronado created the

Digital Advisory

Committee (Committee), which is

chaired by the

Vice President of

Information Technology.

As part of

Coronado’s

processes to

oversee and

identify cybersecurity

threats associated

with its

use of

third-party service

providers,

the Committee

is tasked

with reviewing

new software

requests from

Coronado’s various divisions.

The Committee

is comprised

business

systems,

plant,

and

operational

personnel

from

both

Coronado’s

and

Australian

operations.

As of

the filing

of this

Annual Report

on Form

10-K, Coronado

is not

aware of

any cybersecurity

incidents that

have occurred

since the

beginning of

2023 that

have materially

affected,

or are

reasonably likely

to materially

affect, Coronado, including Coronado’s

business strategy,

results of operations or financial condition.

Coronado

could be subject to cybersecurity incidents in

the future which may have a material

adverse effect on Coronado’s

business strategy, results of operations or financial

condition. For further information on

Coronado’s risks relating

to cybersecurity threats, see “Operation and Technology

Risks” in “Risk Factors” on page 51

of this Form 10-K.

Governance:

The

Board

Directors

(Board)

responsible

for

reviewing,

ratifying,

and

monitoring

systems

risk

management,

internal

control,

and

legal

compliance.

This

includes

identifying

the

main

risks

associated

with

Coronado's

businesses,

including

cybersecurity

risk,

and

implementing

appropriate

systems

manage

such

risks. As outlined in the Audit Governance and Risk

Committee (AGRC) charter, the

Board has delegated to the

AGRC responsibility for

overseeing corporate and governance

risk management, financial risk

management, and

compliance with applicable laws,

regulations, standards, and best

practice guidelines. In 2024,

the AGRC charter

was amended

to confirm

that this

responsibility includes the

oversight of

cybersecurity risk. The

AGRC is

informed

of cybersecurity risks by management, which includes an annual cybersecurity

risk presentation. As part of their

review of reports

from management,

the AGRC reports

cybersecurity risk

updates to the

Board, which enables

the Board to incorporate the insights of such reports into its

overall risk oversight analysis.

Supporting

this

governance

framework,

the

Executive

Leadership

Team

(ELT)

responsible

for

maintaining

effective systems of risk management and internal control, as well as responding to cybersecurity incidents. The

Vice

President

Information

Technology

responsible

for

the

cybersecurity

function.

The

Vice

President

Information

Technology

has

experience

various

roles

involving

managing

information

systems

and

cybersecurity functions

and developing

cybersecurity strategies.

The Vice

President of

Information Technology

reports to the Group Chief Financial Officer (Group

CFO), who is a member of the ELT.

Coronado Global Resources Inc. Form 10-K December 31,

2023

In order to prevent, detect, mitigate and

remediate cybersecurity incidents, Coronado maintains a Cyber Incident

Response

Plan

(Plan).

The

Plan

outlines

Coronado's

approach

identifying

and

containing

cybersecurity

incidents, along with recovery

and improvement processes.

The Plan includes incident

assessment criteria that

allow for

escalation of

potentially material

cybersecurity

incidents. The

Group CFO

reports to

the AGRC

in the

event

potentially

material

cybersecurity

incident.

Additionally,

annual

reviews

Coronado’s

current

cybersecurity status are presented to the Board and the AGRC

by management.

Coronado Global Resources Inc. Form 10-K December 31,

2023

Back SEC Filing