Green Plains Inc. - (GPRE)
10-K Filing Date: February 09, 2024
Item 1C. Cybersecurity.
Risk Management and Strategy
We promote a company-wide culture of cybersecurity risk management to ensure that cybersecurity risk considerations are an integral part of decision-making at every level. We have implemented cyber defenses to safeguard our information systems and protect the confidentiality, integrity and availability of our data. Our information technology (IT) department continuously evaluates whether our cybersecurity risk management is aligned with our business objectives and operational needs. Our cybersecurity program is comprehensive in scope and covers the systems supporting our various lines of business.
27
Our cybersecurity program follows the National Institute of Standards and Technology, as well as the Cybersecurity and Infrastructure Security Agency frameworks. Additionally, we follow federal and state statutory and regulatory guidance and have adopted internal policies and standards in alignment with these federal and state requirements. Furthermore, we collaborate with external experts, consultants and auditors in routinely evaluating and testing our information systems controls. We also perform an annual cyber table-top exercise with a regulatory agency to help us test and continue to develop our Cyber Incident Response Plan.
Our cybersecurity program includes a well-documented process for oversight of cybersecurity risks associated with our third-party service providers. We evaluate our third parties prior to any engagements. We also request System and Organization Controls reports from our third-party vendors to obtain reasonable assurance that their controls are present and functioning.
Our IT policies communicate our expectations of employees and contractors to maintain the security of our IT systems. We perform annual cyber security training to remind our employees about the importance of keeping our systems safe, and perform regular third-party phishing campaigns.
Governance
The Audit Committee of the Board of Directors has oversight of management's efforts with respect to IT systems and cybersecurity. As part of this oversight, the company's IT leadership meets on a quarterly basis with the Audit Committee and on an annual basis with the company's Board of Directors. During these update meetings, IT leadership provides the Audit Committee and Board of Directors updates regarding any changes around our cyber defenses, ongoing IT initiatives, and emerging threats and plans to pro-actively encounter these threats.
Management continuously monitors the effectiveness of our cybersecurity defenses. We invest in regular and ongoing cybersecurity training for our IT department and company overall. Our Senior Vice President Business Technology has certain IT industry certifications and brings 30 years of IT background spanning all facets of technology, including applications, infrastructure and cybersecurity. Our Director of IT Security has over 20 years of experience in cybersecurity, including duties as an Information Security Officer in the United States Air Force.
As of December 31, 2023, we have not identified an indication of a cybersecurity incident that would have a material impact on our business and consolidated financial statements.