ITEM 1C. CYBERSECURITY

 

We depend on information technology and systems for various operations (including refinery processes and refined product loading) and for capturing accounting, technical and regulatory data for reporting, analysis, and archiving. Our primary business systems mostly consist of purchased and licensed software programs that integrate with our internal solutions. As of the filing date of this report, our risk assessment process related to cybersecurity includes conducting vulnerability assessments using a combination of internal and third-party capabilities to perform technical assessments, vulnerability scanning, and incident and event monitoring. We are working to establish a thorough, risk-based cybersecurity program aimed at safeguarding our data, along with the data of our customers and partners, and we anticipate that such a program will follow well-organized cybersecurity frameworks under a central control figure.

 

We did not experience a significant cybersecurity breach or associated expenses, penalties, or settlements for the twelve months ended December 31, 2023 and 2022.