Bitech Technologies Corp - (BTTC)

10-K Filing Date: April 01, 2024
ITEM 1C. CYBERSECURITY.

 

Cybersecurity Risk Management and Strategy

 

We recognize the importance of assessing, identifying, and managing material risks associated with cybersecurity threats, as such term is defined in Item 106(a) of Regulation S-K. These risks include, among other things: operational risks, intellectual property theft, fraud, extortion, harm to employees or customers and violation of data privacy or security laws.

 

12

 

 

We do not presently have any general processes for assessing, identifying, and managing material risks from cybersecurity threats. As we expand our business operations, we plan to develop processes that will allow for the identification and assessment of cybersecurity risk that will be integrated into an overall risk management system, which will be managed by senior management and overseen by the Board of Directors. As part of this development, we plan to identify and address cybersecurity risks related to our business, privacy and compliance issues through a multi-faceted approach that is expected to include third party assessments, internal information technology (IT) audit, IT security, governance, risk and compliance reviews. In connection with these planned approaches, and to defend, detect and respond to cybersecurity incidents, we, among other things, will consider: conducting proactive privacy and cybersecurity reviews of systems and applications, audits of applicable data policies, performing penetration testing using external third-party tools and techniques to test security controls, conducting employee training, monitoring emerging laws and regulations related to data protection and information security, and implementing appropriate changes.

 

As part of the above planned processes, we may engage external auditors and consultants with expertise in cybersecurity to assess our internal cybersecurity programs and compliance with applicable practices and standards.

We plan to design our risk management program to also assesses third party risks, and we plan to perform third-party risk management to identify and mitigate risks from third parties, such as vendors, suppliers, and other business partners associated with our use of third-party service providers. In addition to new vendor onboarding, we plan to perform risk management during third-party cybersecurity compromise incidents to identify and mitigate risks to us from third-party incidents.

 

Cybersecurity Governance

 

We expect that cybersecurity will become an important part of our risk management processes and an area of focus for our Board of Directors and management. We expect that our Board of Directors will be responsible for the oversight of risks from cybersecurity threats. We expect our senior management will provide our Board of Directors updates on a quarterly basis regarding matters of cybersecurity. This is expected to include existing and new cybersecurity risks, status on how management is addressing and/or mitigating those risks, cybersecurity and data privacy incidents (if any) and status on key information security initiatives. We expect that our Board members will also engage in periodic conversations with management on cybersecurity-related news events and discuss any updates to our cybersecurity risk management and strategy programs.

 

Currently, our Chief Executive Officer is expected to lead our cybersecurity risk assessment and management processes and oversees their implementation and maintenance. Our Chief Executive Officer will be tasked with staying informed about, and monitoring the prevention, mitigation, detection and remediation of cybersecurity incidents through his management of, and participation in, the cybersecurity risk management and strategy processes we plan to develop and as described above, including the operation of an incident response plan, and report to the Board of Directors on any appropriate items.