Chilean Cobalt Corp. - (COBA)
10-K Filing Date: April 01, 2024
Cybersecurity Risk Management and Strategy
We recognize the importance of assessing, identifying, and managing material risks associated with cybersecurity threats, as such term is defined in Item 106(a) of Regulation S-K. These risks include, among other things: operational risks, intellectual property theft, fraud, extortion, harm to employees or customers and violation of data privacy or security laws.
We use a third-party vendor to provide a suite of services to assess, identify, and manage material risks from cybersecurity threats. These services include providing us with a secure email platform, including content examination and data leak prevention; system monitoring and support, including patch management, anti-virus and threat hunting services; and system backup and recovery services. As we expand our business operations, we plan to evaluate the development of enhanced processes that will allow for the identification and assessment of cybersecurity risk that will be integrated into an overall risk management system, which will be managed by senior management and overseen by the Board of Directors. As part of these developments, we plan to identify and address cybersecurity risks related to our business, privacy and compliance issues through a multi-faceted approach that is expected to include third-party assessments, internal information technology (IT) audit, IT security, governance, risk and compliance reviews. In connection with these planned approaches, and to defend, detect and respond to cybersecurity incidents, we, among other things, will consider: conducting proactive privacy and cybersecurity reviews of systems and applications, audits of applicable data policies, performing penetration testing using external third-party tools and techniques to test security controls, conducting employee training, monitoring emerging laws and regulations related to data protection and information security, and implementing appropriate changes.
As part of the above-planned processes, we may engage external auditors and consultants with expertise in cybersecurity to assess our internal cybersecurity programs and compliance with applicable practices and standards.
We plan to design our risk management program to also assess third-party risks, and we plan to perform third-party risk management to identify and mitigate risks from third parties, such as vendors, suppliers, and other business partners associated with our use of third-party service providers. In addition to new vendor onboarding, we plan to perform risk management during third-party cybersecurity compromise incidents to identify and mitigate risks to us from third-party incidents.
Cybersecurity Governance
We expect that cybersecurity will become an important part of our risk management processes and an area of focus for our Board of Directors and management. We expect that our Board of Directors will be responsible for the oversight of risks from cybersecurity threats. We expect our senior management will provide our Board of Directors updates on at least an annual basis regarding matters of cybersecurity. This is expected to include existing and new cybersecurity risks, status on how management is addressing and/or mitigating those risks, cybersecurity and data privacy incidents (if any) and status on key information security initiatives. We expect that our Board members will also engage in periodic conversations with management on cybersecurity-related news events and discuss any updates to our cybersecurity risk management and strategy programs.
Currently, our Chief Operating Officer is expected to lead our cybersecurity risk assessment and management processes and oversee their implementation and maintenance. Our Chief Operating Officer will be tasked with staying informed about, and monitoring the prevention, mitigation, detection and remediation of cybersecurity incidents through his management of, and participation in, the cybersecurity risk management and strategy processes we plan to develop and as described above, including the operation of an incident response plan, and report to the Board of Directors on any appropriate items.
51 |