SOBR Safe, Inc. - (SOBR)
10-K Filing Date: March 30, 2024
We have a cross-departmental approach to addressing cybersecurity risk, including input from employees and our Board of Directors (the “Board”). The Board, Audit Committee, and senior management devote significant resources to cybersecurity and risk management processes to adapt to the changing cybersecurity landscape and respond to emerging threats in a timely and effective manner. Assessing, identifying, and managing cybersecurity related risks are integrated into our overall enterprise risk management (ERM) process. We have a set of Company-wide policies and procedures outlined in our Employee Handbook that directly or indirectly relate to cybersecurity risks. These policies go through an internal review process and are approved by appropriate members of management.
The Company’s EVP of Technology is responsible for developing and implementing our information security program and reporting on cybersecurity matters to the Board. Our EVP of Technology has over two decades of experience as a senior executive in technology-driven enterprises with expertise across cybersecurity, compliance, manufacturing process engineering, database architecture, interface programming and more.
The Company assesses the cybersecurity preparedness of third-party vendors by obtaining SOC 1 or SOC 2 reports. If a third-party vendor is not able to provide a SOC 1 or SOC 2 report, we take additional steps to assess their cybersecurity preparedness and assess our relationship on that basis. Our assessment of risks associated with the use of third-party providers is part of our overall cybersecurity risk management framework.
The Board and Audit Committee participates in discussions with management regarding cybersecurity risks and performs a review at least annually of the Company’s cybersecurity program. This includes discussions of management’s actions to identify and detect threats, as well as planned actions in the event of a response or recovery situation.
We are subject to cyber incidents and will continue to be exposed to cyber incidents in the normal course of our business. Although, such risks have not materially affected us, including our business strategy, financial condition, results of operations, or cash flows. The extensive approach we take to cybersecurity may not be successful in preventing or mitigating a cybersecurity incident that could have a material adverse effect on us. See Item 1A – Risk Factors for a discussion of cybersecurity risks.