374Water Inc. - (SCWO)
10-K Filing Date: March 29, 2024
Cybersecurity Risk Management and Strategy
We have developed and implemented a cybersecurity risk management program intended to protect the confidentiality, integrity, and availability of our critical systems and information.
We have implemented a number of security measures designed to protect its systems and data, including firewalls, antivirus and malware detection tools, patches, log monitors, routine back-ups, system audits, system hardening, penetration testing and privileged access session management. In addition, we have continued its efforts to migrate its platforms to cloud-based computing, which is designed to further strengthen its security posture.
Our cybersecurity risk management program is integrated into our overall enterprise risk management program and shares common methodologies, reporting channels, and governance processes that apply across the enterprise risk management program to other legal, compliance, strategic, operational, and financial risk areas.
34 |
Our cybersecurity risk management program includes the following:
| · | risk assessments designed to help identify material cybersecurity risks to our critical systems, information, products, services, and our broader enterprise IT environment; |
|
|
|
| · | a security team principally responsible for managing (1) our cybersecurity risk assessment processes, (2) our security controls, and (3) our response to cybersecurity incidents; |
|
|
|
| · | the use of external service providers, where appropriate, to assess, test, or otherwise assist with aspects of our security controls; |
|
|
|
| · | cybersecurity awareness training of our employees, incident response personnel, and senior management; and |
|
|
|
| · | a cybersecurity incident response plan that includes procedures for responding to cybersecurity incidents. |
There can be no assurance that our cybersecurity risk management program and processes, including our policies, controls or procedures, will be fully implemented, complied with or effective in protecting our systems and information.
Cybersecurity Governance
Our Board considers cybersecurity risks as part of its risk oversight function and has delegated to the Audit Committee oversight of cybersecurity and other information technology risks.
The Audit Committee oversees management’s implementation of our cybersecurity risk management program and receives updates on the cybersecurity risk management program from management at least annually. In addition, management updates the Audit Committee regarding any material or significant cybersecurity incidents, as well as incidents with lesser impact potential as necessary.
The Audit Committee reports to the full Board annually regarding cybersecurity.
Ongoing Risks
We have not experienced any material cybersecurity incidents. We have not identified risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents, that have materially affected us, including our operations, business strategy, results of operations, or financial condition.
Incident Response and Assessment Policies and Procedures
We align with industry-standard cybersecurity frameworks designed to protect the company and customer data from unintentional disclosure, cybersecurity events, and other threats of all severity levels. As part of our alignment with these frameworks we our in the process of implementing a Cybersecurity Incident Response Plan that outlines actions to be taken after identifying a suspected information security breach and the people responsible for managing those actions. Additionally, this plan will outline communication responsibilities during incidents of all severity levels.