Rivian Automotive, Inc. / DE 10-K Cybersecurity GRC - 2024-02-26

Page last updated on April 11, 2024

Rivian Automotive, Inc. / DE reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-26 17:14:54 EST.

Filings

10-K filed on 2024-02-26

Rivian Automotive, Inc. / DE filed an 10-K at 2024-02-26 17:14:54 EST
Accession Number: 0001874178-24-000014

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Cybersecurity Risk Management and Strategy and Cybersecurity Governance The Rivian cybersecurity risk management program, led by the Chief Information Security Officer ( CISO ), includes processes for assessing, identifying, and managing material risks from cybersecurity threats. The CISO leads a team of cybersecurity professionals who collectively have decades of experience in the practice of cybersecurity within relevant industries. Our cybersecurity team is responsible for assessing and managing our risks from cybersecurity threats. The cybersecurity risk management program s design aligns with industry standard cybersecurity frameworks such as the National Institute of Standards and Technology Cybersecurity Framework ( NIST CSF ) and is integrated into our overall enterprise risk management program and processes. This does not imply that we meet any particular technical standards, specifications, or requirements, only that we use the NIST CSF and other frameworks as guides to help us assess and manage our cybersecurity program with the purpose of identifying and managing cybersecurity risks relevant to our business. Our cybersecurity team supervises efforts to identify, prevent, detect, mitigate, and remediate cybersecurity risks and incidents through our cybersecurity risk management program, whose key elements include: Cybersecurity risk assessments for identification of material cybersecurity risks to our critical systems, information, products, services, and our enterprise technology environment; A security team principally responsible for managing our cybersecurity risk assessment processes, our security controls, and our response to cybersecurity incidents; Training and awareness programs for our personnel and senior management to drive adoption and awareness of cybersecurity processes and controls; A cybersecurity monitoring program responsible for tools that produce alerts and reports of suspicious activity for the prevention of and response to cybersecurity incidents; A cybersecurity threat intelligence program which may include briefings from internal security personnel, threat intelligence and other information obtained from governmental, public, or private sources; A Cybersecurity Incident Response Plan ( CSIRP ) that includes procedures for the detection, mitigation, and remediation of cybersecurity incidents with regular tabletop exercises to evaluate and improve our CSIRP; Internal testing and assessments, where appropriate, of our cybersecurity controls and processes; Management of external consultants and services engaged by us, where appropriate, to assess, test, or otherwise assist with aspects of our cybersecurity risk management processes; and A third-party risk management process for evaluating cybersecurity threats associated with our use of service providers, suppliers, and vendors. 50 RIVIAN AUTOMOTIVE, INC. Our audit committee of the board of directors is responsible for oversight of cybersecurity risks. The audit committee is informed on the activities of the cybersecurity risk program, and cybersecurity risks and threats, through periodic, and as necessary, updates presented by the CISO or delegates. Further, the board of directors receive presentations on cybersecurity topics from our CISO, internal security staff, or external experts as part of the board of directors continuing education on topics that impact public companies. While we have experienced cybersecurity incidents in the past, to date none have materially affected the Company or our financial position, results of operations, or cash flows. For more information regarding the risks we face from cybersecurity threats, refer to the heading Breaches in data security, failure of information security systems, cyber-attacks or other security or privacy-related incidents affecting us or our suppliers could have a material adverse effect on our reputation and brand, harm our business, prospects, financial condition, results of operations, and cash flows, and subject us to legal or regulatory fines or damages. included in Part I, Item 1A. Risk Factors included in this Form 10-K.

Company Information