Comstock Inc. 10-K Cybersecurity GRC - 2024-02-27

Page last updated on April 11, 2024

Comstock Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-27 16:15:32 EST.

Filings

10-K filed on 2024-02-27

Comstock Inc. filed an 10-K at 2024-02-27 16:15:32 EST
Accession Number: 0001120970-24-000014

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C CYBERSECURITY Risk Management and Strategy As part of our operational risk management strategy, led by our chief operating officer, we have implemented processes to assess, identify, and manage material risks facing the Company, including from cybersecurity threats. Components of this strategy includes the use of industry standard traffic monitoring tools, training users to detect, report, and prevent unusual behavior, and working with reputable service providers capable of ensuring their ability to operate with strategies equal to or better than our own. The implementation and management of these processes are integrated with the Company s overall operational risk management processes that seeks to limit our exposure to unnecessary risks across our operations. For cybersecurity threat management and mitigation, the Company engages with expert consultants and third party services providers for the design and implementation of these industry standard strategies to identify any potential threats or vulnerabilities in our system. We have developed a cyber crisis response plan which provides a documented framework for handling high severity security incidents and facilitates coordination across multiple parts of the company. Our incident response team constantly monitors threat intelligence feeds, handles vulnerability management and responds to incidents. To date, risks from cybersecurity threats have not previously materially affected us, and we currently do not expect that the risks from cybersecurity threats are reasonably likely to materially affect us, including our business, strategy, results of 43 operations or financial condition. The sophistication of cyber threats continues to increase, and the preventative actions we take to reduce the risk of cyber incidents and protect our systems and information may be insufficient. Accordingly, no matter how well designed or implemented our controls are, we will not be able to anticipate all security breaches of these types, including security threats that may result from third parties improperly employing AI technologies, and we may not be able to implement effective preventive measures against such security breaches in a timely manner. See Item 1A: Risk Factors above for additional information on risk related to cyber attacks. Governance Role of the Board The Audit and Finance Committee of the Board of Directors is responsible for the primary oversight of our information security programs, including relating to cybersecurity, and are integrated into the Company s Cybersecurity Incident response process. Our chief operating officer is responsible for reporting to the Audit and Finance Committee on our incident response plan, which includes an evaluation of cyber risks and threats, and notifies the Audit and Finance Committee of a cybersecurity threat. In the event of an incident, the Audit and Finance Committee reviews and approves the material incident disclosure plan and recommendation for determination of materiality using the guidelines approved by the Audit and Finance Committee. The Board of Directors and Audit and Finance Committee receive regular updates throughout the year on cybersecurity. Role of the Management Our chief operating officer, together with our principal accounting officer, is responsible for the day-to-day management of our cybersecurity risks. We have an incident response framework in place. We use this incident response framework as part of the process we employ to keep our management and Board of Directors informed about and monitor the prevention, detection, mitigation, and remediation of cybersecurity incidents. The framework is a set of coordinated procedures and tasks that our incident response team, under the direction of the chief operating officer, executes with the goal of ensuring timely and accurate resolution of cybersecurity incidents. The chief operating officer activates the incident response plan to assess and mitigate a cybersecurity incident. In the event of an incident, the chief operating officer and principal accounting officer consult with cybersecurity consultants and other involved parties to identify the undesirable effects of the cybersecurity incident and develop a material incident disclosure plan for review and approval by the Audit and Finance Committee.

Company Information