QuantumScape Corp 10-K Cybersecurity GRC - 2024-02-27

Page last updated on April 11, 2024

QuantumScape Corp reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-27 16:05:50 EST.

Filings

10-K filed on 2024-02-27

QuantumScape Corp filed an 10-K at 2024-02-27 16:05:50 EST
Accession Number: 0000950170-24-021100

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk Management and Strategy We have established policies and processes for assessing, identifying, managing and disclosing, as necessary, risks from cybersecurity threats, and have integrated these processes into our overall risk management systems and processes as described below. We routinely assess material risks from cybersecurity threats, including from any potential unauthorized occurrence on or conducted through our information systems that may result in adverse effects on the confidentiality, integrity, or availability of our information systems or any information residing therein. These risk assessments are designed to identify internal and external risks, the likelihood and potential damage that could result from such risks, and the sufficiency of existing policies, procedures, systems, and safeguards in place to manage such risks. Following these risk assessments, we evaluate whether and how to re-design, implement, and maintain safeguards intended to address and minimize identified risks and continue monitoring and testing the effectiveness of such safeguards. We devote significant resources and have designated senior management, including our VP of Information Security who reports to our Chief Technology Officer, to manage the cybersecurity and information security risk assessment and mitigation process. We have established an internal security committee that includes members of our information security/technology, internal audit/compliance, finance and accounting, people operations, and legal teams, to instill a thoughtful security culture across our Company. Our employees and contractors are made aware of our cybersecurity policies through mandatory trainings during onboarding and on an annual basis. We also engage and consult with third parties in connection with our risk assessment processes, including advisors, consultants and auditors. These service providers assist us to design and implement our cybersecurity policies and procedures, as well as to monitor and test our safeguards. The Company deploys multiple tools and processes to monitor the prevention, detection, mitigation, and remediation of cybersecurity incidents, both internal and associated with the use of any third-party service provider. We have not experienced a material security breach in our systems, and, to our knowledge, in our third-parties systems, nor incurred any significant expenses or penalties to resolve or settle any security breach in the past three years. For additional information regarding whether any risks from cybersecurity threats are reasonably likely to materially affect our Company, including our business strategy, results of operations, or financial condition, please refer to Item 1A, Risk Factors Our Business Risks Our website, systems, and data we maintain may be subject to intentional disruption, other security incidents, or alleged violations of laws, regulations, or other obligations relating to data handling that could result in liability and adversely impact our reputation and future sales, in this annual report on Form 10-K. Governance One of the key functions of our board of directors is informed oversight of our risk management process, including risks from cybersecurity threats. Our board of directors is responsible for monitoring and assessing strategic risk exposure, and our executive officers are responsible for the day-to-day management of the material risks we face. Our board of directors administers its cybersecurity risk oversight function directly, as well as through the audit committee, which has been tasked with such oversight in the audit committee charter. The audit committee of our board of directors reviews cybersecurity and information security risks and mitigation strategies; the audit committee receives periodic updates on information security and privacy, and the full board receives at least an annual update. Our VP of Information Security has many years of experience implementing cybersecurity at technology and research and development companies, and together with our internal information security committee, is primarily responsible for assessing and managing our material risks from cybersecurity threats. Our VP of Information Security periodically provides briefings to our internal security committee and to the audit committee and board of directors on an annual basis regarding our Company s cybersecurity risks and activities, including, as applicable, any recent cybersecurity incidents and related responses and remediation efforts, cybersecurity systems testing, activities of third parties, policies and the like. We have internal guidelines governing our identification, assessment, communication, and escalation upon the occurrence of a cybersecurity incident. Depending on the nature and severity of an incident, this process provides for escalating notification to a special executive security committee and the chair of the audit committee, among others as needed, to manage the Company s response

Company Information