STEM, INC. 10-K Cybersecurity GRC - 2024-02-28

Page last updated on April 11, 2024

STEM, INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-28 19:06:06 EST.

Filings

10-K filed on 2024-02-28

STEM, INC. filed an 10-K at 2024-02-28 19:06:06 EST
Accession Number: 0001758766-24-000029

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY We maintain a cyber risk management program that is designed to identify, assess, manage, mitigate, and respond to cybersecurity threats. The design of our program is based on recognized best practices and standards for cybersecurity and information technology, including the National Institute of Standards and Technology Cybersecurity Framework. We have implemented a cyber incident response standard operating procedure (the SOP ) detailing actions to be taken in the event of a cyber incident. Pursuant to the SOP, any suspected cyber breaches or detected vulnerabilities are promptly reported by our cybersecurity team to our Chief Technology Officer ( CTO ) and Chief Legal Officer ( CLO ) for further assessment and/or remediation. In addition, we require our employees to regularly participate in mandatory cybersecurity training that covers critical aspects of digital security, including phishing prevention, threat awareness, and safe data handling practices. Cybersecurity risk considerations are also incorporated into our broader business continuity planning. In addition to our internal processes, our partnerships with various third-party vendors comprise a key component of our cyber risk management program. We engage several reputable third-party companies to monitor and maintain the performance 36 and effectiveness of our products and services, as well as to conduct System and Organization Controls (SOC) assessments and our mandatory cybersecurity training for employees. Our Compliance and Security Officer ( CSO ) is the head of our experienced cybersecurity team and is responsible for assessing and managing our cyber risk management program. Our CSO collaborates with our business, engineering, human resources, legal, and other functions to implement and enforce our cyber policies. Our CSO reports to our CTO, and they collectively inform our senior management regarding the prevention, detection, mitigation, and remediation of incidents and vulnerabilities. The Audit Committee of the Board of Directors (the Board ) oversees our cybersecurity risk exposures and the steps taken by management to monitor and mitigate cybersecurity risks. Each quarter,, our CTO updates the Audit Committee on the development and effectiveness of our cyber risk management program. In addition, the Audit Committee is responsible for periodically reviewing and discussing with management our practices with respect to cybersecurity and information security risk management. In addition, cybersecurity risks are reviewed by the Board as part of the Company s corporate risk mapping exercise. Although we have experienced, and will continue to experience, cyber incidents in the normal course of our business, prior cyber incidents have not had a material adverse effect on our business. For a further explanation of the cybersecurity risks and threats that we could be subject, see A failure of our information technology and data security infrastructure could adversely affect our business and operations in Part I, Item 1A, Risk Factors of this Annual Report on Form 10-K.

Company Information