indie Semiconductor, Inc. 10-K Cybersecurity GRC - 2024-02-29

Page last updated on April 11, 2024

indie Semiconductor, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-29 16:53:34 EST.

Filings

10-K filed on 2024-02-29

indie Semiconductor, Inc. filed an 10-K at 2024-02-29 16:53:34 EST
Accession Number: 0001628280-24-008027

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Risk Assessment We have developed policies and processes for assessing, identifying, and managing material risk from cybersecurity threats informed by industry-recognized standards. We have integrated these processes into our overall risk management systems and programs. Our cybersecurity program includes, among other things: procedures to assess material risk from cybersecurity threats, protocols to monitor any potential unauthorized access to, or conducted through, our information systems that may result in adverse effects on the confidentiality, integrity, or availability of our information systems or any information residing therein, mechanisms to safeguard network infrastructure, mandatory employee training on information security, and assessing the sufficiency of existing policies, procedures, systems, controls and other safeguards in place to manage such risks. As part of our risk management process, we have engaged and expect to continue to engage third party experts to help identify and assess risks from cybersecurity threats. Our risk management process is also designed to address cybersecurity risks associated with our use of third-party service providers, and includes procedures such as reviewing security audits and controls of these providers during the onboarding process. In connection with these risk assessments, we design, implement and maintain reasonable safeguards to minimize the identified risks and address identified gaps in existing safeguards, update existing safeguards as necessary and monitor the effectiveness of our safeguards. As of December 31, 2023, we have not identified any risks from cybersecurity threats (including as a result of any previous cybersecurity incidents) that have materially affected our business strategy, our results of operations or our financial condition, but there can be no guarantee that we will not experience a cybersecurity incident in the future. We can give no assurance that we have detected or protected against all cybersecurity threats or cybersecurity incidents. For further discussion of cybersecurity risks, please see our Risk Factors discussion under the heading, Risks Related to Our Intellectual Property, Technology and Cybersecurity. Governance Our Board of Directors (the Board ) has oversight responsibility over the Company s strategy and risk management, including material risks related to cybersecurity threats. The Audit Committee of the Board (the Audit Committee ) oversees the management of systemic risks, including cybersecurity, in accordance with its charter. The Audit Committee receives periodic 35 Table of Contents reports from management concerning our significant cybersecurity threats and risks and the processes we have implemented to address them, and engages in discussions with management regarding the Company s significant risk exposures and the measures implemented to monitor and control these risks. These discussions include a review of our cybersecurity-related risk assessment and risk management policies. Management, in coordination with our information technology department, is responsible for hiring appropriate personnel, helping to integrate cybersecurity risk considerations into our overall risk management strategy, and communicating key priorities to relevant personnel. Management, along with our information technology department, is responsible for approving budgets, approving cybersecurity processes, and reviewing cybersecurity assessments and other cybersecurity-related matters. Our cybersecurity incident response and vulnerability management processes are designed to escalate cybersecurity incidents to members of management depending on the circumstances. Our information technology department works with management, including the Chief Operating Officer and Chief Financial Officer, to help mitigate and remediate cybersecurity incidents of which they are notified. Our information technology department, led by our director of information technology, includes individuals with over 20 years of prior work experience in various roles involving security, compliance, systems and risk management implementation. In addition, our incident response processes include procedures for reporting material cybersecurity incidents to the Audit Committee for material cybersecurity incidents.

Company Information