Eos Energy Enterprises, Inc. 10-K Cybersecurity GRC - 2024-03-04

Page last updated on April 11, 2024

Eos Energy Enterprises, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-04 17:29:13 EST.

Filings

10-K filed on 2024-03-04

Eos Energy Enterprises, Inc. filed an 10-K at 2024-03-04 17:29:13 EST
Accession Number: 0001805077-24-000013

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY At Eos, we leverage a cybersecurity model that focuses on four key areas: prevention, detection, assessment, and remediation through an array of internal and external systems, along with the expertise of third-party service providers. This model is supported internally by Eos’ Information Technology Department (“ITD”), along with expertise of external cybersecurity experts. Our model is also supported through security awareness training for all employees during the onboarding process and on a regular basis thereafter. 32 Our Board of Directors has overall oversight responsibility for our cybersecurity model. Our overarching cybersecurity programs are under the direction of the Eos leadership team, and directly supported by the efforts of the ITD. The ITD, led by the Director of ITD, reports to the Chief Financial Officer (“CFO”) of the Company. With over 7 years of experience leading cybersecurity teams and programs, our Director of ITD leverages a combination of internal and external systems and security experts to keep our CFO informed of potential risks to the organization. The Director of ITD is responsible for identifying, considering, and assessing material cybersecurity risks on an ongoing basis, establishing processes to ensure that such potential cybersecurity risk exposures are monitored, putting in place appropriate mitigation measures and maintaining cybersecurity programs and systems. Management reports material cybersecurity risks to our Board of Directors on an annual basis. In addition, our management follows a risk-based escalation process to notify the Board of Directors outside of the regular reporting cycle when they identify an emerging risk or material issue. In 2023, we did not identify any cybersecurity threats that have materially affected or are reasonably likely to materially affect our business strategy, results of operations, or financial condition. However, despite our efforts, we cannot eliminate all risks from cybersecurity threats, or provide assurances that we have not experienced an undetected cybersecurity incident. For more information about these risks, please see Part I, Item 1A- Risk Factors in this Annual Report on Form 10-K.

Company Information