LIGHTBRIDGE Corp 10-K Cybersecurity GRC - 2024-03-04

Page last updated on April 11, 2024

LIGHTBRIDGE Corp reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-04 17:21:23 EST.

Filings

10-K filed on 2024-03-04

LIGHTBRIDGE Corp filed an 10-K at 2024-03-04 17:21:23 EST
Accession Number: 0001477932-24-001002

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Risk management and strategy Lightbridge utilizes third-party vendors to manage its Information Technology (IT) systems and has a Managed Service Provider (MSP) for general administration of the IT process including providing a Chief Information Security Officer (CISO), who is responsible for leading our enterprise-wide cybersecurity strategy, policy, standards, architecture, and processes. The MSP utilizes a Security Information and Event Management (SIEM) system to monitor the IT Infrastructure. This and other third-party security applications provide reports that include but are not limited to Endpoint protection, Employee Security scores, Phishing reports, Dark Web scanning and Vulnerability scanning. The CISO reports to our CFO. This CISO is informed about and monitors prevention, detection, mitigation, and remediation efforts through regular communication and reporting from professionals in the industry, many of whom hold cybersecurity certifications, and through the use of technological tools and software and results from third-party audits. The CISO issues quarterly reports and reports to the CFO, as appropriate, providing updates on the Company s cyber risks and threats, the status of projects to strengthen our information security systems, assessments of the information security program, and the emerging threat landscape. The Company requires its employees to take a yearly cyber training course and its employees are also required to sign confidentiality agreements for purposes including ensuring cybersecurity. 24 Table of Contents Risks from Cybersecurity Threats As of the date of this report, we are not aware of any material risks from cybersecurity threats, that have materially affected or are reasonably likely to materially affect the Company, including our business strategy, results of operations, or financial condition. Governance The Board of Directors is acutely aware of the critical nature of managing risks associated with cybersecurity threats. The Board has established robust oversight mechanisms to ensure effective governance in managing risks associated with cybersecurity threats because Lightbridge recognizes the significance of these threats to our operational integrity and stakeholder confidence. Furthermore, significant cybersecurity matters, and strategic risk management decisions are escalated to the Board of Directors, ensuring that they have comprehensive oversight and can provide guidance on critical cybersecurity issues. Board of Directors Oversight The Audit Committee is central to the Board s oversight of cybersecurity risks and bears the primary responsibility for this domain. The Audit Committee is composed of board members with diverse expertise including risk management, technology, and finance that equips them to oversee cybersecurity risks effectively. The Audit Committee conducts an annual review of the company s cybersecurity posture and the effectiveness of its risk management strategies. This review helps in identifying areas for improvement and ensuring the alignment of cybersecurity efforts with the overall risk management framework. The CFO reports to the Audit Committee regarding cybersecurity risks and provides a comprehensive briefing to the Audit Committee on a regular basis as needed, with a minimum frequency of once per year. The CFO also maintains an ongoing dialogue regarding emerging or potential cybersecurity risks and cybersecurity incidents.

Company Information