Origin Materials, Inc. 10-K Cybersecurity GRC - 2024-03-04

Page last updated on April 11, 2024

Origin Materials, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-04 18:12:19 EST.

Filings

10-K filed on 2024-03-04

Origin Materials, Inc. filed an 10-K at 2024-03-04 18:12:19 EST
Accession Number: 0001802457-24-000019

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk management and strategy We have implemented and maintain information security processes designed to identify, assess, and manage material risks from cybersecurity threats to our critical computer networks, third-party hosted services, communications systems, hardware and software, and our critical data, including intellectual property and confidential information that is proprietary, strategic, or competitive in nature ( Information Systems and Data ). The Director of IT and General Counsel are responsible for helping to identify, assess and manage the Company s cybersecurity threats and risks by monitoring and evaluating our threat environment using, among other things, manual processes, automated tools, internal audits, threat and vulnerability assessments, evaluating threats reported to us, evaluating our and our industry s risk profile, and subscribing to reports and services that identify cybersecurity threats. Depending on the environment, we implement and maintain various technical, physical, and organizational measures, processes, standards, and policies designed to manage and mitigate material risks from cybersecurity threats to our Information Systems and Data. These include, for example, an incident response plan and team, data encryption, risk assessments, network security and access controls, physical security, asset management, tracking, and disposal, systems monitoring, employee training including tabletop exercises and other simulated cybersecurity threats, and cybersecurity insurance. In addition, to oversee and identify any risks associated with our use of third-party service providers, we review Service Organization Controls ( SOC ) reports of such third-party service providers when onboarding the provider and annually thereafter. We also maintain proper essential information sharing and access controls, aiding in the secure exchange of information between us and our third-party service providers. Assessment and management of material risks from cybersecurity threats are integrated into the Company s overall risk management processes. For example, the Director of IT coordinates with our General Counsel and representatives of the Company s departments and teams to evaluate the Company s risk profile and identify and mitigate cybersecurity threats. Our General Counsel evaluates material risks from cybersecurity threats and reports to both the Company s executive management team and the Audit Committee of the Board of Directors. We also use third-party service providers to assist us from time to time to identify, assess, and manage material risks from cybersecurity threats, including for example cybersecurity consultants, data backup and recovery providers, cyber insurers, and legal counsel. For a description of the risks from cybersecurity threats that may materially affect the Company and how they may do so, see our risk factors under Part 1. Item 1A. Risk Factors in this Annual Report on Form 10-K. 37 Governance Our Board of Directors addresses the Company s cybersecurity risk management as part of its general oversight function and has delegated to the Audit Committee primary responsibility for monitoring the Company s cybersecurity risk management processes, including mitigation of cybersecurity threats. Our cybersecurity risk assessment and management processes are implemented and maintained by certain members of the Company s management. In particular, the Director of IT and General Counsel are responsible for hiring appropriate personnel, helping to integrate cybersecurity risk considerations into the Company s overall risk management strategy, and communicating key priorities to relevant personnel, helping prepare for cybersecurity incidents, approving cybersecurity processes and technologies, and reviewing security assessments and other security-related reports. In addition, the General Counsel provides regular reports to the Audit Committee concerning the Company s cybersecurity posture and significant threats and risks and the processes to address them. Our security incident response plan ( SIRP ) is designed to escalate certain cybersecurity incidents to members of the Company s executive management team depending on the circumstances. The General Counsel, Director of IT, and relevant department heads work with our incident response team to help the Company mitigate and remediate cybersecurity incidents of which they are notified. The SIRP provides for escalation of potentially material cybersecurity incidents to the Audit Committee.

Company Information