INTERNATIONAL TOWER HILL MINES LTD 10-K Cybersecurity GRC - 2024-03-08

Page last updated on April 11, 2024

INTERNATIONAL TOWER HILL MINES LTD reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-08 12:01:03 EST.

Filings

10-K filed on 2024-03-08

INTERNATIONAL TOWER HILL MINES LTD filed an 10-K at 2024-03-08 12:01:03 EST
Accession Number: 0001410578-24-000156

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Risk Management and Strategy The Company has processes, policies and procedures for identifying, assessing, managing, and responding to cybersecurity threats and incidents. These are integrated into our overall risk management systems, as overseen by our Board of Directors, primarily through the Audit Committee. Our policies and procedures include protocols for assessing potential material impacts from cybersecurity threats and incidents, escalating to management and the Board of Directors, engaging external stakeholders, and reporting incidents based on applicable legal requirements. We use specialized IT tools and services, including with the support of third-party service providers, to understand, manage, mitigate and continually remediate identified risks. The Company logs identified cybersecurity risks and tracks corresponding risk management activities. Identified cybersecurity risks are discussed with management for resolution planning and escalation. Testing of our security controls in connection with the auditing of our financial systems is completed annually. At least annually, we conduct training and awareness for our employees to help identify, avoid and mitigate cybersecurity threats. We regularly evaluate the cybersecurity risks associated with third-party suppliers and service providers that have access to the Company s networks, confidential information, and information systems. We provide third-party vendors, consultants, and partners with detailed security requirements for securing their connections to our IT networks. In addition, we week to make third-party service providers contractually responsible for identifying and remediating security issues within their technology and service environment. Management has not identified risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, that have materially affected or are reasonably likely to materially affect the Company, including its business strategy, results of operations or financial condition. While we have implemented a cybersecurity program, the techniques used to compromise IT systems continue to 19 Table of Contents evolve. Accordingly, we may not be able to timely detect threats or anticipate and implement adequate security measures. For additional information regarding risks relating to privacy and cybersecurity, see Item 1A Risk Factors. Governance The Board of Directors is responsible for overseeing the assessment and management of enterprise-level risks that may impact the Company. The Audit Committee has primary responsibility for overseeing risk management, including oversight of risks from cybersecurity threats. The CEO and CFO report on cybersecurity matters, including material risks and threats, to the Audit Committee at regularly scheduled Audit Committee meetings, which is then discussed with the Board of Directors. It is management s responsibility to manage cybersecurity risks, as described above, and bring to the Board s attention any material risks. Under the oversight of the Audit Committee, the Company s Chief Executive Officer is primarily responsible for the assessment and management of cybersecurity risks and utilizes third-party consultants retained by the Company for advice.

Company Information