Planet 13 Holdings Inc. 10-K Cybersecurity GRC - 2024-03-13

Page last updated on April 11, 2024

Planet 13 Holdings Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-13 16:15:44 EDT.

Filings

10-K filed on 2024-03-13

Planet 13 Holdings Inc. filed an 10-K at 2024-03-13 16:15:44 EDT
Accession Number: 0001437749-24-007628

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. We recognize the critical importance of developing, implementing, and maintaining cybersecurity measures to safeguard our information systems and protect the confidentiality, integrity, and availability of data we produce and collect. Managing Material Risks & Overall Risk Management We have a cross-departmental approach to addressing cybersecurity risk, including input from our employees, senior management, and Audit Committee of our Board of Directors (the Board ). The Company devotes significant resources to cybersecurity and risk management processes to adapt to the changing cybersecurity landscape and respond to emerging threats promptly and effectively. We have a set of Company-wide cybersecurity policies and procedures and continue building these important document libraries. Management approves initial policies and reviews them periodically for updates and changes. Our network security provider follows the internationally recognized risk framework, ISO 27001. We regularly assess the threat landscape and take a holistic view of cybersecurity risks, with a multi-faceted cybersecurity strategy based on prevention, detection, and mitigation. The Company continues to work to ensure the inclusion of our cybersecurity risks are fully incorporated into the Company s overall risk management approach. Third-Party Risk Management and Oversight As part of our cybersecurity program, we also engage with external service providers as part of our continuing cybersecurity efforts, assisting us in the evaluation and enhancement of the effectiveness of our information security policies and procedures. These partnerships enable us to leverage specialized knowledge and insights, ensuring our cybersecurity policies and procedures are comprehensive, up-to-date, and aligned with regulatory requirements. The use of these third-party providers is regularly reviewed and monitored by the appropriate members of management. We conduct thorough assessments of all third-party providers before engagement and maintain ongoing monitoring to ensure compliance with our cybersecurity standards. Risks from Cybersecurity Threats We have not encountered cybersecurity challenges that have materially impacted our strategic plan, operations, or financial standing. For additional information, see Risk Factors. Governance Our cybersecurity program is managed by our Vice President of Operations ( VP Operations ) and our Director of Information Technology ( IT Director ), whose team ( Cybersecurity Team ) is responsible for facilitating the enterprise-wide cybersecurity program. Our VP Operations and IT Director have experience with large information technology footprints, including cybersecurity. Their in-depth knowledge and expertise are instrumental in supporting our cybersecurity program and policies and overseeing our governance and compliance programs. The Audit Committee of our Board of Directors oversees management s process for identifying and mitigating risks, including cybersecurity risks. The Audit Committee is composed of board members with diverse expertise including, risk management, technology, and finance, equipping them to oversee cybersecurity risks effectively. Management s role in assessing and managing material risks from cybersecurity threats involves leadership, governance, resource allocation, and proactive risk management. Management’s involvement is crucial in safeguarding the Company’s digital assets, reputation, and long-term success. Our Cybersecurity Team provides periodic reports to our Audit Committee, as well as our Co-CEOs, and other members of senior management as appropriate. The Audit Committee actively participates in discussions with management regarding cybersecurity risks. The Audit Committee performs an annual assessment of the Company s cybersecurity program, which includes a discussion of management s actions to identify and detect threats, and scenarios for potential response or recovery situations. In addition to regularly scheduled meetings, the Audit Committee and appropriate levels of senior management maintain an ongoing dialogue regarding emerging or potential cybersecurity risks. Together, they receive updates on any significant developments in the cybersecurity domain, ensuring the Board s oversight is proactive and responsive. 55 Table of Contents

Company Information