PEDEVCO CORP 10-K Cybersecurity GRC - 2024-03-15

Page last updated on April 11, 2024

PEDEVCO CORP reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-15 18:45:44 EDT.

Filings

10-K filed on 2024-03-15

PEDEVCO CORP filed an 10-K at 2024-03-15 18:45:44 EDT
Accession Number: 0001654954-24-003240

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY The Company understands the importance of preventing, assessing, identifying, and managing material risks associated with cybersecurity threats. Cybersecurity processes to assess, identify and manage risks from cybersecurity threats have been incorporated as a part of the Company s overall risk assessment process. These risks include, among other things: operational risks, intellectual property theft, fraud, extortion, harm to employees or customers and violation of data privacy or security laws. We have processes in place to identify, assess and monitor material risks from cybersecurity threats, including the material risks of the Company. These processes are part of our overall enterprise risk management process and have been embedded in our operating procedures, internal controls and information systems. On a regular basis we implement into our operations these cybersecurity processes, technologies, and controls to assess, identify, and manage material risks. Cybersecurity risks related to our business, technical operations, privacy and compliance issues are identified and addressed through a multi-faceted approach including third party assessments, IT security, governance, risk and compliance reviews. To defend, detect and respond to cybersecurity incidents, we, among other things, implemented (i) multi-factor authentication and password protection requirements for accessing all Company systems and applications such as Company electronic mail and the Company s banking and accounting environments, (ii) a secure email gateway using GoSecure that combines machine learning, behavioral scanning, exploit detection, signature-based detection and structure heuristics to provide defense against phishing and business electronic mail compromise attacks, spam, polymorphic malware, theft and other dangerous offensive content, (iii) endpoint protection using Microsoft Defender on Company and employee computers and Company-provided devices, (iii) a physical networking room with restricted access to only authorized personnel, (iv) regular cybersecurity training, awareness, and threat updates programs to keep all Company personnel updated and informed regarding emerging threats and best practices, and (v) daily cloud backups of the Company s accounting environment. 68 Table of Contents Incidents are evaluated to determine materiality as well as operational and business impact, and reviewed for privacy impact. We describe whether and how risks from identified cybersecurity threats, including as a result of any previous cybersecurity incidents, have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations, or financial condition, under the heading Failure of our information technology systems, including cybersecurity attacks or other data security incidents, could significantly disrupt the operation of our business. included as part of our risk factor disclosures at Item 1A of this Annual Report on Form 10-K. Cybersecurity is an important part of our risk management processes and an area of focus for our Board and management. Our management team is responsible for the oversight of risks from cybersecurity threats. The Board receives information and updates periodically with respect to the effectiveness of our cybersecurity and information security framework, data privacy and risk management. The Board will also be provided updates on any material incidents relating to information systems security and cybersecurity incidents.

Company Information