RARE ELEMENT RESOURCES LTD 10-K Cybersecurity GRC - 2024-03-19

Page last updated on April 11, 2024

RARE ELEMENT RESOURCES LTD reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-19 18:00:06 EDT.

Filings

10-K filed on 2024-03-19

RARE ELEMENT RESOURCES LTD filed an 10-K at 2024-03-19 18:00:06 EDT
Accession Number: 0001419806-24-000003

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity of this Annual Report for more information about the systems and processes we use to manage these risks. ITEM 1B. UNRESOLVED STAFF COMMENTS Not applicable. ITEM 1C. CYBERSECURITY We face cybersecurity risks due to the breadth of networks and systems we must defend against cybersecurity attacks and threat actors seeking to inflict harm on us and the substantial level of harm that could occur to us were we to suffer impacts of a material cybersecurity incident. We are committed to maintaining robust governance and oversight of these risks and to implementing mechanisms, controls, technologies, and processes designed to help us assess, identify, and manage these risks. In the year ended December 31, 2023, we did not experience a material cybersecurity incident as such term is defined in Item 106(a) of Regulation S-K. However, there can be no guarantee that we will not experience such an incident in the future. Such incidents, whether or not successful, could result in us incurring significant costs related to, for example, implementing additional threat protection measures, defending against litigation, responding to regulatory inquiries or actions, paying damages, or taking other remedial steps with respect to third parties, as well as incurring significant reputational harm. In addition, these threats are constantly evolving, thereby increasing the difficulty of successfully defending against them or implementing adequate preventative measures. We seek to detect and investigate unauthorized attempts and attacks against our network, and to prevent their occurrence and recurrence where practicable through changes or updates to our internal processes and tools however, we remain potentially vulnerable to known or unknown threats. In some instances, we and our suppliers may be unaware of a threat or incident or its magnitude and effects. Further, there is increasing regulation regarding responses to cybersecurity incidents, including reporting to regulators, which could subject us to additional liability and reputational harm. See Item 1A. Risk Factors of this Annual Report for more information on our cybersecurity risks and product vulnerability risks. We aim to incorporate industry best practices throughout our cybersecurity program. Our cybersecurity strategy focuses on implementing effective and efficient controls, technologies, and other processes to assess, identify, and manage material cybersecurity risks. Our cybersecurity program is designed to be aligned with applicable industry standards and is maintained by a third-party technology firm. The third-party firm has processes in place to assess, identify, manage, and address material cybersecurity threats and incidents. These include, among other things, annual and ongoing security 29 Table of Contents awareness training for employees mechanisms to detect and monitor unusual network activity and containment and incident response tools. Our Board of Directors has ultimate oversight of cybersecurity risk, which it manages as part of our enterprise risk management program. That program is utilized in making decisions with respect to Company priorities, resource allocations, and oversight structures. The Board of Directors is assisted by the Audit Committee, which regularly reviews our cybersecurity program with management and reports to the Board of Directors. Our cybersecurity program is run by a third-party firm, which reports to our Chief Financial Officer ( CFO ). The third-party firm is informed about and monitors prevention, detection, mitigation, and remediation efforts through regular communication and reporting from professionals within its team and through the use of technological tools and software. Our CFO regularly reports directly to the Audit Committee or the Board of Directors on our cybersecurity program and efforts to prevent, detect, mitigate, and remediate issues. Cybersecurity reviews by the Audit Committee or the Board of Directors generally occur at least annually, or more frequently as determined to be necessary or advisable.
ITEM 1C. CYBERSECURITY We face cybersecurity risks due to the breadth of networks and systems we must defend against cybersecurity attacks and threat actors seeking to inflict harm on us and the substantial level of harm that could occur to us were we to suffer impacts of a material cybersecurity incident. We are committed to maintaining robust governance and oversight of these risks and to implementing mechanisms, controls, technologies, and processes designed to help us assess, identify, and manage these risks. In the year ended December 31, 2023, we did not experience a material cybersecurity incident as such term is defined in Item 106(a) of Regulation S-K. However, there can be no guarantee that we will not experience such an incident in the future. Such incidents, whether or not successful, could result in us incurring significant costs related to, for example, implementing additional threat protection measures, defending against litigation, responding to regulatory inquiries or actions, paying damages, or taking other remedial steps with respect to third parties, as well as incurring significant reputational harm. In addition, these threats are constantly evolving, thereby increasing the difficulty of successfully defending against them or implementing adequate preventative measures. We seek to detect and investigate unauthorized attempts and attacks against our network, and to prevent their occurrence and recurrence where practicable through changes or updates to our internal processes and tools however, we remain potentially vulnerable to known or unknown threats. In some instances, we and our suppliers may be unaware of a threat or incident or its magnitude and effects. Further, there is increasing regulation regarding responses to cybersecurity incidents, including reporting to regulators, which could subject us to additional liability and reputational harm. See Item 1A. Risk Factors of this Annual Report for more information on our cybersecurity risks and product vulnerability risks. We aim to incorporate industry best practices throughout our cybersecurity program. Our cybersecurity strategy focuses on implementing effective and efficient controls, technologies, and other processes to assess, identify, and manage material cybersecurity risks. Our cybersecurity program is designed to be aligned with applicable industry standards and is maintained by a third-party technology firm. The third-party firm has processes in place to assess, identify, manage, and address material cybersecurity threats and incidents. These include, among other things, annual and ongoing security 29 Table of Contents awareness training for employees mechanisms to detect and monitor unusual network activity and containment and incident response tools. Our Board of Directors has ultimate oversight of cybersecurity risk, which it manages as part of our enterprise risk management program. That program is utilized in making decisions with respect to Company priorities, resource allocations, and oversight structures. The Board of Directors is assisted by the Audit Committee, which regularly reviews our cybersecurity program with management and reports to the Board of Directors. Our cybersecurity program is run by a third-party firm, which reports to our Chief Financial Officer ( CFO ). The third-party firm is informed about and monitors prevention, detection, mitigation, and remediation efforts through regular communication and reporting from professionals within its team and through the use of technological tools and software. Our CFO regularly reports directly to the Audit Committee or the Board of Directors on our cybersecurity program and efforts to prevent, detect, mitigate, and remediate issues. Cybersecurity reviews by the Audit Committee or the Board of Directors generally occur at least annually, or more frequently as determined to be necessary or advisable.

Company Information