Castellum, Inc. 10-K Cybersecurity GRC - 2024-03-21

Page last updated on April 11, 2024

Castellum, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-21 16:20:03 EDT.

Filings

10-K filed on 2024-03-21

Castellum, Inc. filed an 10-K at 2024-03-21 16:20:03 EDT
Accession Number: 0001877939-24-000018

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk management and strategy The Company recognizes the critical importance of developing, implementing, and maintaining robust cybersecurity measures to safeguard our information systems and protect the confidentiality, integrity, and availability of our data. Managing Material Risks & Integrated Overall Risk Management Castellum strategically integrated cybersecurity risk management into our broader risk management framework to promote a company-wide culture of cybersecurity risk management. This integration ensures that cybersecurity considerations are an integral part of our decision-making processes at every level. Our IT department continuously evaluates and addresses cybersecurity risks in alignment with our business objectives and operational needs. Engage Third-parties on Risk Management 23 Table of Contents Recognizing the complexity and evolving nature of cybersecurity threats, the Company engages with a range of external experts, including cybersecurity assessors, consultants, and auditors in evaluating and testing our critical systems. These partnerships enable us to leverage specialized knowledge and insights, ensuring our cybersecurity strategies and processes remain at the forefront of industry best practices. Our collaboration with these third parties includes periodic audits, threat assessments, and consultation on security enhancements. Oversee Third-party Risk Because we are aware of the risks associated with third-party service providers, the Company implements stringent processes to oversee and manage these risks. We conduct thorough security assessments of all third-party providers before engagement and maintain ongoing monitoring to ensure compliance with our cybersecurity standards. The monitoring includes quarterly assessments by our Vice President of Technology and Deployment (the VP of Technology ) and on an ongoing basis by our security engineers. This approach is designed to mitigate risks related to data breaches or other security incidents originating from third parties. Risks from Cybersecurity Threats We have not encountered cybersecurity challenges that have materially impaired our operations or financial standing. Governance The Board is acutely aware of the critical nature of managing risks associated with cybersecurity threats. The Board has established oversight mechanisms to ensure effective governance in managing risks associated with cybersecurity threats because we recognize the significance of these threats to our operational integrity and stakeholder confidence. The Board is briefed on a periodic basis as to the nature of actions taken to mitigate risks from cyberattacks. Board of Directors Oversight The Audit Committee is central to the Board s oversight of cybersecurity risks and bears the primary responsibility for this domain. The Audit Committee is composed of board members with diverse expertise including, risk management, technology, and finance, equipping them to oversee cybersecurity risks effectively. Management s Role Managing Risk The VP of Technology and Deployment and the CEO play a pivotal role in informing the Audit Committee on cybersecurity risks. They provide comprehensive briefings to the Audit Committee on a semi-annual basis, with a minimum frequency of once per year. These briefings encompass a broad range of topics, including: Current cybersecurity landscape and emerging threats Status of ongoing cybersecurity initiatives and strategies Incident reports and learnings from any cybersecurity events and Compliance with regulatory requirements and industry standards.

Company Information