SOUTH DAKOTA SOYBEAN PROCESSORS LLC 10-K Cybersecurity GRC - 2024-03-21

Page last updated on April 11, 2024

SOUTH DAKOTA SOYBEAN PROCESSORS LLC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-21 18:00:36 EDT.

Filings

10-K filed on 2024-03-21

SOUTH DAKOTA SOYBEAN PROCESSORS LLC filed an 10-K at 2024-03-21 18:00:36 EDT
Accession Number: 0001163609-24-000004

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. Risk Management and Strategy The Company recognizes the importance of developing, implementing, and maintaining cybersecurity measures to safeguard our information and operational technologies and protect the confidentiality, integrity, and availability of our data. Our business is dependent upon our computer systems, devices, software and networks (operational and information technology) to collect, process and store the data necessary to conduct almost all aspects of our business, including the evaluation of acquisition and development opportunities, the monitoring and evaluation of our existing properties and the performance of and data from our operators and the recording and reporting of financial information. Assessing, Identifying and Managing Material Cybersecurity Risks & Integrated Overall Risk Management. We have processes in place to assess, identify, manage, and address material cybersecurity threats and incidents. These include, among other things: annual and ongoing security awareness training for employees mechanisms to detect and monitor unusual network activity and containment and incident response tools. We regularly assess risks from cybersecurity and technology threats and monitor our information systems for potential vulnerabilities. We monitor issues that are internally discovered or externally reported that may affect our systems, and have processes to assess those issues for potential cybersecurity impact or risk. The Company has integrated cybersecurity risk management into our broader risk management framework to promote a company-wide culture of cybersecurity risk management. This integration is designed to include cybersecurity considerations as part of our decision-making processes at every level. Our IT department and third party service providers seek to continuously evaluate and address cybersecurity risks in alignment with our business objectives and operational needs and coordinate with our overall risk management framework. In the event of a cybersecurity incident, we maintain an incident response plan. This plan sets forth immediate actions to mitigate the impact of cybersecurity incidents, including referring certain matters to the Company s Chief Executive Officer ( CEO ) for additional evaluation and oversight, as well as long-term strategies for remediation and prevention of future cybersecurity incidents. 12 Engaging Third Parties on Cybersecurity Risk Management. Recognizing the complexity and evolving nature of cybersecurity threats, the Company engages with third-party service providers, including cybersecurity assessors, and consultants, in evaluating and testing our cybersecurity risk management systems. This enables us to leverage knowledge and insights with the goal of aligning our cybersecurity strategies and processes with best practices for our industry and size. Accordingly, we engage third-party service providers for regular cybersecurity-related audits, threat assessments, and consultation on security enhancements. Overseeing Third-Party Risk. Because we are aware of the risks associated with engaging third-party service providers, the Company has implemented processes designed to oversee and manage these risks. It is our policy to conduct security assessments of all third-party service providers before engagement and we aim to maintain ongoing monitoring for compliance with our cybersecurity standards. This monitoring includes regular assessments by our Chief Operations Officer. Cybersecurity Threats. As of the date of this Annual Report on Form 10-K, though the Company and our service providers have experienced certain cybersecurity incidents, we are not aware of any previous cybersecurity incidents that have materially affected or are reasonably likely to materially affect the Company, including our operations or financial condition. We acknowledge that cybersecurity threats are continually evolving, and the possibility of future cybersecurity incidents remains. Despite the implementation of our cybersecurity processes, our security measures cannot guarantee that a significant cybersecurity attack will not occur. While we devote resources to our security measures designed to protect our systems and information, no security measure is infallible. See Item 1A. Risk Factors Risk Factors Relating to Our Business-We depend on computer and telecommunications systems, and failures in our systems or cyber security threats, attacks or other disruptions could significantly disrupt our business operations. for additional information about the risks to our business associated with a breach or other compromise to our information and operational technology systems. Governance Board of Directors Oversight. The Board has overall responsibility for the oversight of risk management, which includes cybersecurity risks. The Board receives periodic briefings on cybersecurity matters, including key risks to the Company, recent developments, and risk mitigation activities from members of management, who are responsible for overseeing our cybersecurity program. In addition, the Board receives annual briefings from our Chief Operations Officer and our third party service provider(s),on our cybersecurity program. Management s Role. Our cybersecurity risk assessment and management efforts are led by our Chief Operations Officer, who is responsible for implementing and overseeing processes for the monitoring of our information systems. This includes responsibility for the deployment of cybersecurity measures and system audits to identify potential cybersecurity vulnerabilities. Our Chief Operations Officer reports directly to our CEO and Board of Managers.

Company Information