SOLITARIO RESOURCES CORP. 10-K Cybersecurity GRC - 2024-03-22

Page last updated on April 11, 2024

SOLITARIO RESOURCES CORP. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-22 09:30:17 EDT.

Filings

10-K filed on 2024-03-22

SOLITARIO RESOURCES CORP. filed an 10-K at 2024-03-22 09:30:17 EDT
Accession Number: 0001654954-24-003525

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk Management and Strategy We rely upon technology and information systems to support our mining exploration business. These systems may be susceptible to cybersecurity risks including, but not limited to, external attackers, malware, viruses, and unauthorized access to our information technology ( IT ) systems. We have invested in cybersecurity controls and processes to address these threats and reduce the risk of future breaches and cyber-attacks. Our operations rely on the secure processing, storage and transmission of confidential and other information in our computer systems and networks. Computer viruses, hackers, employee or vendor misconduct, and other external hazards could expose our information systems, and those of our vendors, to security breaches, cybersecurity incidents or other disruptions, any of which could materially and adversely affect our business. While we take cybersecurity seriously, we mitigate the common cybersecurity risks that many companies face by greatly limiting the accessibility of and our reliance on our cyber profile and web-based activities. Of our nine employees (six full-time, three part-time), a total of three employees plus one third-party information-technology consultant (our IT Consultant ) that we contract with have access to our cyber system. No vendors or customers have access to our system, which greatly minimizes the risk of unauthorized access. No part of our business entails third-party members of the public accessing our accounts, making purchases, or ordering products or services, which greatly reduces our risks of cyber-attack and minimizes the potential consequences if such an attack were to occur. In addition, although we do have a website, it is maintained offsite and is not connected to our file server, which is maintained separately in our office rather than being connected to the Internet or linked to any third-party cloud storage system. 14 Table of Contents Despite our relatively low risk cybersecurity profile and the minimal threat of cybersecurity incidents that we face, we contract with one IT Consultant to assist us in identifying any potential cybersecurity risks and in implementing and maintaining effective measures to reduce our cybersecurity risks. Our IT Consultant helps ensure that our system is updated with the latest cybersecurity patches and configurations and monitors our system and accounts for suspicious activity. Additionally, we invest in firewall protection through Symantec Corporation, which is a provider of Internet-security technology and business-management solutions. Our Symantec firewall protection is designed to monitor and secure our computers from malicious inbound and outbound traffic and to provide an additional layer of protection to our network and data, which helps mitigate the risks of unauthorized access and cybersecurity threats. In addition to relying on the advice and knowledge of our IT Consultant, our IT Consultant maintains our firewall protection through Symantec. We monitor daily reports from the firewall protection, which would indicate any suspicious activity in our accounts or system as well as notify our IT Consultant, who would contact our Chief Financial Officer. Our Chief Financial Officer would consult with our IT Consultant to assess and determine the materiality of the risk presented by the suspicious activity and to determine what steps should be taken to protect the limited data we maintain online. Depending on the materiality of the risk, our IT Consultant and Chief Executive Officer would consult with our Audit Committee of the Board of Directors to determine an appropriate notification and risk-management plan. We did not identify any cybersecurity incidents during the year ended December 31, 2023 that have materially affected or are reasonably likely to materially affect Solitario s business strategy, results of operations, or financial condition. Despite the low accessibility of our server and system and the resultant low cybersecurity risks that we face, we recognize that no system is completely protected from cyber threats, that cybersecurity risks are increasingly difficult to detect, and that the increasingly digitalized landscape that businesses operate in increase the pervasiveness and severity of cyber-attack risks. While we do not believe our business strategy, results of operations, or financial condition have been materially adversely affected by any cybersecurity threats or incidents, there is no assurance that we will not be materially affected by such threats or incidents in the future. We will continue to monitor cybersecurity risks with our IT Consultant and stay apprised of changes in the cyber environment. Governance As part of our overall risk management approach, we prioritize the identification and management of cybersecurity risk at several levels, including Board oversight, executive commitment and employee training. Our Audit Committee, comprised of independent directors from our Board, oversees the responsibilities relating to the operational (including IT risks and data security) risk affairs of the Company. Our Audit Committee is informed of such risks through quarterly reports from our executive officers and it reports any material findings and recommendations to the full Board for consideration. 15 Table of Contents

Company Information