Sow Good Inc. 10-K Cybersecurity GRC - 2024-03-22

Page last updated on April 11, 2024

Sow Good Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-22 17:04:10 EDT.

Filings

10-K filed on 2024-03-22

Sow Good Inc. filed an 10-K at 2024-03-22 17:04:10 EDT
Accession Number: 0001437749-24-009065

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Risk Management and Strategy: The Company has processes for assessing, identifying, and managing material risks from cybersecurity threats. The Company has designed and implemented a cybersecurity incident response plan and related processes, which is overseen by an internal information technology specialist. Cybersecurity threats are identified and escalated to a member of Management pursuant to criteria set forth in these processes. These processes also include overseeing and identifying risks from cybersecurity threats associated with the use of third-party service providers, if any. The audit committee of the board of directors (the Audit Committee ) is responsible for establishing and monitoring the integrity and effectiveness of controls and other procedures, which are designed to ensure that (1) all information required to be disclosed is recorded, processed, summarized, and reported accurately and on a timely basis, and (2) all such information is accumulated and communicated to management and the Company s board of directors, as appropriate, to allow for timely decisions regarding such disclosures. The controls and procedures subject to the Audit Committee s oversight include processes related to managing material risks from cybersecurity threats. Accordingly, the Company s cybersecurity processes have been integrated into the Company s overall processes. Governance: The Audit Committee operates under a written charter adopted by the Company s board of directors. The Audit Committee oversees, among other things, a system of internal controls, including internal controls designed to assess, identify, and manage material risks from cybersecurity threats. The Audit Committee is also responsible for the adequacy and effectiveness of the Company s internal controls, including those internal controls that are designed to assess, identify, and manage material risks from cybersecurity threats. The Audit Committee is informed of material risks, if any, from cybersecurity threats pursuant to escalation criteria set forth in the Company s disclosure controls and procedures. Further, at least once per quarter, a member of the Company s Audit Committee reports material risks, if any, from cybersecurity threats to the Company s board of directors. The Company s management also assess and manage material risks, if any, from cybersecurity threats. The Audit Committee is responsible for establishing and monitoring the integrity and effectiveness of controls and other procedures, including controls and procedures related to managing material risks from cybersecurity threats, which are designed to ensure that (1) all information required to be disclosed is recorded, processed, summarized, and reported accurately and on a timely basis, and (2) all such information is accumulated and communicated to management and the Company s board of directors, as appropriate, to allow for timely decisions regarding such disclosures. The Company s Information Technology Manager oversees the Company s incident response plan and related processes designed to assess and manage material risks, if any, from cybersecurity threats. The Information Technology Manager also coordinates with any consultants, auditors and other third parties to assess and manage material risks, if any, from cybersecurity threats. The Company s Information Technology Manager is informed about and monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents pursuant to criteria set forth in the Company s incident response plan and related processes. The Company’s Information Technology Manager is also informed about and monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents pursuant to notification criteria set forth in the Company s contracts with third-party service providers. Further, the Company s Information Technology Manager is informed about and monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents pursuant to reports prepared by consultants, auditors, and other third parties retained by the Company, if necessary, to investigate cybersecurity incidents. 34 Table of Contents The Company s Information Technology Manager informs the Audit Committee of cybersecurity incidents that may be material pursuant to escalation criteria set forth in the Company s incident response plan and related processes. The Company s Information Technology Manager or a delegate thereof also prepares a report for the Audit Committee and the Company s board of directors concerning material risks, if any, from cybersecurity threats at least once per quarter, and more often to the extent necessary pursuant to the escalation criteria set forth in the Company s processes described herein. As of the date of this Annual Report on Form 10-K, the Company is not aware of any cybersecurity threats, including as a result of any previous cybersecurity incidents, that have materially affected or are reasonably likely to materially affect the Company, including its business strategy, results of operations or financial condition. For additional information concerning risks related to cybersecurity, see Item 1A. Risk Factors.

Company Information