FTAI Infrastructure Inc. 10-K Cybersecurity GRC - 2024-03-26

Page last updated on April 11, 2024

FTAI Infrastructure Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-26 21:55:30 EDT.

Filings

10-K filed on 2024-03-26

FTAI Infrastructure Inc. filed an 10-K at 2024-03-26 21:55:30 EDT
Accession Number: 0001899883-24-000012

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk Management and Strategy The Company s cybersecurity is overseen by the Chief Executive Officer, who receives reports directly from other officers and individuals who perform services for the Company, including, but not limited to, the Manager s Information Security Steering Committee ( ISSC ), employing a risk-based methodology designed to safeguard the security, confidentiality, integrity, and availability of its information. The ISSC is tasked with developing an effective cyber strategy, establishing policies, and managing cyber risks within the organization. The Manager s Chief Financial Officer and General Counsel, along with the Chief Operating Officer, Chief Human Resources Officer, Chief Compliance Officer, Chief Technology Officer, Chief Information Security Officer and Chief of Intelligence collaborate with Company management to formulate, implement, and enforce these policies. They help ensure that the ISSC considers best practices in its decision-making, and convenes quarterly or as needed to assess cybersecurity issues and supervise matters related to information security, fraud, vendors, data protection, and privacy risks. To help identify and assess risks, we and our Manager engage third-party advisors to conduct assessments, which leverage standards such as the National Institute of Standards and Technology security framework ( NIST ). The results of these assessments inform the development of cybersecurity controls and risk mitigation strategies, which are then implemented throughout the Company. We have taken proactive measures intended to minimize the likelihood of successful cyberattacks, including the establishment of incident response procedures designed to address potential cyber threats that may arise. These response procedures are 33 structured with the aim to identify, analyze, contain, and remediate any cyber incidents that occur. We also have risk management processes to oversee and help identify risks from cybersecurity threats associated with our use of third-party providers. To date, cybersecurity threats, including as a result of any previous cybersecurity incidents, have not materially affected and we believe are not reasonably likely to materially affect the Company, including its business strategy, results of operations or financial condition. Refer to the risk factor captioned A cyberattack that bypasses our information technology ( IT ) security systems or the IT security systems of our third-party providers, causing an IT security breach or cybersecurity incident, may lead to a disruption of our IT systems and the loss of business information which may hinder our ability to conduct our business effectively and may result in lost revenues and additional costs. in Part I, Item 1A. Risk Factors for additional description of cybersecurity risks and potential related impacts on the Company. Governance Material risks are identified and prioritized by management, and material risks are discussed periodically or as needed with the Board of Directors. The Board of Directors regularly reviews information regarding the Company s credit, liquidity and operations, including risks and contingencies associated with each area, including cybersecurity. In addition to the formal compliance program, the Board of Directors encourages management to promote a corporate culture that incorporates risk management into the Company s corporate strategy and day-to-day business operations.

Company Information