PERPETUA RESOURCES CORP. 10-K Cybersecurity GRC - 2024-03-26

Page last updated on April 11, 2024

PERPETUA RESOURCES CORP. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-26 16:31:07 EDT.

Filings

10-K filed on 2024-03-26

PERPETUA RESOURCES CORP. filed an 10-K at 2024-03-26 16:31:07 EDT
Accession Number: 0001104659-24-039054

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk Management and Strategy Information systems and other technologies, including those related to the Corporation s information and operational technology systems, and its technical and environmental data, are an important part of the Corporation s business activities. We must comply with certain elevated contractual requirements, including those related to adequately safeguarding controlled unclassified information and reporting cybersecurity incidents to the United States Department of Defense ( DOD ). We continue to implement cybersecurity processes designed to align with DOD requirements, instructions and guidance and work with the DOD as needed to assess cybersecurity risk and on policies and practices aimed at mitigating these risks. Accordingly, the Company maintains processes for assessing, identifying, and managing material risks from cybersecurity threats. Such processes include the use of traffic monitoring tools, as well as training users to detect, report, and prevent unusual behavior. We also employ monitoring mechanisms to help us detect and respond to cybersecurity threats. We conduct regular assessments and testing of the effectiveness of these controls, including security audits, incident response planning, and regulatory compliance assessments. We seek to foster cybersecurity awareness and responsibility throughout the organization by regularly providing our employees with training on cybersecurity practices. We use user access controls to limit unauthorized access to sensitive information and critical systems. In addition, we use multi-factor authentication for remote access, use of privileged accounts and access to critical systems. Encryption methods are used to protect sensitive data. This includes the encryption of customer data, financial information, and other confidential data. The implementation and management of these cybersecurity processes are integrated with the Company s overall operational risk management processes, which seeks to limit our exposure to unnecessary risks across our operations. We maintain an incident response plan that outlines the steps to be taken in the event of a cybersecurity incident. Pursuant to the incident response plan, the identifying party is required to notify the Company s CFO and Board of Directors of certain cybersecurity incidents deemed to have a moderate or higher business impact, even if immaterial to us. The incident response plan also includes procedures for: Gathering information about the cybersecurity incident. Consulting with cybersecurity consultants and other parties to assess the cybersecurity incident. Evaluating the materiality of the cybersecurity incident, determining whether there are disclosure obligations under applicable securities laws, and external reporting, as required. We engage third party service providers including consultants and auditors in connection with the above processes. We recognize that third-party service providers introduce cybersecurity risks. Impacts from Cybersecurity Threats As of the date of this Report, though the Company and our service providers have been subject to certain cybersecurity incidents, we are not aware of any previous cybersecurity threats that have materially affected or are reasonably likely to materially affect the Company. However, we acknowledge that cybersecurity threats are continually evolving, and the possibility of future cybersecurity incidents remains. Despite the implementation of our cybersecurity processes, our security measures cannot guarantee that a significant cyberattack will not occur. A successful attack on our information technology systems could have significant consequences to the business. For additional information about the risks to our business associated with a breach or compromise to our information technology systems, see section Item 1A, Risk Factors System security vulnerabilities, data breaches, and cyber-attacks could compromise proprietary or otherwise sensitive information or disrupt operations, which could adversely affect Perpetua Resources business, reputation, operations, and stock price . Governance Our IT Systems Administrator is responsible for assessing and managing our risks from cybersecurity threats and oversees our cybersecurity program. The IT Systems Administrator reports directly to our Chief Financial Officer (CFO). Our IT Systems Administrator holds an associate degree in computer application and support and has served in various roles in information systems 27 Table of Contents administration for over eight years, including roles involving managing information technology and systems and implementing cybersecurity programs. Our full Board and our Audit Committee oversee risks from cybersecurity threats and our cybersecurity practices and policies. Accordingly, our CFO periodically updates the Board and Audit Committee on cybersecurity matters, including cybersecurity risks. Additionally, our Board and Audit Committee, as well as senior management, receive reports on an as-needed basis regarding our cybersecurity posture, cybersecurity incidents, and remediation efforts.

Company Information