Koil Energy Solutions, Inc. 10-K Cybersecurity GRC - 2024-03-27

Page last updated on April 11, 2024

Koil Energy Solutions, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-27 16:30:50 EDT.

Filings

10-K filed on 2024-03-27

Koil Energy Solutions, Inc. filed an 10-K at 2024-03-27 16:30:50 EDT
Accession Number: 0001683168-24-001768

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Cybersecurity Risk Management and Strategy Overall Risk Management We maintain a cybersecurity program that is reasonably designed to protect our information, and that of our customers, against cybersecurity threats that may result in adverse effects on the confidentiality, integrity, and availability of our information systems. The Company integrates cybersecurity risk management into its broader risk management framework to promote a company-wide culture of cyber risk awareness. The head of our IT department continuously evaluates and addresses cyber risks in alignment with business objectives, operational needs and industry-accepted standards, such as the National Institute of Standards and Technology ( NIST ). The Company has processes and procedures in place to monitor the prevention, detection, mitigation and remediation of cybersecurity risks. These include but are not limited to: Maintaining a defined and practiced incident response plan Maintaining cyber insurance coverage Employing appropriate incident prevention and detection safeguards Maintaining a defined disaster recovery policy and employing disaster recovery software, where appropriate Educating, training and testing our user community on information security practices and identification of potential cybersecurity risks and threats and Reviewing and evaluating new developments in the cyber threat landscape. Managing Third Party Risk Koil Energy recognizes the risks associated with the use of vendors, service providers and other third parties that provide information system services to us, process information on our behalf, or have access to our information systems, and the Company has processes in place to oversee and manage these risks. We conduct thorough risk-weighted security assessments of various third-parties and maintain ongoing monitoring to ensure compliance with our cybersecurity standards. This monitoring includes both annual assessments and assessments on an ongoing basis. Risks from Cybersecurity Incidents To our knowledge, Koil Energy has not been subject to cybersecurity incidents that have materially affected, or are reasonably likely to materially affect the Company, its operations or financial condition. 6 Cybersecurity Governance Internal Cybersecurity Team Our internal cybersecurity team, led by our IT Manager, is responsible for implementing, monitoring, and maintaining cybersecurity and data protection practices across the company. Our IT Manager has over 13 years in cybersecurity work experience and managing all levels of the Company s on-premises and cloud infrastructure. Management Our management team periodically participates in the review of our cybersecurity systems, processes, threats and incidents with our internal cybersecurity team, including the controls and procedures that provide for the prompt escalation of certain cybersecurity incidents so that decisions regarding the public disclosure and reporting of such incidents can be made by management in a timely manner. Board of Directors The Audit Committee of the Company s Board of Directors (the Board ) is responsible for overseeing the Company s cyber risk. Management has established a process for the Audit Committee to receive regular updates that encompass a broad range of topics, including: Current cybersecurity threat landscape and emerging threats Status of ongoing cybersecurity initiatives and strategies Incident reports and learnings from unique cybersecurity events, including those of other companies Compliance status and efforts with regulatory requirements and industry standards Regulatory updates Vulnerability developments and Other cyber risk topics as requested by the Board.

Company Information