Planet Labs PBC 10-K Cybersecurity GRC - 2024-03-28

Page last updated on April 11, 2024

Planet Labs PBC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-28 17:44:14 EDT.

Filings

10-K filed on 2024-03-28

Planet Labs PBC filed an 10-K at 2024-03-28 17:44:14 EDT
Accession Number: 0001836833-24-000037

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Cybersecurity Risk Management and Strategy We have developed and implemented Information Technology ( IT ) and cybersecurity risk management policies, standards, processes and practices intended to protect the confidentiality, integrity, and availability of our critical systems and information. We operate complex terrestrial and orbital computer networks and systems, in a challenging and dynamic geopolitical environment, comprising four interdependent security domains including: corporate security, space segment, data pipeline, and customer delivery. We believe we have a comprehensive, cross-functional approach to identifying, preventing and mitigating cybersecurity threats and incidents, while also implementing controls and procedures that are designed for the prompt escalation of certain cybersecurity incidents so that any necessary decisions can be made by management in a timely manner. Planet maintains a comprehensive Information Security Management System as part of its risk management strategy. We develop our platform and programs using a secure development lifecycle that takes into account industry standards and recommended practices. This includes security training for employees and contractors with access to company systems and data, formal security risk assessments, security design reviews, vulnerability management, security testing and verification of critical systems via in-house and third party penetration tests, proactive survivability planning, and third party risk management. Planet s secure development lifecycle leverages industry standard tools, guidelines and practices to identify and manage security vulnerabilities. Information about cybersecurity risks and our risk management processes is collected, analyzed and considered as part of our overall risk management program. We have a dedicated security team responsible for performing risk assessments designed to help identify cybersecurity risks to our critical systems, information, services, and our broader enterprise IT environment managing our security controls, and informing our response to cybersecurity incidents. This team is composed of professionals with deep cybersecurity expertise, including our chief security officer, who has twenty plus years of military, public, and private sector cybersecurity experience. Additionally, our internal auditors independently test our IT and cybersecurity controls. Our executive leadership team, along with 52 Table of Contents input from the above teams, are responsible for our overall risk management system and processes and regularly consider cybersecurity risks in the context of other material risks to the company. Our business strategy, results of operations and financial condition have not been materially affected by risks from cybersecurity threats, including as a result of previously identified cybersecurity incidents, but we cannot provide assurance that they will not be materially affected in the future by such risks or any future material incidents, particularly considering that cybersecurity threat actors are often highly sophisticated and nimble in their attacks. For more information on our cybersecurity related risks, see Item 1A Risk Factors of this Annual Report on Form 10-K. Governance Governance and oversight related to our cybersecurity risk management policies and processes are conducted at both our board level and our management levels. Our board of directors considers cybersecurity risk as part of its risk oversight function and has delegated oversight of cybersecurity risks to the audit committee. The audit committee oversees management s implementation of our cybersecurity risk management policies and processes. The audit committee receives periodic reports from management on our cybersecurity risks (this includes reports from our management risk committee, discussed below). In addition, executive leadership updates the audit committee, as necessary, regarding any significant cybersecurity incidents. The audit committee reports to the full board of directors regarding its activities, including those related to cybersecurity. Board members receive presentations on cybersecurity matters from our legal, security team or external experts as part of the board of director s continuing education on topics that impact our operations and risks. At the management level, our management risk committee, which includes members of our executive leadership and is led by our chief legal & administrative officer and chief financial officer, is responsible for assessing and managing IT and cybersecurity risks, in the context of other material risks to the company. Our management risk committee is informed about and monitors the prevention, detection, mitigation, and remediation of cybersecurity risks and incidents through various means, which may include, among other things, briefings with internal security personnel, threat intelligence and other information obtained from governmental, public or private sources, including external consultants engaged by us. We believe our dedicated security team and our management risk committee each play important roles in facilitating our cross-functional approach to identifying, preventing, mitigating and reporting cybersecurity threats and incidents and in ensuring our audit committee and board of directors are able to fulfill its oversight function in a timely manner. Additional information about the risks related to our cyber security appears in the Risk Factors section of this report.

Company Information