Sable Offshore Corp. 10-K Cybersecurity GRC - 2024-03-28

Page last updated on April 11, 2024

Sable Offshore Corp. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-28 17:21:32 EDT.

Filings

10-K filed on 2024-03-28

Sable Offshore Corp. filed an 10-K at 2024-03-28 17:21:32 EDT
Accession Number: 0001193125-24-080879

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Processes for Assessing, Identifying, and Managing Cybersecurity Risks Since the completion of the Business Combination on February 14, 2024, Management has been working to create a defined cybersecurity risk management program, but such program is not yet in place. Currently, our Information Technology team works to monitor, assess, identify and respond to potential cybersecurity incidents that threaten the Company, but does not do so pursuant to a formal policy or program. We intend to fully implement a cybersecurity risk management program by the end of this year. Currently, the Company has a formal Cyber Incident Response Plan, which we intend to test periodically for effectiveness. No Previous Material Cybersecurity Threats As of the date of this report, we are not aware of any previous cybersecurity threats that have materially affected or are reasonably likely to materially affect the Company. However, we acknowledge that cybersecurity threats are continually evolving, and the possibility of future cybersecurity incidents remains. Despite the security and risk management measures that we have implemented and any additional measures we may implement or adopt in the future, our facilities and systems, and those of our third-party service providers, have been and are vulnerable to security breaches, computer viruses, lost or misplaced data, programming errors, scams, burglary, human errors, acts of vandalism, misdirected wire transfers, or other malicious or criminal activities. A successful attack on our information or operational technology systems could have material consequences for the Company. While we intend to devote resources to our security measures to protect our systems and information during 2024, these measures cannot provide absolute security. See Item 1A. Risk Factors for additional information about the risks to our business associated with a breach or compromise to our information technology systems. Board of Directors Oversight of Cybersecurity Risks The audit committee of our Board is responsible for the oversight of risks from cybersecurity threats. As part of its oversight, our audit committee and certain members of the Company s management will meet quarterly to discuss ongoing initiatives and to facilitate coordination between Company stakeholders. At these meetings, our Vice President of Information Technology will review with our audit committee current and emerging cybersecurity threats, as well as key performance indicators for cybersecurity process maturity, operational performance, and enterprise performance in countering cybersecurity threats. Our Vice President of Information Technology will also annually review the Company s cybersecurity risk management program with our Board. Management s Role in Assessing and Managing Cybersecurity Risks Our Vice President of Information Technology is primarily responsible for assessing and managing the Company s material cybersecurity risks, monitoring the effectiveness of our cybersecurity detection and response processes and providing updates on cybersecurity to our executive team. Our Vice President of Information Technology has more than 25 years of experience working in the field of information technology, including significant experience directing enterprise-level cybersecurity programs.

Company Information