Cepton, Inc. 10-K Cybersecurity GRC - 2024-03-29

Page last updated on April 11, 2024

Cepton, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-29 17:59:52 EDT.

Filings

10-K filed on 2024-03-29

Cepton, Inc. filed an 10-K at 2024-03-29 17:59:52 EDT
Accession Number: 0001498233-24-000021

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk Management and Strategy We have processes in place to identify, assess and monitor material risks from cybersecurity threats, which are part of the our overall enterprise risk management process and have been embedded in our operating procedures and information systems. We also maintain a cybersecurity policy that is designed to protect our information systems and the information residing therein against cybersecurity threats, including those arising from our use of third-party vendors. Our IT team utilizes customary industry practices to secure our information systems and the information residing therein, including user access controls, multi-factor authentication, recovery and backup mechanisms, anti-phishing trainings and incident review in combination with employee training. We engage third-party vendors for our key IT systems related to our financial statements, and review the Statement on Standards for Attestation Engagements 18 (SSAE 18) reports they produce. Governance Our Board of Directors (the Board ) oversees our enterprise risk management process, including the management of and governance over risks arising from cybersecurity threats. Our Chief Technology Officer ( CTO ) oversees our IT team, which is responsible for implementing, monitoring, and maintaining cybersecurity and data security practices of the Company as well as assessing and managing cybersecurity risks. Our CTO has a bachelor s degree in Computer Science, and has over 20 years of professional experience in the technology and application spaces, including over 10 years serving in a CTO capacity. Our CTO reports directly to the Chief Executive Officer ( CEO ). Based on the facts and circumstances and potential for a material cybersecurity threat or incident, our CEO then reports on such matters to our Board. Material Cybersecurity Risks, Threats & Incidents We rely on information technology and third-party vendors to support our operations, including the secure processing of personal, confidential, sensitive, proprietary and other types of information. We and our vendors may not be able to protect all of our respective information systems, and any material failure, weakness, interruption, cyber event, incident or breach of security could prevent us from effectively operating our business and subject us to regulatory actions or litigation. While we have not experienced any material cybersecurity incidents, we may be subject to attacks, threats or incidents in the future. As our business grows and our brand awareness in the Automotive and Smart Infrastructure market increases, we expect to face increased cybersecurity risks and threats, and may be more likely to experience a material cybersecurity incident. To date, we do not believe that known risks from cybersecurity threats, including as a result of any previous cybersecurity incidents that we are aware of, have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations or financial condition. However, we can give no assurance that we have detected all cybersecurity incidents or cybersecurity threats. Please see Item 1A, Risk Factors in this Report for additional information about the risks associated with cybersecurity threats.

Company Information