Cenntro Inc. 10-K Cybersecurity GRC - 2024-04-01

Page last updated on April 11, 2024

Cenntro Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-04-01 15:21:17 EDT.

Filings

10-K filed on 2024-04-01

Cenntro Inc. filed an 10-K at 2024-04-01 15:21:17 EDT
Accession Number: 0001140361-24-016853

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. Our ECVs are fitted with a networking device connecting the vehicle to our proprietary cloud-based software, which enables end-users to collect data about vehicle configuration, vehicle status and user efficiency through a system of digitally enabled components, which we sometimes refer to as smart components. With the permission of the end-users of the vehicles, we received data collected from approximately 950 Metro units that we put into service through a company affiliated with our former parent company, CAG Cayman, in the Chinese market. This data included vehicle-specific data collected for operational analysis, which we used to make improvements in the quality and durability of such components. We enable end-users to collect, store and analyze data using tools that we have developed but we do not have access to this end-user collected data unless we request and receive access from the end-user. We do not currently collect, use or store any vehicle-specific or driver-specific data in any region and do not intend to do so in the future. While to our knowledge no previous cybersecurity incidents have occurred, we seek to continuously expand and improve our information technology systems, including implementing new internally developed and/or external industry standard enterprise resource planning systems ( ERP systems ), to assist us in the management of our business. We maintain information technology measures designed to protect us against intellectual property theft, data breaches and other cyber-attacks. The implementation, maintenance and improvement of these systems require significant management time, support and cost. Moreover, there are inherent risks associated with developing, improving and expanding our core systems as well as implementing new systems, including the disruption of our data management, procurement, manufacturing execution, finance and supply chain processes. Elements our cybersecurity information technology measures include efforts to identify, prevent, detect, mitigate, and remediate cybersecurity risks and incidents through: Cybersecurity risk assessments for identification of material cybersecurity risks to our critical systems, information, products, and our technology environment Security personnel and vendors responsible for managing our cybersecurity risk assessment processes, our security controls, and our response to cybersecurity incidents Training and awareness programs for our personnel and senior management to drive adoption and awareness of cybersecurity processes and information technology measures A cybersecurity monitoring program responsible for tools that produce alerts and reports of suspicious activity for the prevention of and response to cybersecurity incidents Internal testing and assessments, where appropriate, of our cybersecurity information technology measures Management of external consultants and services engaged by us, where appropriate, to assess, test, or otherwise assist with aspects of our cybersecurity information technology measures and A third-party risk management process for evaluating cybersecurity threats associated with our use of service providers, suppliers, and vendors. Despite network security and back-up measures, our information technology systems are potentially vulnerable to physical or electronic break-ins, computer viruses and similar disruptive problems. Despite precautionary measures to prevent unanticipated problems that could affect our information technology systems, sustained or repeated system failures that interrupt our ability to generate and maintain data could adversely affect our ability to manage our data and inventory, procure parts or supplies or manufacture, sell, deliver ECVs, or achieve and maintain compliance with, or realize available benefits under, tax laws and other applicable regulations. 51 Table of Contents We cannot assure you that any of our new information technology systems or their required functionality will be effectively implemented, maintained or expanded as planned. If we do not successfully maintain our information technology or expand these systems as planned, our operations may be disrupted, our ability to accurately or timely report our financial results could be impaired, and deficiencies may arise in our internal control over financial reporting, which may adversely affect our ability to certify our financial results. Moreover, our proprietary information could be compromised or misappropriated, and our reputation may be adversely affected. If these systems or their functionality do not operate as we expect them to, we may be required to expend significant resources to make corrections or find alternative sources for performing these functions. The risks from cybersecurity threats are monitored and managed by the Company s information systems team members who have relevant expertise with such potential threats, and who operate in collaboration with other Company functions. The Company s Audit Committee is responsible for overseeing cybersecurity risk and are informed in a timely manner of any incidents considered potentially serious, together with details on the prevention, detection, mitigation and remediation of such incidents.

Company Information