ClearSign Technologies Corp 10-K Cybersecurity GRC - 2024-04-01

Page last updated on April 11, 2024

ClearSign Technologies Corp reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-04-01 07:02:23 EDT.

Filings

10-K filed on 2024-04-01

ClearSign Technologies Corp filed an 10-K at 2024-04-01 07:02:23 EDT
Accession Number: 0001558370-24-004441

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY. We recognize the critical importance of developing, implementing, and maintaining robust cybersecurity measures to safeguard our information systems and protect the confidentiality, integrity, and availability of our data. Governance The audit committee oversees risks related to cybersecurity, including the security of corporate information and the steps management is taking to monitor and control these risks. Management regularly briefs the audit committee on our cybersecurity risk profile, potential threats, and continuous improvement initiatives. Our approach to managing cybersecurity risks is part of a continuous improvement process, both in the context of cybersecurity and broader operational risk management. This ongoing process, which includes employee training, is aimed at routinely reviewing and, as necessary, enhancing our oversight processes and tools to ensure they remain effective and resilient in their management of cybersecurity risk. Risk Management and Strategy We engage a third-party Managed Service Provider (MSP) to implement technology infrastructure and oversee its tactical operations. Our MSP employs multiple people with experience in technical leadership, system architecture, network infrastructure and cybersecurity. We believe using an MSP provides economies of scale for a smaller-sized company such as ours, by allowing us access to a broad range of experience and tool sets that would otherwise be difficult to acquire in-house. Our MSP uses specialized third-party services and tool sets for identifying, protecting against, and detecting cyber incidents. Through these services and tools, our detection capabilities include, but are not limited to, near real-time monitoring, intrusion detection systems, and advanced analytics to identify abnormal patterns of behavior. These third-party detection tools provide near real-time alerts, log aggregation, and threat intelligence feeds. In addition, we engage cybersecurity consultants, unaffiliated with our MSP, to advise management, assess our technology tools and review our cybersecurity practices. Our consultants utilize the National Institute of Standards and Technology (NIST) Cybersecurity Framework to assess our cybersecurity risk and governance practices. The NIST Cybersecurity Framework enables organizations, regardless of size, to apply principles and best practices of risk management to improve security and resilience. Material Impact of Cybersecurity Threats While to date we are not aware of any material information security breaches and have not incurred significant operating expenses related to information security breaches, we acknowledge the persistent and evolving nature of these threats, which have the potential to materially impact our business strategy, operations, and financial standing adversely. See Item 1A, Risk Factors under the risks related to our business section for more information. Our incident response practices require incident assessments to be conducted in concert with our CEO, CFO and MSP. This enables faster response and effective communication, including public disclosure if a material cybersecurity event were to occur. 21 Table of Contents

Company Information