Safe & Green Development Corp 10-K Cybersecurity GRC - 2024-04-01

Page last updated on April 11, 2024

Safe & Green Development Corp reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-04-01 09:17:05 EDT.

Filings

10-K filed on 2024-04-01

Safe & Green Development Corp filed an 10-K at 2024-04-01 09:17:05 EDT
Accession Number: 0001213900-24-028274

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity We maintain a cyber risk management program designed to identify, assess, manage, mitigate, and respond to cybersecurity threats. Maintenance of IT assets, including daily security patch management. Periodic vulnerability scanning, identity access management controls including restricted access of privileged accounts (Multi-factor authentication enforced). Network integrity is safeguarded by employing web-based software, including endpoint protection, endpoint detection and response, spam gateway filtering, data loss prevention policies, SaaS monitoring, and remote monitoring on all devices. Industry-standard encryption protocols on workstations and email, critical data backups, and infrastructure maintenance. Incident response, cybersecurity strategy, and cyber risk advisory, assessment and remediation are maintained and supplied by a third party Security Operations Center (Solutions Granted) that is NIST 800-171 compliant. In addition, our cybersecurity framework is crafted to anticipate and address threats before they can cause harm. Our Security Operations Center (SOC) is operational 24/7, utilizing threat detection tools that meet SOCII requirements, guaranteeing an immediate response capability. We implement stringent access control policies to ensure that only authorized individuals can interact with sensitive client data. Our Identity and Access Management (IAM) systems conform to ISO/IEC 27001 standards, offering secure authentication processes that encompass multi-factor authentication (MFA) and role-based access controls (RBAC). These safeguards are essential in preserving the integrity and confidentiality of client information. We also employ Randtronics remote encryption technology to provide security for client data, whether it’s in use or at rest. We regularly evaluate and refine our encryption protocols to thwart new cryptographic challenges. The Audit Committee of the Board of Directors oversees our cybersecurity risk exposures and the steps taken by management to monitor and mitigate cybersecurity risks. Member(s) of management assigned with cybersecurity oversight responsibility and/or third-party consultants providing cyber risk services brief the Audit Committee on cyber vulnerabilities identified through the risk management process, the effectiveness of our cyber risk management program, and the emerging threat landscape and new cyberrisks.. This includes updates on our processes to prevent, detect, and mitigate cybersecurity incidents. The Audit Committee and management have engaged a third-party firm to oversee the complete audit of our cybersecurity and risk management systems to ensure the integrity of the systems that are in place. We face risks from cybersecurity threats that could have a material adverse effect on its business, financial condition, results of operations, cash flows or reputation. We acknowledge that the risk of cyber incident is prevalent in the current threat landscape and that a future cyber incident may occur in the normal course of its business. T o date, we have not had a cybersecurity incident. We proactively seek to detect and investigate unauthorized attempts and attacks against our IT assets, data, and services, and to prevent their occurrence and recurrence where practicable through changes or updates to internal processes and tools and changes or updates to service delivery however, potential vulnerabilities to known or unknown threats will remain. Further, there is increasing regulation regarding responses to cybersecurity incidents, including reporting to regulators, investors, and additional stakeholders, which could subject us to additional liability and reputational harm. In response to such risks, we have implemented initiatives such as implementation of the cybersecurity risk assessment process and development of an incident response plan. See Item 1A. Risk Factors for more information on cybersecurity risks. 26

Company Information