STRYVE FOODS, INC. 10-K Cybersecurity GRC - 2024-04-01

Page last updated on April 11, 2024

STRYVE FOODS, INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-04-01 17:16:55 EDT.

Filings

10-K filed on 2024-04-01

STRYVE FOODS, INC. filed an 10-K at 2024-04-01 17:16:55 EDT
Accession Number: 0000950170-24-039516

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY 36 The Board recognizes the critical importance of maintaining the trust and confidence of our customers, suppliers, business partners and employees. The Board is actively involved in oversight of the Company s risk management program, and cybersecurity represents an important component of the Company s overall approach to enterprise risk management ( ERM ). The Company s cybersecurity policies, standards, processes, and practices are fully integrated into the Company s ERM program and are based on recognized frameworks established by the National Institute of Standards and Technology, the International Organization for Standardization and other applicable industry standards. In general, the Company seeks to address cybersecurity risks through a comprehensive, cross-functional approach that is focused on preserving the confidentiality, security and availability of the information that the Company collects and stores by identifying, preventing and mitigating cybersecurity threats and effectively responding to cybersecurity incidents when they occur. Risk Management and Strategy As one of the critical elements of the Company s overall ERM approach, the Company s cybersecurity program is focused on the following key areas: risk assessments designed to help identify material cybersecurity risks to our critical systems, information, products, services, and our broader enterprise information technology environment technical safeguards that are designed to protect the Company s information systems from cybersecurity threats, including firewalls, intrusion prevention and detection systems, anti-malware functionality and access controls the use of external service providers, where appropriate, to assess, test or otherwise assist with aspects of our security procedures training and awareness programs for employees that include periodic and ongoing assessments to drive adoption and awareness of cybersecurity processes and procedures a cybersecurity incident response plan that includes procedures for responding to cybersecurity incidents and a third-party risk management process for service providers, suppliers, and vendors. No risks from previous cybersecurity threats have materially affected or are reasonably likely to materially affect Stryve s business, financial condition, results of operations and relationships with customers. We describe whether and how risks related to cybersecurity threats are reasonably likely to materially affect us, including our business, financial condition, results of operations and relationships with customers, in Item 1A of this Annual Report on Form 10-K. Governance Our Board is engaged in the oversight of cybersecurity threat risk management. As reflected in the Audit Committee s charter, the Board has specifically delegated responsibility for oversight of cybersecurity matters to the Audit Committee. The Audit Committee regularly receives updates on cybersecurity risks and the security and operations of our information technology systems from our Chief Financial Officer. The Board and the Audit Committee also receive prompt and timely information regarding any cybersecurity incident that meets established reporting thresholds, as well as ongoing updates regarding any such incident until it has been addressed. Management is responsible for developing cybersecurity programs. These individuals’ expertise in IT and cybersecurity generally has been gained from a combination of education, including relevant degrees, and prior work experience. They are informed by their respective cybersecurity teams about, and monitor, the prevention, detection, mitigation and remediation of cybersecurity incidents as part of the cybersecurity programs described above.

Company Information