Terran Orbital Corp 10-K Cybersecurity GRC - 2024-04-01

Page last updated on April 11, 2024

Terran Orbital Corp reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-04-01 16:51:58 EDT.

Filings

10-K filed on 2024-04-01

Terran Orbital Corp filed an 10-K at 2024-04-01 16:51:58 EDT
Accession Number: 0000950170-24-039442

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. Cybersecurity Risk Management and Strategy We have developed and implemented a cybersecurity risk management program intended to protect the confidentiality, integrity, and availability of our critical systems and information. Our cybersecurity risk management program shares common methodologies, reporting channels and governance processes that apply to the other areas of enterprise risk, including legal, compliance, strategic, operational, and financial risk and is aligned to our business goals and strategy. Key elements of our cybersecurity risk management program include: a security team principally responsible for managing our cybersecurity risk assessment processes and our response to cybersecurity incidents risk assessments designed to help identify material cybersecurity risks to our critical systems, information, products, services, and our broader enterprise information technology environment the use of technologies, products, specialized IT tools and external service providers, where appropriate, to assess, test, understand, manage, mitigate and continually remediate identified risks, or otherwise assist with aspects of our security procedures a cybersecurity incident response plan that includes procedures for responding to cybersecurity incidents training and awareness programs for team members that include periodic and ongoing assessments to drive adoption and awareness of cybersecurity processes and procedures and a third-party risk management process for service providers, suppliers, and vendors. All cybersecurity risks are logged into our cybersecurity risk register where they are tracked for remediation. These cybersecurity risks are discussed with management for resolution planning and escalation. We leverage recognized cybersecurity frameworks to drive strategic direction and maturity improvement and engage third party security experts for risk assessments, risk mitigation actions, vulnerability identification, and program enhancements. In 2023, we did not identify any cybersecurity threats that have materially affected or are reasonably likely to materially affect our business strategy, results of operations, or financial condition. However, despite our efforts, we cannot eliminate all risks from 32 cybersecurity threats, or provide assurances that we have not experienced an undetected cybersecurity incident that could have a material negative impact. For more information about these risks, please see Item 1A. Risk Factors - Cyber-attacks and other security threats and disruptions could have a material adverse effect on our business in this annual report on Form 10-K. Cybersecurity Governance It is management s responsibility to manage cybersecurity risks, as described above, and bring to the Board s attention material risks. Our information security program is managed by our Senior Vice President and Chief Information Officer ( CIO ), who has over 25 years of IT Risk Management experience. The CIO s cybersecurity team, which includes a team of personnel with more than 30 years of collective information and product security experience, ranging from early-career professionals with cybersecurity degrees to seasoned professionals with multiple cybersecurity-related certifications, is responsible for leading enterprise-wide cybersecurity strategy, policy, standards, architecture, and processes. The CIO provides periodic reports to our management team and our Board, as appropriate. These reports include updates on the Company s cyber risks and threats, the status of related projects, assessments, and emerging threats. Our cybersecurity program is regularly evaluated and reported on to senior management and the Board.

Company Information