Greenidge Generation Holdings Inc. 10-K Cybersecurity GRC - 2024-04-09

Page last updated on April 11, 2024

Greenidge Generation Holdings Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-04-09 21:56:15 EDT.

Filings

10-K filed on 2024-04-09

Greenidge Generation Holdings Inc. filed an 10-K at 2024-04-09 21:56:15 EDT
Accession Number: 0001628280-24-015540

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Cybersecurity Risk Management We recognize the importance of assessing, identifying, and managing material risks associated with cybersecurity threats, as such term is defined in Item 106(a) of Regulation S-K, and have developed and implemented a cybersecurity risk management program intended to protect the confidentiality, integrity, and availability of our critical systems and information. Our cybersecurity risk management program is an integral component of our overall information security platform sharing common governance processes that monitor, prevent, detect, mitigate, and remediate cybersecurity incidents and guiding continuous improvement to our broader enterprise IT infrastructure. In support of our cybersecurity risk management program, we have adopted an Information Security Policy and Incident Response Plan. The Information Security Policy and Incident Response Plan establishes a comprehensive guide of controls and operating procedures to enable internal and external teams to prepare, detect, contain, and recover from cybersecurity incidents. Our cybersecurity risk management program also includes: Cybersecurity risk assessments to evaluate our readiness if certain risks were to materialize Individuals, including management, employees, and external third party service providers, who are responsible for managing our cybersecurity risk assessment processes, our security controls, and our response to cybersecurity incidents The use of external service providers and tools, where appropriate, to assess, test, or otherwise assist with aspects of our security controls Cybersecurity awareness training of our employees, incident response planning and testing, and management and Third-party risk management processes for service providers, suppliers, and vendors. 50 In 2023, we did not identify any cybersecurity threats that have materially affected or are reasonably likely to materially affect our business strategy, results of operations or financial condition. However, despite our efforts, we may not be successful in eliminating all risks from cybersecurity threats and can provide no assurance that undetected cybersecurity incidents have not occurred. See Part I, Item 1A. Risk Factors Risks Related to Our Business of this Annual Report for more information regarding the cybersecurity risks we face. Cybersecurity Governance Our Board considers cybersecurity risk as part of its risk oversight function and has delegated to the Audit Committee oversight of cybersecurity and other information technology risks. The Audit Committee oversees management s implementation of our cybersecurity risk management program. The Audit Committee reports to the full Board regarding its activities, including those related to cybersecurity. Management updates the Audit Committee, as necessary, regarding any material cybersecurity incidents, as well as any incidents with lesser impact potential. In addition, our management team, comprised of senior staff and executives from multiple departments within the Company, including IT, finance, legal, and operations, leads all efforts for our overall cybersecurity risk management program and supervises both our internal information security personnel and our retained cybersecurity consultants.

Company Information