UNITED STATES ANTIMONY CORP 10-K Cybersecurity GRC - 2024-04-12

Page last updated on April 15, 2024

UNITED STATES ANTIMONY CORP reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-04-12 17:23:12 EDT.

Filings

10-K filed on 2024-04-12

UNITED STATES ANTIMONY CORP filed an 10-K at 2024-04-12 17:23:12 EDT
Accession Number: 0001654954-24-004576

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. Risk Management and Strategy Our cybersecurity strategy prioritizes detection, analysis and response to known, anticipated or unexpected threats, effective management of security risks, and resiliency against incidents. Our cybersecurity risk management processes include accessing security controls, monitoring systems, tools and related services from third-party providers, and management oversight to assess, identify and manage material risks from cybersecurity threats. We engage a third-party information security officer who maintains, monitors, and ensures the security of our digital assets. We implement risk-based controls to protect our information, the information of our customers, suppliers, and other third parties, our information systems, our business operations, and our products. We maintain security programs that include physical and technical safeguards. We monitor cybersecurity vulnerabilities and potential attacks, and we evaluate the potential operational and financial effects of any threat and of cybersecurity countermeasures made to defend against such threats. We continue to integrate our cyber practices into our enterprise risk management practices, which is overseen by our Board of Directors. In addition, we assess the risks from cybersecurity threats, periodically engage third-party tools to assist us in enhancing and monitoring our cybersecurity risks, primarily spam and suspicious email filters, and regularly back up company information. We have experienced cybersecurity incidents, primarily related to phishing emails, and may in the future experience, whether directly or indirectly, cybersecurity incidents. While prior incidents have not materially affected our business strategy, results of operations, or financial condition, there is no guarantee that a future cyber incident would not materially affect our business strategy, results of operations, or financial condition. See risks related to cybersecurity and business disruptions in Risk Factors in this Form 10-K. 25 Table of Contents Governance Our Board of Directors is responsible for risk oversight. Our chief executive officer and chief financial officer, with input from and potentially attendance by our third-party information security officer, provide presentations to the Board of Directors on cybersecurity risks or threats as necessary. In the event of a potentially material cybersecurity event, the Chairman of the Board is notified and briefed, and a meeting of the full Board of Directors would be held, as appropriate. Management and the Company s third-party information security officer discuss information technology needs and activity and assess and manage material cybersecurity risks and the Company s practices for the prevention, detection, mitigation, and remediation of cybersecurity incidents, as necessary and appropriate. Our third-party information security officer has 30 years of experience in the IT management field and has consulted with large and mid-size corporations on proper IT processes and security. Our CEO during the year ended December 31, 2023 and our CFO have managed information technology departments during their careers. Our CFO was trained as an auditor and an information technology auditor at the public accounting firm of Ernst & Young LLP and audited public companies, information technology departments, and third-party information technology service providers for 12 years.

Company Information