Global Clean Energy Holdings, Inc. 10-K Cybersecurity GRC - 2024-04-16

Page last updated on April 16, 2024

Global Clean Energy Holdings, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-04-16 16:49:42 EDT.

Filings

10-K filed on 2024-04-16

Global Clean Energy Holdings, Inc. filed an 10-K at 2024-04-16 16:49:42 EDT
Accession Number: 0001628280-24-016428

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C CYBERSECURITY. We have implemented procedures for assessing, identifying, and managing significant risks from cybersecurity threats and have incorporated these procedures into our overall risk management systems and processes. Our Board of Directors regularly evaluates significant risks from cybersecurity attacks, including any potential unauthorized occurrence on or conducted through our information systems that may adversely affect the confidentiality, integrity, or availability of our information systems or any information stored there. The program to manage cybersecurity risks has tools and activities designed to identify, examine, and manage current and potential cybersecurity threats, as well as plans and strategies to deal with threats and incidents. We use these risk assessments to design, implement, and maintain appropriate safeguards intended to mitigate identified risks, address any shortcomings in our existing safeguards, and regularly check how well our safeguards work. Our information technology ( IT ) department is primarily responsible for evaluating, overseeing, and handling our cybersecurity risks to manage the risk assessment and mitigation process. Our IT department and Company management work in close collaboration to check and improve our safeguards as part of our overall risk management program. This collaborative effort extends to our employees, whom we regularly train on these safeguards and keep informed of our cybersecurity policies through regular communications across the Company. This collective commitment to cybersecurity ensures that everyone in the organization is aware of their role in maintaining our security. When appropriate, we work with consultants or other third parties as part of our risk assessment processes. These partnerships are used to create and execute cybersecurity policies and procedures, including the notification of potential incidents. We ask key third-party service providers to confirm that they apply and keep appropriate cybersecurity measures in line with all relevant laws, to apply and keep reasonable cybersecurity measures when they work with us, and to promptly report any possible breach of their cybersecurity measures that could impact our Company. We have not identified risks from known cybersecurity threats that have materially affected us, including our business strategy, results of operations or financial condition, but we face certain ongoing cybersecurity risk threats that, if 26 Table of Contents realized, are reasonably likely to materially affect us. For additional information regarding these risks, please refer to Item 1A, Risk Factors .

Company Information