Astra Space, Inc. 10-K Cybersecurity GRC - 2024-04-17

Page last updated on April 18, 2024

Astra Space, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-04-17 18:03:18 EDT.

Filings

10-K filed on 2024-04-17

Astra Space, Inc. filed an 10-K at 2024-04-17 18:03:18 EDT
Accession Number: 0000950170-24-045209

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERS ECURITY. Overview We are committed to safeguarding our information a nd information systems from unauthorized access, use, disclosure, disruption, modification or destruction. We aim to incorporate industry best practices throughout our cybersecurity program. This program is supported by both management and our Board of Directors, including our Audit Committee. The Compliance Committee is responsible for identifying, monitoring and mitigating compliance risks, including cybersecurity, and is comprised of the Chief Compliance Officer & General Counsel, CEO, CFO, Chief Technology Officer, Chief Business Officer, Chief People Officer, Vice President of Information Technology ( VP IT ), Corporate Controller and Senior Director, Internal Audit. The Compliance Committee meets regularly during the year and receives periodic updates on cybersecurity risks from the VP IT. The Compliance Committee is responsible for assessing the materiality of cybersecurity incidents based on quantitative and qualitative materiality factors, and for providing recommendations on public disclosures of cybersecurity incidents to the Audit Committee if an incident is identified to be possibly material. The Compliance Committee also provides input and consideration into internal controls surrounding cybersecurity along with reviewing cybersecurity risks, mitigation strategies, ensuring the cybersecurity strategy is in alignment with business objectives and is incorporated into the overall risk management processes. The Company maintains a cybersecurity program that is designed to identify, protect from, detect, respond to, and recover from cybersecurity threats and risks, and protect the confidentiality, integrity, and availability of its information systems, including the information residing on such systems. The Department of Defense’s Cybersecurity Maturity Model Certification (“CMMC”) initiative safeguards sensitive information within the Defense Industrial Base by ensuring members meet cybersecurity requirements for handling controlled unclassified information and federal contract information. The CMMC initiative helps the Company inform its cybersecurity agenda and prioritize its cybersecurity activities. Additionally, the Company s cybersecurity program provides mechanisms for Employees to report any unusual or potentially malicious activity they observe. In addition, we have technology and information security processes, security and threat assessment plans and safeguards and periodic external service and service provider reviews in place led by our VP IT, governing our assessment, response and notifications internally and externally upon the occurrence of a cybersecurity incident. Depending on the nature and severity of an incident, this process provides for escalating notification to our CEO and the Board of Directors (including the Audit Committee chair). Cybersecurity Governance Board Oversight Our Board of Directors has overall responsibility for risk oversight and is currently overseeing Astra s business continuity risks, including cybersecurity risks, which occurs at both the full Board level and at the Board committee level through the Audit Committee. To help ensure effective oversight, the Audit Committee receives reports on information security and cybersecurity from the VP IT, at least four times a year including, but not limited to, analysis of events that have impacted our peers, updates on program maturity, regulatory compliance status and cybersecurity program status and updates. In addition, management updates the Audit Committee, as necessary, regarding any material cybersecurity incidents impacting the Company, as well as any incidents with lesser impact potential. The Audit Committee regularly briefs our Board of Directors on the matters communicated to the Audit Committee. Management s Role Our VP IT leads our information technology and cybersecurity function, including the role of Chief Information Security Officer ( CISO ), since early 2022. Our VP IT holds a Bachelor of Science in Cybersecurity and Information Assurance and is a systems security certified practitioner ( SSCP ). Our VP IT has served in various roles in information technology for over 25 years, including as vice president of a major cybersecurity company, where he directly oversaw the technical operations and cybersecurity. The VP IT oversees information security resources designed to assess and manage cybersecurity threats on a day-to-day basis. Notwithstanding the foregoing efforts, there can be no assurance that the security measures we employ will prevent malicious or unauthorized access to our systems or information. No security program can entirely eliminate the risk of human error or malicious acts that are outside our reasonable control. While we have not, as of the date of this Form 10-K, experienced a cybersecurity threat or incident that resulted in a material adverse impact to our business or operations, there can be no guarantee that we will not experience such an incident in the future. See Item 1A. Risk Factors for additional details regarding cybersecurity risks.

Company Information