Acreage Holdings, Inc. 10-K Cybersecurity GRC - 2024-04-29

Page last updated on April 30, 2024

Acreage Holdings, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-04-29 20:18:39 EDT.

Filings

10-K filed on 2024-04-29

Acreage Holdings, Inc. filed an 10-K at 2024-04-29 20:18:39 EDT
Accession Number: 0001762359-24-000023

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Cybersecurity Risk Management The Company has processes for assessing, identifying, and managing material risks from cybersecurity threats. These processes are integrated into the Company s overall risk management systems. These processes also include overseeing and identifying risks from cybersecurity threats associated with the use of third-party service providers. The Company has established monitoring procedures in its effort to mitigate risks related to data breaches or other security incidents originating from third parties. The Company, from time-to-time, may engage third-party consultants, legal advisors, and audit firms to evaluate and test the Company s risk management systems and assess and remediate certain potential cybersecurity incidents, as appropriate. Governance As part of our enterprise risk management program, the Board of Directors (the Board ) meets with our senior management team, which includes our Chief Executive Officer, Chief Financial Officer, and General Counsel to address risks associated with cybersecurity threats on a regular basis. The Board receives prompt and timely information regarding any cybersecurity incident that meets established reporting thresholds, as well as ongoing updates regarding any such incident until it has been resolved. Cybersecurity threats are one of the Company s most critical risks, with our Senior Director of Technology assigned as the executive risk owner. Our Senior Director of Technology, in coordination with our senior management team, works collaboratively across the Company to implement a program designed to protect the Company s information systems from cybersecurity threats and to promptly respond to any cybersecurity incidents in accordance with the Company s incident response and recovery plans. Multidisciplinary teams throughout the Company are deployed to address cybersecurity threats and to respond to cybersecurity incidents. Through ongoing communications with these teams, the Senior Director of Technology and the senior management team monitor the prevention, detection, mitigation and remediation of cybersecurity threats and incidents in real time and report such threats and incidents to the Board, when appropriate. Our Senior Director of Technology boasts over ten years of experience spearheading technology operations for organizations with a keen emphasis on cybersecurity. His extensive background has been pivotal in shaping our cybersecurity policies, implementing our cybersecurity program, and supervising information governance and compliance measures. During the year ended December 31, 2023, we did not identify any cybersecurity threats that have materially affected or are reasonably likely to materially affect our business strategy, results of operations, or financial condition. However, despite the capabilities, processes, and other security measures we employ that we believe are designed to detect, reduce, and mitigate the risk of cybersecurity incidents, we may not be aware of all vulnerabilities or might not accurately assess the risks of incidents, and such preventative measures cannot provide absolute security and may not be sufficient in all circumstances or mitigate all potential risks. See Item 1 A. Risk Factors for more information on the Company s cybersecurity-related risks. 74

Company Information