Pacific Green Technologies Inc. 10-K Cybersecurity GRC - 2025-06-20

Page last updated on June 20, 2025

Pacific Green Technologies Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-06-20 17:01:31 EDT.

Filings

10-K filed on 2025-06-20

Pacific Green Technologies Inc. filed a 10-K at 2025-06-20 17:01:31 EDT
Accession Number: 0001213900-25-056287

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Cybersecurity Risk Management Our Cyber Security risks are managed in the following manner. The Head of IT reviews Cyber Security risk on a regular basis as identified by our external IT service provider based on the current threat landscape and threat intelligence publicly available. These are with a background and understanding of ISO 27002 controls and IASME Cyber Essentials. These threats are then addressed by implementing appropriate technical and management controls or policies. The board are made aware of the risk, impact and approve a business response. 14 Our IT provider is responsible for asset management, automated patching, monitoring of critical systems, Security information and event management, incident detection and response, mobile device security and remote management of all the business digital assets. Our program is outlined within our IT Security Policy and includes but is not limited to: authentication and authorization procedures, employee security awareness training, logging and monitoring procedures, in transit and at rest encryption of certain data we deem sensitive, periodic vulnerability scanning, periodic phishing attack simulations. We also use external service providers, where appropriate, to assess, test or otherwise assist with aspects of our security processes. Since the beginning of the last financial year, we have identified and prevented risks from known cybersecurity threats that have not had any material affected on the business. For a discussion of how cybersecurity risks could materially affect us in the future, please see the risk factors set forth under the caption Part I, Item 1A, Risk Factors. Cybersecurity Governance We follow a practical approach to Cyber Security governance. Cyber Security governance is handled primarily within the IT team and reported directly to the CEO or any affected key management personnel as appropriate. The IT team brings over 25 years of collective experience in senior management, web, and application development. Working in close alignment with the CEO and executive leadership, the team maintains a strong understanding of the company’s business priorities, risk landscape, and governance requirements This in-house capability is further enhanced by a long-standing partnership with an outsourced IT provider with over 23 years of operation, offering access to a broad pool of expertise, including on-demand virtual CTO and CISO services. We follow an annual IT Security assessment based on the IASME Cyber Essentials framework which is approved by the UK government Cyber Security NCSC and implement policies and controls based on the understanding of ISO 27001 and NIST framework which assist the governance process. Our Senior management team are highly engaged and hands on with all areas of the business operations and are in close contact and communication with the Head of IT and act quickly to implement controls, policy and change within the business where it is communicated by the IT team.

Company Information