Green Plains Inc. 10-K Cybersecurity GRC - 2026-02-10

Page last updated on February 10, 2026

Green Plains Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2026-02-10 16:18:12 EST.

Filings

10-K filed on 2026-02-10

Green Plains Inc. filed a 10-K at 2026-02-10 16:18:12 EST
Accession Number: 0001309402-26-000019

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. Risk Management and Strategy We promote a company-wide culture of cybersecurity risk management to ensure that cybersecurity risk considerations are an integral part of decision-making at all organizational levels. To protect the confidentiality, integrity and availability of our data and information systems, we have implemented cyber defenses and continuously enhance them to address evolving threats. Our information technology (IT) department actively monitors and evaluates our cybersecurity practices to ensure alignment with our business objectives and operational needs. Our cybersecurity program is comprehensive in scope and covers the systems supporting all our business operations. Our program is built on industry-standard frameworks, including the National Institute of Standards and Technology, and the Cybersecurity and Infrastructure Security Agency. We also follow applicable federal and state statutory and regulatory guidance and have adopted internal policies and standards in alignment with these federal and state requirements. Furthermore, we collaborate with external experts, consultants and auditors in routinely evaluating and testing our information systems controls. We have regular CISA vulnerability scans and cyber table-top exercises to help us test and refine our formal Cyber Incident Response Plan. We maintain a well-documented process to oversee cybersecurity risks associated with our third-party service providers. We evaluate our third parties prior to any engagements and review their System and Organization Controls reports to obtain reasonable assurance that their controls meet our security standards. Our IT policies communicate our expectations for employees and contractors regarding the security of our IT systems. We perform annual cyber security and technology processes training programs and regular third-party phishing campaigns to raise awareness of potential threats. Governance The Audit Committee of the Board of Directors has oversight of management's efforts with respect to IT systems and cybersecurity. As part of this oversight, the company's IT leader meets on a quarterly basis with the Audit Committee and on an annual basis with the company's Board of Directors. During these update meetings, IT provides the Audit Committee and Board of Directors updates regarding any changes around our cyber defenses, ongoing IT initiatives, and emerging threats and plans to pro-actively counter these threats. Management continuously monitors the effectiveness of our cybersecurity defenses and invests in regular, ongoing cybersecurity training for both our IT department and the organization overall. Our Director of IT Security brings over 25 years of cybersecurity experience, including an Information Technology Infrastructure background, Information Security Officer responsibilities, and experience managing multi-tier secure networks in the United States Air Force. Similarly, our Director of IT Infrastructure brings over 25 years of experience spanning a broad range of technologies. As of December 31, 2025, we have not identified an indication of a cybersecurity incident that would have a material impact on our business and consolidated financial statements. 27 T a b le of Contents

Company Information