Canoo Inc. 10-K Cybersecurity GRC - 2024-04-01

Page last updated on July 16, 2024

Canoo Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-04-01 16:44:15 EDT.

Filings

10-K filed on 2024-04-01

Canoo Inc. filed a 10-K at 2024-04-01 16:44:15 EDT
Accession Number: 0001628280-24-014075

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Cybersecurity Risk Management and Strategy Cybersecurity risk management is an important part of the Company’s overall enterprise risk management systems and processes. Canoo utilizes industry standard cybersecurity frameworks including NIST CSF and ISO 27001 as part of our overall cybersecurity risk management program. This does not imply that we meet any particular technical standards, specifications or requirements, only that we use the frameworks as a guide to help us identify, assess and manage cybersecurity risks relevant to our business. Led by the Cybersecurity team with oversight by the Audit Committee of the Board and executive management, the program incorporates teams across the organization including Information Technology, Compliance, Legal and Product. The program utilizes risk assessments for the identification of material cybersecurity risks to critical systems, information, products, personnel, facilities, and technology environments. We operate cybersecurity threat intelligence and monitoring programs that utilize third-party tools and services, commercial and open-source threat intelligence, and cybersecurity communities like the Automotive ISAC to identify and assess threats. Security events are evaluated and prioritized for response and remediation. We encourage proactive vulnerability reporting through our vulnerability disclosure program, maintain appropriate incident response plans and procedures, and operate incident response teams capable of responding to cybersecurity incidents. We conduct regular internal workforce training and awareness programs, perform internal testing and assessments of controls where appropriate, and periodically engage external service providers and consultants to conduct assessments, evaluations, and penetration testing activities. Third-party risk management processes exist to minimize the material cybersecurity risks associated with our use of third-party suppliers, vendors and service providers. Cybersecurity risks, cyber risk ratings, cybersecurity program maturity and potential fourth-party risks are typically considered when selecting and performing oversight of third-party service providers . While we are in the process of increasing the resiliency of these processes across the board, our control over and ability to monitor the security posture of third-party vendors and service providers remains limited and there can be no assurance that we can prevent, mitigate or remediate the risk of any compromise or failure in the security infrastructure owned or controlled by such third parties. Additionally, any contractual protections with such third parties, including our right to indemnification, if any at all, may be limited or insufficient to prevent a negative impact on our business from such compromise or failure. Cybersecurity Governance The Audit Committee of the Board is responsible for oversight of cybersecurity risks. The Audit Committee and Board periodically and as necessary receive updates from the Cybersecurity team or external experts regarding the activities and performance of the cybersecurity risk management program, current and potential risks and threats, and other relevant cybersecurity topics.


Company Information

NameCanoo Inc.
CIK0001750153
SIC DescriptionMotor Vehicle Parts & Accessories
TickerGOEV - NasdaqGOEVW - Nasdaq
Website
CategoryNon-accelerated filer
Smaller reporting company
Fiscal Year EndDecember 30