TREES Corp (Colorado) 10-K Cybersecurity GRC - 2024-04-10

Page last updated on July 16, 2024

TREES Corp (Colorado) reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-04-10 13:18:44 EDT.

Filings

10-K filed on 2024-04-10

TREES Corp (Colorado) filed a 10-K at 2024-04-10 13:18:44 EDT
Accession Number: 0001213900-24-031818

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY. Cybersecurity Risk Management and Strategy The Company has processes in place to identify, assess, and monitor material risks from cybersecurity threats, which are part of the Company’s overall cybersecurity risk management strategy and have been embedded in the information systems operating procedures and internal controls. Our information technology (“IT”) function manages IT operations and continually evolves our systems to meet the constantly changing digital environment. We enhanced our workstation, server, email security, and network monitoring with managed detection and response and alerting capabilities. We perform periodic cybersecurity risk assessments to identify, assess, and prioritize potential risks to information, data assets, and infrastructure. The Company addresses identified risks and develops and implements controls to mitigate issues. The Company engages third parties in connection with its cybersecurity processes as appropriate. The Company has established processes to identify risks from cybersecurity threats associated with its third-party service providers. Employees with access to the Company’s network receive annual training information and updates on topics such as phishing, malware, and other cybersecurity risks. We work to continually evolve our systems to meet the constantly changing digital environment and continue to invest in the cybersecurity and resiliency of our networks and to enhance our internal controls and processes, which are designed to help protect our systems and infrastructure, and the information they contain. There have been no risks from cybersecurity threats that have materially affected or are reasonably likely to materially affect our business strategy, results of operations or financial condition. The nature of potential cybersecurity risks and threats are uncertain, and any future incidents, outages or breaches could have a material adverse effect on the Company’s business, financial conditions or results of operations. For more information about the cybersecurity risks we face, refer to the Risk Factors in section “Information Technology and Cybersecurity Risks” in Part I, Item 1A, “Risk Factors”. Cybersecurity Governance The Company’s Board of Directors, as a whole, has oversight responsibility for our strategic and operational risks. The Audit Committee of the Board of Directors is responsible for board-level oversight of cybersecurity risk, and the Audit Committee regularly reports risks and compliance actions to the Board. As part of its’ oversight role, the Audit Committee receives reporting about the Company’s strategy, programs, incidents and threats, and other developments and action items related to cybersecurity regularly throughout the year, including through periodic updates from the IT Administrator. Our cybersecurity program is managed by our IT Administrator who reports directly to our Chief Executive Officer. Our IT Administrator and the IT function monitor the prevention, mitigation, detection, and remediation of cybersecurity incidents through their management of, and participation in, the processes described above, including the operation of the Company’s incident response plans, which include appropriate escalation to the executive team and the Audit Committee. As discussed above, the IT Administrator reports at least semiannually to the Audit Committee about cybersecurity threat risks, among other cybersecurity related matters. 22

Company Information