Loop Industries, Inc. 10-K Cybersecurity GRC - 2024-05-29

Page last updated on July 16, 2024

Loop Industries, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-05-29 16:56:09 EDT.

Filings

10-K filed on 2024-05-29

Loop Industries, Inc. filed a 10-K at 2024-05-29 16:56:09 EDT
Accession Number: 0001654954-24-007029

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Cybersecurity Risk Management and Strategy Assessment, identification and management of material risks from cybersecurity threats are integrated into the Company’s overall risk management processes to promote a company-wide culture of cybersecurity risk management. Our Chief Financial Officer is responsible for the evaluation of material risks from cybersecurity threats and reports to both the Company’s executive management team and the Audit Committee of the Board of Directors. We also regularly use third-party service providers to assist us to identify, assess, and manage material risks from cybersecurity threats, including cybersecurity consultants, as well as data backup and recovery providers. We have implemented and maintain information security processes designed to identify, assess, and manage material risks from cybersecurity threats to our critical networks, third-party hosted services, communications systems, hardware and software, and our critical data, including intellectual property and confidential information that is proprietary, strategic, or competitive in nature (“Information Systems and Data”). The Chief Financial Officer is responsible, with the support of the Company’s internal IT staff and external service providers, for helping to identify, assess and manage the Company’s cybersecurity threats and risks, using internal resources as well as third-party service providers, by monitoring our threat environment using, among other things, manual processes, automated tools, internal audits, threat and vulnerability assessments, evaluating threats reported to us, evaluating our risk profile, and subscribing to reports and services that identify cybersecurity threats. We implement and maintain various technical, physical, and organizational measures, processes, and policies designed to manage and mitigate material risks from cybersecurity threats to our Information Systems and Data. These include amongst others data encryption, risk assessments, network security and access controls, physical security, asset management, and systems monitoring. In addition, to oversee and identify any risks associated with our use of third-party service providers, we review Service Organization Controls reports of such third-party service providers when onboarding the provider and annually thereafter. To protect our information systems from cybersecurity threats, we use various security tools that help prevent, identify, escalate, investigate, resolve and recover from identified vulnerabilities and security incidents in a timely manner. These include, but are not limited to, internal reporting, monitoring and detection tools, some of which are managed by a third-party service provider. For a description of the risks from cybersecurity threats that may materially affect the Company and how they may do so, see our risk factors under Part I. Item 1A. Risk Factors in this Annual Report on Form 10-K. Cybersecurity threats have not materially affected the Company, including its business strategy, results of operations or financial condition. The Company does not believe that cybersecurity threats resulting from any previous cybersecurity incidents of which it is aware are reasonably likely to materially affect the Company. Cybersecurity Governance Our Board of Directors oversees the Company’s risk management process, including cybersecurity risks, directly and through its committees. Pursuant to the Audit Committee Charter, the Audit Committee of the Board of Directors oversees management’s processes for identifying, monitoring and addressing enterprise risks. In addition, the Audit Committee of the Board of Directors discusses with management the adequacy and effectiveness of the Company’s policies and procedures regarding information technology risk management and internal controls related to cybersecurity. Our cybersecurity risk assessment and management processes are implemented and maintained by certain members of the Company’s management. In particular, the Chief Financial Officer is responsible for hiring appropriate personnel and engaging external service providers with relevant cybersecurity expertise, helping to integrate cybersecurity risk considerations into the Company’s overall risk management strategy, and communicating key priorities to relevant personnel, helping prepare for cybersecurity incidents, approving cybersecurity processes and technologies, and reviewing security assessments and other security-related reports. In addition, the Chief Financial Officer provides reports to the Audit Committee concerning the Company’s cybersecurity posture and significant threats and risks and the processes to address them. Our security incident response plan (“SIRP”) is designed to escalate certain cybersecurity incidents to members of the Company’s executive management team depending on the circumstances. The Chief Financial Officer and relevant department heads work with our incident response team to help the Company mitigate and remediate cybersecurity incidents of which they are notified. The SIRP provides for escalation of potentially material cybersecurity incidents to the Audit Committee.

Company Information