AMMO, INC. 10-K Cybersecurity GRC - 2024-06-13

Page last updated on July 16, 2024

AMMO, INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-06-13 17:26:50 EDT.

Filings

10-K filed on 2024-06-13

AMMO, INC. filed a 10-K at 2024-06-13 17:26:50 EDT
Accession Number: 0001493152-24-023731

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Risk management and strategy As a publicly traded ammo manufacturer and e-commerce outdoor company, we are acutely aware of the importance of robust cybersecurity measures in safeguarding our information assets, operational integrity, and reputation. Our approach to cybersecurity risk management is integrated into our broader risk management framework and overseen by our Board of Directors. We have established comprehensive processes to assess, identify, and manage material risks from cybersecurity threats. These processes include continuous evaluation of potential threats, regular security assessments of third-party service providers, and stringent monitoring procedures to mitigate risks related to data breaches and other security incidents. We periodically engage third-party consultants, legal advisors, and audit firms to evaluate and assess our risk management systems and to assist in the remediation of potential cybersecurity incidents, as necessary. 26 Our Information Security Program (“Program”) is designed to protect personal and proprietary information in compliance with federal and state requirements. The Program aims to: ● ensure the security and confidentiality of employee and customer personal information, as well as Company proprietary information; ● protect against anticipated threats or hazards to the security or integrity of such information; and ● prevent unauthorized access to, use of, or transfer of such information, thereby protecting the Company, its employees, and customers from potential harm or inconvenience. We use a variety of tools and services, including network monitoring, vulnerability assessments, and tabletop exercises, to enhance our cybersecurity posture. Our incident response plan is comprehensive, detailing procedures for preparing for, detecting, responding to, and recovering from cybersecurity incidents. This plan includes processes for triaging, assessing the severity of, escalating, containing, investigating, and remediating cybersecurity incidents, while ensuring compliance with relevant legal obligations. In addition to internal measures, we manage cybersecurity risks associated with third-party suppliers, particularly those with access to our systems or confidential data. We perform due diligence on critical third-party suppliers and monitor identified cybersecurity threats. We require these suppliers to contractually agree to manage their cybersecurity risks according to our standards or to submit to cybersecurity audits conducted by our agents. We regularly engage third-party experts to conduct information security testing, including penetration testing, on our systems and infrastructure. Our information security program undergoes periodic external assessments aligned with the National Institute of Standards and Technology Cybersecurity Framework and the Payment Card Industry Data Security Standard. This alignment helps us identify, assess, and manage cybersecurity risks relevant to our business. Governance Our Board of Directors oversee our cybersecurity risk management. Directors receive reports as requested from management, including senior IT leadership and third parties, on cybersecurity matters. Additionally, the Board of Directors is kept informed about cybersecurity risks as part of our overall enterprise risk management program and through regular business updates. Senior IT leaders and compliance officer are responsible for developing and implementing appropriate cybersecurity programs and ensuring our compliance with applicable laws and regulations. These leaders, equipped with relevant degrees, certifications, and extensive work experience, are informed by their cybersecurity teams about ongoing efforts to prevent, detect, mitigate, and remediate cybersecurity incidents. Information regarding cybersecurity risks is communicated through various channels, including direct discussions between key leaders and Company management, and reports to the Board of Directors and its committees. The Board of Directors regularly receives updates from our compliance officer and senior IT leadership on the status of our cybersecurity measures and any significant developments. Our commitment to cybersecurity is a fundamental aspect of our operational strategy, ensuring the protection of our information assets, the continuity of our operations, and the trust of our stakeholders.

Company Information