URANIUM ENERGY CORP 10-K Cybersecurity GRC - 2024-09-26

Page last updated on September 27, 2024

URANIUM ENERGY CORP reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-09-26 20:36:27 EDT.

Filings

10-K filed on 2024-09-26

URANIUM ENERGY CORP filed a 10-K at 2024-09-26 20:36:27 EDT
Accession Number: 0001437749-24-030107

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Globally, organizations are encountering cybersecurity incidents with growing frequency, and the nature of these threats is becoming more sophisticated and constantly changing. We recognize the importance of developing, implementing and maintaining strong cybersecurity policies and processes to protect our information systems and the confidentiality, integrity and accessibility and availability of our data. Risk Management and Strategy Managing Material Risks & Integrated Overall Risk Management We have developed and maintained policies, procedures and controls to mitigate material risks from cybersecurity threats, and assess and disclose information to investors concerning material cybersecurity incidents. Further, we have strategically integrated cybersecurity risk management into our broader risk management framework to promote awareness and attention to cybersecurity risk management Company wide. These risks are evaluated on an ongoing basis as part of our overall risk management strategy that is monitored and tracked by our Audit Committee. The lead information technology (“IT”) manager (the “IT Manager”) of the Company evaluates the effectiveness of the data and information systems, which is to protect the data and information systems from security threats. The evaluation stratifies IT systems based on the risk and severity of potential security breaches related to the data handled and assesses the effectiveness of the systems in safeguarding against cyber threats. The evaluation includes attributes such as physical security, network security, host security, application security and data security. Our Security Operations Center (“SOC”) continuously monitors for security events and threats, responding and escalating when appropriate. The IT Manager prepares a report which is then submitted to the Audit Committee, which is reviewed by the IT Manager and the Audit Committee. The IT Manager reports directly to the Audit Committee to review the Company’s information security and cybersecurity risks. Despite these efforts, no system is impenetrable, and we cannot provide assurances that we will prevent every attack or timely detect every incident. Engage Third-parties on Cyber-Risk Management We have engaged third-parties that supply IT services or have access to our systems or data to adhere to our security policies. These third parties provide detailed information on their established security controls via our risk assessment process. Specific certification may be required of critical third-party IT service providers. The Company will consider resource and capital constraints when determining the nature and timing of enhancing our cybersecurity infrastructure. Overseeing Risks stemming from Third-Party Service Providers We maintain comprehensive internal protocols to mitigate cybersecurity threats associated with our use of third-party service providers. We are currently enhancing these protocols to further strengthen our defenses and reduce potential vulnerabilities. Risks from Cybersecurity Threats We do not currently identify any major cybersecurity threats that have materially affected or are reasonably likely to materially affect us (including our business strategy, results of operations or financial condition). Governance Board of Directors Oversight Our Board of Directors recognizes the importance of information security and mitigating cybersecurity and other data security threats and risks as part of our efforts to protect and maintain the confidentiality and security of our employees, service providers, consultants and business associates, as well as non-public information about our Company. Although our full Board of Directors has ultimate responsibility with respect to risk management oversight, the Audit Committee of our Board of Directors is charged with and bears primary responsibility for, among other matters, overseeing risks specific to the identification and mitigation of cybersecurity risks. Management ’ s Role Managing Risk The IT Manager plays a pivotal role in informing the Audit Committee on cybersecurity risks. The IT Manager will immediately notify the Audit Committee and Board of Directors of any cybersecurity incident that is determined to be material. The IT Manager delivers focused updates to the Audit Committee annually, or more frequently as needed, in response to specific incidents or emerging threats. These briefings encompass a broad range of topics, including: ● Current cybersecurity landscape and emerging threats; ● Status of ongoing cybersecurity initiatives, strategies, and best practices; ● Incident reports and learnings from any cybersecurity events As we progress in the assessment and enhancement of our cybersecurity program, we plan to consider the following areas for enhancement and incorporation into the cybersecurity risk management and governance program in the future: ● Oversight of Third-Party cybersecurity risk; ● Engaging/ outsourcing Risk management Personnel; ● Monitoring system/ procedures for cybersecurity incidents; and ● Reporting to Board of Directors regarding cybersecurity risks and incidents Risk Management Personnel Primary responsibility for assessing, monitoring, and managing our cybersecurity risks rests with our Chief Financial Officer, Pat Obara, working in close coordination with Mr. James Hu, the IT Manager of our Company. Messrs. Obara and Hu have experience in overseeing IT functions, including cybersecurity. Mr. Hu graduated from Simon Fraser University with a major in Cognitive Science with a focus on computer science, with over 10 years of technical experience. His expertise is critical in designing, implementing and executing our cybersecurity strategies. Our IT Manager oversees our governance programs in partnership with our CFO, remediates known risks and leads our employee training program around cybersecurity.

Company Information