Trio Petroleum Corp. 10-K Cybersecurity GRC - 2025-01-17

Page last updated on January 17, 2025

Trio Petroleum Corp. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-01-17 16:05:44 EST.

Filings

10-K filed on 2025-01-17

Trio Petroleum Corp. filed a 10-K at 2025-01-17 16:05:44 EST
Accession Number: 0001493152-25-002760

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY. Cybersecurity attacks impact businesses and organizations of all sizes and sectors on a global basis. At Trio, we recognize the importance of developing, implementing and maintaining a cybersecurity risk management program. We are currently implementing resources to protect our systems and data, from cybersecurity threats. We are dependent on internal and external information technology systems and infrastructure to securely process, transmit, and store critical information. We are currently in the process of engaging an outsourced security firm for overseeing our cybersecurity. We seek to reduce cybersecurity risks through a variety of cybersecurity risk management activities that are designed to identify, assess, manage and mitigate cybersecurity threats. Risk Management Strategy The Company’s cybersecurity risk management program is focused on the following key areas: ● Governance: The cybersecurity risk management program is led by our outsourced security team. At present our Board of Directors does not oversee the cybersecurity risk management program, however, the Audit Committee of our Board of Directors is in the process of implementing procedures to obtain regular updates on our cybersecurity program, including recent developments, key initiatives to strengthen our systems, applicable industry standards, vulnerability assessments, third-party and independent reviews, and other information security considerations. ● Approach: We intend to use a cross-functional approach to identifying, preventing, assessing, and mitigating cybersecurity threats and incidents, while also implementing controls and procedures that are designed to provide for the prompt escalation of cybersecurity incidents and support appropriate public disclosure and reporting of incidents as required in a timely manner. Our cybersecurity efforts will include the use of risk-based administrative, technical, and physical controls. Trio is in the process of implementing an extensive set of policies, procedures, systems and tools designed to help safeguard our systems and data, including firewalls, intrusion detection systems, access controls including multi-factor authentication, vulnerability scanning, penetration testing, independent third-party control audits, an internal bug bounty program, and other systems and processes. ● Incident Response Planning: We intend to maintain a breach reporting and resolution plan that includes defined processes, roles, communications, responsibilities and procedures for responding to cybersecurity incidents and other events that impact our operations. Our incident response plans will be tested and evaluated on a regular basis. ● Education and Awareness: We plan to establish a security and privacy awareness program that runs throughout the year and includes training for all company personnel to enhance employee awareness of how to detect and respond to cybersecurity threats as well as more targeted training for company personnel that have increased responsibility for mitigating certain potential cybersecurity risks. 30 We plan to review and update our policies, procedures, processes and practices to address changes in the threat landscape and as a result of lessons learned from suspected, actual or simulated incidents. We also plan to review industry best practices to assist in evaluating responses to new challenges and risks. These evaluations include testing both the design and operational effectiveness of security controls. Cybersecurity Risks While we plan to dedicate significant efforts and resources to our cybersecurity program, we may be unable to successfully identify threats, prevent attacks, satisfactorily resolve cybersecurity incidents, or implement adequate mitigating controls. Any breach of our network security and information systems or other cybersecurity-related incidents that results in, or may result in, the loss, theft or unauthorized disclosure of data, or any delay in determining the full extent of a potential breach, could have a material adverse impact on our business, results of operations, and financial condition, including harm to our reputation and brand, reduced demand for our solutions, time-consuming and expensive litigation, fines, penalties, and other damages. To date and except as otherwise may be noted in this Annual Report, we are not aware of any cybersecurity threats, nor have we had any cybersecurity incidents.

Company Information