Venture Global, Inc. 10-K Cybersecurity GRC - 2025-03-06

Page last updated on March 6, 2025

Venture Global, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-06 06:02:10 EST.

Filings

10-K filed on 2025-03-06

Venture Global, Inc. filed a 10-K at 2025-03-06 06:02:10 EST
Accession Number: 0002007855-25-000010

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Cybersecurity Risk Management Cybersecurity risk management is a critical priority for our Company, and we recognize the increasing sophistication and prevalence of cyber threats globally. We face ongoing risks related to cyber-attacks, data breaches, and system disruptions, which could materially impact our operations, financial results, and reputation. These risks encompass a broad spectrum, including potential disruptions to our critical energy infrastructure, compromise of confidential or sensitive operational and commercial data, theft of intellectual property, and financial losses resulting from business interruption, remediation costs, and regulatory penalties. Our cybersecurity program is designed to align with industry-leading standards, including the widely recognized NIST Cybersecurity Framework (CSF), and provides a framework for handling cybersecurity threats and incidents, including threats and incidents associated with the use of services provided by third-party service providers. This framework guides our approach to cybersecurity risk management through five core principles: Identify, Protect, Detect, Respond, and Recover, which enable what we believe is a comprehensive and proactive security posture. Our cybersecurity program is comprised of policies, procedures, controls, and tools designed to mitigate cybersecurity risks. We maintain a risk assessment process which includes steps for identifying cybersecurity threats, assessing the severity and impact, identifying the source of a cybersecurity threat, including whether the cybersecurity threat is associated with a third-party service provider, implementing cybersecurity countermeasures and mitigation strategies and informing management and our board of directors of material cybersecurity threats and incidents. This program includes preventative controls, continuous monitoring, incident detection and response capabilities, and regular security assessments and updates. Our cybersecurity team also engages third-party security experts for risk assessment and system enhancements. We are committed to complying with all applicable cybersecurity regulations, including those relevant to the operation of US LNG export terminals and natural gas pipelines. Our facilities and maritime operations are subject to the Maritime Transportation Security Act, and we are dedicated to meeting its applicable cybersecurity-related requirements as enforced by the US Coast Guard and relevant guidance from agencies such as the Cybersecurity and Infrastructure Security Agency. We are committed to continuously enhancing our cybersecurity defenses and incident response plans to adapt to the evolving threat landscape and protect our assets and stakeholders. Given the nature of our operations, a particular area of focus is the security of our Operational Technology and Industrial Control Systems, which are essential for the safe and continuous operation of our liquefaction plants, terminals, and related infrastructure. Protecting these systems from cybersecurity threats is paramount to prevent operational disruptions, ensure safety, and maintain the reliability of our energy delivery. Our board of directors has overall oversight responsibility for our risk management, and, following our IPO, delegates cybersecurity risk management oversight to the audit committee. The audit committee is responsible for ensuring that management has processes in place designed to identify and evaluate cybersecurity risks to which we are exposed and implement processes and programs to manage cybersecurity risks and mitigate cybersecurity incidents. The audit committee reports material cybersecurity risks to our full board of directors. Cybersecurity governance is overseen by senior management, which is responsible for identifying, considering and assessing material cybersecurity risks on an ongoing basis, establishing processes to ensure that such potential cybersecurity risk exposures are monitored, putting in place appropriate mitigation measures and maintaining cybersecurity programs. Leadership for our cybersecurity program is provided by our Chief Information Officer, or CIO, who receives reports from our cybersecurity team and monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents. Our CIO is a seasoned executive with over 25 years of experience in Information Technology, including 18 years in cybersecurity leadership roles specifically within the energy industry. The CIO’s expertise is further underscored by prior service on the American Gas Association’s Distribution Natural Gas Information Sharing and Analysis Center and as a former President of Oregon’s InfraGard chapter, a partnership between the FBI and the private sector. Notably, the CIO also serves as our Chief Information Security Officer and is supported by a cybersecurity team with many years of experience led by a Vice President of Cybersecurity. 106 Table of contents Management, including the Chief Financial Officer and CIO, will update the audit committee on our cybersecurity programs, material cybersecurity risks, program assessments and mitigation strategies. The CIO will provide periodic cybersecurity reports that cover these topics and industry developments. Despite our efforts, we cannot eliminate all risks from cybersecurity threats, or provide assurances that we have not experienced an undetected cybersecurity incident. For more information about these risks, please see Item 1A.- Risk Factors -Risks Relating to Intellectual Property, Data Privacy and Cybersecurity-Hostile cyber intrusions, or other issues with our information technology, could severely impair our operations, lead to the disclosure of confidential information, damage our reputation and otherwise have a material adverse effect on our business of this Form 10-K.

Company Information