Amprius Technologies, Inc. 10-K Cybersecurity GRC - 2025-03-20

Page last updated on March 20, 2025

Amprius Technologies, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-20 17:01:53 EDT.

Filings

10-K filed on 2025-03-20

Amprius Technologies, Inc. filed a 10-K at 2025-03-20 17:01:53 EDT
Accession Number: 0001899287-25-000012

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity We recognize the critical importance of maintaining the safety and security of our systems and data and we believe we have a holistic process for assessing, identifying and managing cybersecurity and related risks. In general, we seek to address cybersecurity risks through a comprehensive, cross-functional approach. Our board of directors is actively involved in oversight of our risk management program, and cybersecurity represents an important component of our overall approach to enterprise risk management. Senior management also devotes significant resources to cybersecurity and risk management processes as well as to adapting to the changing cybersecurity landscape and responding to emerging threats in a timely and effective manner. Risk Management and Strategy We devote significant resources and designate high-level personnel, including our Chief Technology Officer (“CTO”), to manage the risk assessment and mitigation process. We conduct periodic risk assessments to identify cybersecurity threats, as well as assessments in the event of a material change in our business practices that may affect information systems that are vulnerable to such cybersecurity threats. These risk assessments include identification of reasonably foreseeable internal and external risks, the likelihood and potential damage that could result from such risks, and the sufficiency of existing policies, procedures, systems, and safeguards in place to manage such risks. Following these risk assessments, we re-design, implement, and maintain reasonable safeguards to minimize identified risks; reasonably address any identified gaps in existing safeguards; and regularly monitor the effectiveness of our safeguards. Index to Consolidated Financial Statements As part of our overall risk management system, we monitor and test our safeguards and train our employees on these safeguards, in collaboration with human resources, IT, and management. Personnel at all levels and departments are made aware of our cybersecurity policies through trainings and related documentation. We engage third parties in connection with our risk assessment processes . These service providers assist us in designing and implementing our cybersecurity policies and procedures, as well as in monitoring and testing our safeguards. We also engage third-party service providers in connection with our business. We require each such third-party service provider to certify that it has the ability to implement and maintain appropriate security measures, consistent with all applicable laws, to implement and maintain reasonable security measures in connection with their work with us, and to promptly report any suspected breach of its security measures that may affect our company. For additional information regarding cybersecurity threats that are reasonably likely to materially affect our company, including our business strategy, results of operations, or financial condition, please refer to the section titled “Risk Factors” above. Governance Our board of directors, led by the Audit Committee, oversees our enterprise risk management, including the management of risks arising from cybersecurity threats. Management provides the board of directors with quarterly cybersecurity reports, which include a review of key performance indicators, test results and related remediation, and recent threats and how the Company is managing those threats. Our board of directors also receives prompt and timely information regarding any cybersecurity incident that meets established reporting thresholds, as well as ongoing updates regarding any such incident until it has been remediated. The chairman of our board of directors, Mr. Donald R. Dixon, is a Director for Business Executives for National Security (BENS.org), and a member of the Aspen Institute’s Cybersecurity Group, the nation’s leading cross-sector public-private cybersecurity forum and he has extensive experience leading cyber security oversight. Our CTO is responsible for developing and implementing our information security program and reporting on cybersecurity matters to our board of directors. Our CTO has over 20 years of experience in managing IT, software and hardware systems and leading cybersecurity oversight. He works closely with our third-party managed service provider and managed security service provider to oversee cybersecurity risks, advise on employee trainings and respond to new risks and threats when they occur. We view cybersecurity as a shared responsibility by all operations, and we engage third-party vendors to periodically perform simulations and tabletop exercises across our company and incorporate other external resources and advisors as needed. All employees are required to complete online cybersecurity trainings every six months containing topics about cybersecurity risks awareness and how to prevent them, such as phishing, ransomware, malware, and social engineering attacks, among others. In addition, all newly hired employees are required to complete a one-hour online cybersecurity training during their onboarding process. We face a number of cybersecurity risks in connection with our business. Although such risks have not materially affected us, including our business strategy, results of operations or financial condition, to date, we have, from time to time, experienced threats to and breaches of our data and systems, including ransomware. While we maintain cybersecurity insurance, the costs related to cybersecurity threats or disruptions may not be fully insured. For more information about the cybersecurity risks we face, see the section titled “Risk Factors” above.

Company Information