374Water Inc. 10-K Cybersecurity GRC - 2025-03-27

Page last updated on March 28, 2025

374Water Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-27 21:28:20 EDT.

Filings

10-K filed on 2025-03-27

374Water Inc. filed a 10-K at 2025-03-27 21:28:20 EDT
Accession Number: 0001654954-25-003443

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Cybersecurity Risk Management and Strategy We have developed and implemented a cybersecurity risk management program intended to protect the confidentiality, integrity, and availability of our critical systems and information. We have implemented a number of security measures designed to protect its systems and data, including firewalls, antivirus and malware detection tools, patches, log monitors, routine back-ups, system audits, system hardening, penetration testing and privileged access session management. In addition, we have continued its efforts to migrate its platforms to cloud-based computing, which is designed to further strengthen its security posture. We also hired a information technology manager to oversee and identify any risks from cybersecurity threats associated with our use of third-party service providers. Our cybersecurity risk management program is integrated into our overall enterprise risk management program and shares common methodologies, reporting channels, and governance processes that apply across the enterprise risk management program to other legal, compliance, strategic, operational, and financial risk areas. Our cybersecurity risk management program includes the following: · risk assessments designed to help identify material cybersecurity risks to our critical systems, information, products, services, and our broader enterprise IT environment; · a security team led and supervised by our information technology manager, which is principally responsible for managing (1) our cybersecurity risk assessment processes, (2) our security controls, and (3) our response to cybersecurity incidents; · the use of external service providers, where appropriate, to assess, test, or otherwise assist with aspects of our security control, as well as processes to oversee and identify any cybersecurity risks associated with our use of third-party service providers; · cybersecurity awareness training of our employees, incident response personnel, and senior management; and · a cybersecurity incident response plan that includes procedures for responding to cybersecurity incidents. There can be no assurance that our cybersecurity risk management program and processes, including our policies, controls or procedures, will be fully implemented, complied with or effective in protecting our systems and information. Cybersecurity Governance Our Chief Administrative Officer (“CAO”) is primarily responsible for assessing and managing our material risks from cybersecurity threats. Our CAO leads our security team and coordinates with our Chief Executive Officer, Chief Financial Officer and Information Technology Manager to fully integrate our cybersecurity risk management programs with our overall enterprise risk management program. Our Information Technology Manager CAO is responsible for overseeing and managing all potential and actual incidents that are identified by our security team. Our security team regularly updates our systems with updates, anti-virus signatures, policies and security best practices. At least annually, our CAO reports to the Audit Committee of the Board updates to the Company’s cybersecurity risk management program and any material cyber incidents. Our Sr Information Technology Manager has extensive expertise and experience on cybersecurity matters, including identification, remediation, and management.. Our Board considers cybersecurity risks as part of its risk oversight function and has delegated to the Audit Committee oversight of cybersecurity and other information technology risks. The Audit Committee oversees management’s implementation of our cybersecurity risk management program and receives updates on the cybersecurity risk management program from management at least annually. In addition, management updates the Audit Committee regarding any material or significant cybersecurity incidents, as well as incidents with lesser impact potential as necessary. The Audit Committee reports to the full Board annually regarding cybersecurity. Ongoing Risks We have not experienced any material cybersecurity incidents. We have not identified risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents, that have materially affected us, including our operations, business strategy, results of operations, or financial condition. Incident Response and Assessment Policies and Procedures We align with industry-standard cybersecurity frameworks designed to protect the company and customer data from unintentional disclosure, cybersecurity events, and other threats of all severity levels. As part of our alignment with these frameworks we are in the process of implementing a Cybersecurity Incident Response Plan that outlines actions to be taken after identifying a suspected information security breach and the people responsible for managing those actions. Additionally, this plan will outline communication responsibilities during incidents of all severity levels.

Company Information