U.S. GoldMining Inc. 10-K Cybersecurity GRC - 2025-03-27

Page last updated on March 27, 2025

U.S. GoldMining Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-27 17:03:47 EDT.

Filings

10-K filed on 2025-03-27

U.S. GoldMining Inc. filed a 10-K at 2025-03-27 17:03:47 EDT
Accession Number: 0001641172-25-000962

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. We maintain programs and technologies to ensure that our information systems are effective and prepared for data privacy and cybersecurity risks, including regular oversight of our security programs for monitoring internal and external threats to ensure the confidentiality and privacy of our data. As the volume and complexity of cyber-attacks continue to evolve, we continue to enhance our security capabilities by continued investment in cyber technologies, further developing our internal cybersecurity personnel and educating our workforce regarding cyber-security and leveraging emerging technologies. Risk Management and Strategies Our board of directors have adopted a Cybersecurity Policy to serve as a standard for setting, reviewing and implementing our cybersecurity goals, objectives and targets. Our Cybersecurity Policy serves as a framework within which risks the confidentiality, integrity or availability of our assets within our information technology network and infrastructure (" Cyberspace “), and applies to all of our directors, officers, employees, consultants and contractors. We regularly perform evaluations of our security program and continue to implement controls aligned with industry guidelines to identify threats, detect attacks and protect data. Our risk management strategy is focused on three areas: (i) technology, being our hardware and software systems; (ii) processes , being our cybersecurity reporting, testing and other processes; and (iii) people, which refers to our internal cybersecurity personnel, external service providers and individual training and human interaction within our information technology and cybersecurity processes . When reviewing third-party information technology service providers, our engagement process customarily includes, among other things, a review of such providers’ cybersecurity measures. We periodically undertake cybersecurity audits, the results of which are reported to our Audit Committee. We have also implemented security monitoring programs designed to alert us of any suspicious activity and have developed an incident response program in the event of a security breach. We implement various training programs periodically to ensure that our employees and other personnel comply with internal processes and to enhance their cybersecurity awareness. Members of our board of directors and management overseeing our information security risk management approach are provided with opportunities for continuing education in cybersecurity and evolving cybersecurity risks in order to better understand and evaluate our preparedness. See also " Item 1A. Risk Factors - Risks Related to our Business and Industry - We rely on information technology systems and any inadequacy, failure, interruption or security breaches of those systems may harm our reputation and ability to effectively operate our business “. Governance Our board of directors oversees our Cybersecurity Policy primarily through the Audit Committee. The Audit Committee is responsible for the implementation of our oversight, programs, procedures and policies related to cybersecurity, cybersecurity risks, information security and data privacy, including reviewing our cybersecurity-related disclosures in our annual securities filings, monitoring (on an ongoing basis) the implementation and effectiveness of our Cybersecurity Policy and assessing potential risks to our Cyberspace and our risk exposure, resiliency of our processes, industry trends and best practices and any relevant cybersecurity and digital technology metrics. The Audit Committee reports regularly to our board of directors concerning the matters covered under the policy and advises our board of directors of any developments that it believes should have our board of directors’ consideration. Our chief executive officer and chief financial officer oversee the details of our information security risk management approach and may appoint team leads from various departments from time to time to assist with certain aspects of our cybersecurity risk mitigation strategy. Management is required to report to the Audit Committee on our strategy, risks, metrics and operations relating to cybersecurity and information security matters. Management is responsible for ensuring that personnel are provided with adequate resources and trainings to fully understand the guidelines and expectations for cybersecurity. Members of our management team may be asked by our chief financial officer to assist with IT security investigations in the event of a breach of our Cybersecurity Policy. Upon becoming aware of a potential violation of our policy or a breach of cybersecurity, the member of management must immediately document the violation and request the individual surrender possession of any devices that may have suffered a security breach. If any member of management that is unaware of the best course of action in dealing with an IT-related matter is required to contact our third-party IT representative. 22 All of our employees, consultants and contractors are encouraged to exercise professional judgement in using computing devices and network resources connected to the Cyberspace, and are strictly prohibited from certain acts enumerated in our Cybersecurity Policy including, among other things, access for non-business purposes, disabling our security features and requirement, exporting information or technologies without consent and password sharing. Violations or breaches of our Cybersecurity Policy or the associated schedules, standards or guidelines may result in suspension and/or discipline up to and including termination, in addition to administrative sanctions or legal actions.

Company Information