Bunker Hill Mining Corp. 10-K Cybersecurity GRC - 2025-03-28

Page last updated on March 28, 2025

Bunker Hill Mining Corp. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-28 16:53:32 EDT.

Filings

10-K filed on 2025-03-28

Bunker Hill Mining Corp. filed a 10-K at 2025-03-28 16:53:32 EDT
Accession Number: 0001641172-25-001245

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Risk Management and Strategy We recognize the importance of assessing, identifying, and managing material risks associated with cybersecurity threats, as such term is defined in Item 106(a) of Regulation S-K. To identify and assess material risks from cybersecurity threats, our enterprise risk management program considers cybersecurity risks alongside other company risks as part of our overall risk assessment process. Our cybersecurity risk management strategy prioritizes (i) detection, analysis, and response to known, anticipated, or unexpected threats, (ii) effective management of security risks, and (iii) resiliency against incidents. We have implemented several cybersecurity processes, technologies, and controls to aid in our efforts to assess, identify, and manage material risks associated with cybersecurity threats. Such processes include technical security controls, policy enforcement mechanisms, monitoring systems, employee training, contractual arrangements, tools and related services from third-party providers, and management oversight. 23 Our risk-based control principles are based on the standards set by the National Institute of Standards and Technology (NIST), other industry-recognized standards, and contractual requirements, as applicable. Through these controls, we seek to maintain an information technology infrastructure that implements physical, administrative, and technical controls that are calibrated based on risk and designed to protect the confidentiality, integrity, and availability of our information systems and information stored on our networks. As part of our cybersecurity risk management strategy, we periodically engage with consultants, auditors, and other third parties to help identify areas for continued focus, improvement, and compliance . During the year ended December 2024 we engaged a third party firm to perform a cybersecurity audit. Their findings and considerations were reported to the executive team and the board of directors, and an implementation plan is being crafted. The report did not identify any risks that are reasonably likely to materially affect the Company, including its business strategy, results of operations, or financial condition. We also incorporate cybersecurity risk management considerations in our processes for selecting, evaluating, and overseeing third-party providers . In the last fiscal year, we have not identified risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents, that have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations, or financial condition. Governance The Audit Committee of our board of directors is responsible for board-level oversight of risks from cybersecurity threats, and the Audit Committee reports back to the full board of directors about this and other areas within its responsibility. As part of its oversight role, the Audit Committee receives reporting about our cybersecurity risk management and strategy processes covering topics such as data security, results from third-party assessments, progress towards cybersecurity risk management goals, our incident response plan, notable threats or incidents, and other developments related to cybersecurity, including through periodic updates from the Company’s CEO, other management team members, and consultants. Our cybersecurity risk management and strategy processes are led by the Company’s Chief Financial Officer (CFO). Such individual has over 20 years of prior work experience in various roles involving managing information security, developing cybersecurity strategy, implementing effective information and cybersecurity programs, as well as several relevant degrees and certifications .

Company Information