SOUTH DAKOTA SOYBEAN PROCESSORS LLC 10-K Cybersecurity GRC - 2025-03-28

Page last updated on March 28, 2025

SOUTH DAKOTA SOYBEAN PROCESSORS LLC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-28 13:47:15 EDT.

Filings

10-K filed on 2025-03-28

SOUTH DAKOTA SOYBEAN PROCESSORS LLC filed a 10-K at 2025-03-28 13:47:15 EDT
Accession Number: 0001163609-25-000010

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. Risk Management and Strategy We recognize the importance of developing, implementing, and maintaining cybersecurity measures to safeguard our information and operational technologies and protect our data’s confidentiality, integrity, and availability. Our business is dependent upon our computer systems, devices, software, and networks (operational and information technology) to collect, process, and store the data necessary to conduct almost all aspects of our business, including the evaluation of acquisition and development opportunities, the monitoring and evaluation of our existing properties, the performance of any data from our operators, and the recording and reporting of financial information. Assessing, Identifying, and Managing Material Cybersecurity Risks & Integrated Overall Risk Management. We have processes to assess, identify, manage, and address material cybersecurity threats and incidents. These include, among other things, ongoing security awareness training for employees, mechanisms to detect and monitor unusual network activity, and containment and incident response tools. We regularly assess risks from cybersecurity 12 and technology threats and monitor our information systems for potential vulnerabilities. We monitor issues that are internally discovered or externally reported that may affect our systems and have processes to assess those issues for potential cybersecurity impact or risk. We have integrated cybersecurity risk management into our broader risk management framework to promote a company-wide culture of cybersecurity risk management. This integration is designed to include cybersecurity considerations in our decision-making processes at every level. Our IT Security Program (“ITSP”) Group and third-party service providers seek to continuously evaluate and address cybersecurity risks in alignment with our business objectives and operational needs and coordinate with our overall risk management framework. In the event of a cybersecurity incident, we maintain an incident response plan. This plan sets forth immediate actions to mitigate the impact of cybersecurity incidents, including referring certain matters to the our chief executive officer for additional evaluation and oversight, as well as long-term strategies for remediation and prevention of future cybersecurity incidents. Engaging Third Parties on Cybersecurity Risk Management. Recognizing the complexity and evolving nature of cybersecurity threats, we engage with third-party service providers, including cybersecurity assessors, and consultants, to evaluate and test our cybersecurity risk management systems. This enables us to leverage knowledge and insights to align our cybersecurity strategies and processes with best practices for our industry and size. Accordingly, we engage third-party service providers for regular cybersecurity-related audits, threat assessments, and consultation on security enhancements. Overseeing Third-Party Risk. Because we know the risks associated with engaging third-party service providers, we have implemented processes designed to oversee and manage these risks. It is our policy to conduct security assessments of all third-party service providers before engagement, and we aim to maintain ongoing monitoring for compliance with our cybersecurity standards. This monitoring includes regular assessments by our chief operations officer and ITSP Group. Cybersecurity Threats. As of the date of this Annual Report on Form 10-K, though we and our service providers have experienced certain cybersecurity incidents, we are not aware of any previous cybersecurity incidents that have materially affected or are reasonably likely to materially affect us, including our operations or financial condition. We acknowledge that cybersecurity threats are continually evolving, and the possibility of future cybersecurity incidents remains. Despite implementing our cybersecurity processes, our security measures cannot guarantee that a significant cybersecurity attack will not occur. While we devote resources to security measures designed to protect our systems and information, no security measure is infallible. See Item 1A. Risk Factors “Risk Factors Relating to Our Business.” We depend on computer and telecommunications systems, and failures in our systems or cyber security threats, attacks, or other disruptions could significantly disrupt our business operations." for additional information about the risks to our business associated with a breach or other compromise to our information and operational technology systems. Governance Board of Directors Oversight. Our board of managers has overall responsibility for the oversight of risk management, which includes cybersecurity risks. Our board receives periodic briefings on cybersecurity matters, including key risks to us, recent developments, and risk mitigation activities from members of management, who are responsible for overseeing our cybersecurity program. Management’s Role. Our cybersecurity risk assessment and management efforts are led by our chief operations officer, who is responsible for implementing and overseeing processes for the monitoring of our information systems, and the ITSP Group. Included in this responsibility is the deployment of cybersecurity measures and system audits to identify potential cybersecurity vulnerabilities. Our chief operations officer reports directly to our chief executive officer and board of managers.

Company Information