AleAnna, Inc. 10-K Cybersecurity GRC - 2025-03-31

Page last updated on March 31, 2025

AleAnna, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-31 16:01:42 EDT.

Filings

10-K filed on 2025-03-31

AleAnna, Inc. filed a 10-K at 2025-03-31 16:01:42 EDT
Accession Number: 0001213900-25-026222

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk management and strategy We have established processes for assessing, identifying, and managing material risk from cybersecurity threats, and have integrated these processes into our overall risk management systems and processes. We routinely assess material risks from cybersecurity threats, including any potential unauthorized attempts to access our information systems that may result in adverse effects on the confidentiality, integrity, or availability of those systems. These risk assessments include identification of reasonably foreseeable internal and external risks, the likelihood and potential damage that could result from such risks, and the sufficiency of existing policies, procedures, systems, and safeguards in place to manage such risks. Following these risk assessments, if necessary, we would re-design and implement reasonable additional safeguards to minimize identified risks and address any identified gaps in existing safeguards. Primary responsibility for assessing, monitoring, and managing our cybersecurity risks rests with our third-party IT service provider who reports to our Chief Accounting Officer, to manage the risk assessment and mitigation process. As part of our overall risk management system, we monitor and test our safeguards and we train our relevant employees on these safeguards, in collaboration with our third-party IT provider and management. Since users are typically the weakest link in any information system, we periodically train all our employees on good cybersecurity practices, including password management, phishing prevention, and other security awareness issues. We have not encountered cybersecurity threats or challenges that have materially impaired our operations, business strategy or financial condition. Governance Our Board of Directors is responsible for monitoring and assessing strategic risk exposure including cybersecurity risk, and our executive officers are responsible for the day-to-day management of the material risks we face. Our Board of Directors administers its cybersecurity risk oversight function directly as a whole, as well as through the Audit Committee. Our Chief Accounting Officer is primarily responsible for assessing and managing our material risks from cybersecurity threats with assistance from our third-party IT service provider. Our Chief Accounting Officer oversees our cybersecurity policies and processes, coordinating with our third-party IT service provider, which has over 20 years of experience and expertise in cybersecurity risk management. The third-party service provider is responsible for implementing cybersecurity measures and monitoring for threats. Our Chief Accounting Officer will provide periodic briefings to the Executive Director, the Audit Committee and/or the Board of Directors as needed regarding any material cybersecurity risks or activities, including any recent cybersecurity incidents and related responses, based on information provided by the third-party service provider. 53

Company Information