Local Bounti Corporation/DE 10-K Cybersecurity GRC - 2025-03-31

Page last updated on March 31, 2025

Local Bounti Corporation/DE reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-31 17:22:00 EDT.

Filings

10-K filed on 2025-03-31

Local Bounti Corporation/DE filed a 10-K at 2025-03-31 17:22:00 EDT
Accession Number: 0001840780-25-000009

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Cybersecurity Risk Management and Strategy We recognize the importance of assessing, identifying, and managing material risks associated with cybersecurity threats. These risks include, among other things, operational risks, intellectual property theft, fraud, extortion, harm to employees or customers, violation of privacy or security laws, other litigation and legal risks, and reputational risks. To aid in our efforts to assess, identify, and manage any material risks, we have implemented several cybersecurity processes, technologies, and controls . Our process for identifying and assessing material risks from cybersecurity threats operates within our broader overall risk management program. As part of this program, our Chief Information Officer (“CIO”) and Vice President of Internal Audit collaborate with subject matter specialists throughout the Company, as necessary, to gather insights for identifying and assessing material risks throughout the Company, including cybersecurity threat risks. In addition, we also have business processes to provide for critical data and systems availability, maintain regulatory compliance, identify and manage our risks from cybersecurity threats, and protect against, detect, and respond to cybersecurity incidents. Our Cybersecurity Incident Response Plan (“IRP”) coordinates the activities we take to prepare for, detect, respond to, and recover from cybersecurity incidents, which include processes to detect, analyze, validate, investigate, contain, and remediate the incident, as well as to comply with potentially applicable legal obligations and mitigate brand and reputational damage. Our processes also address cybersecurity threat risks associated with third-party service providers that may have access to our data or systems. Third-party risks are included within our broader overall risk assessment process, as well as our cybersecurity-specific risk identification program, both of which are discussed above. In addition, cybersecurity considerations may affect the selection and oversight of our third-party service providers. Cybersecurity Governance Cybersecurity is an important part of our risk management processes and an area of increasing focus for our Board and management. The Audit Committee of our Board is responsible for the oversight of risks from cybersecurity threats. The Audit Committee regularly receives an overview of our cybersecurity activities from management. Material cybersecurity threat risks may also be considered during separate Board discussions of important matters such as enterprise risk management, budgeting, and other relevant matters. Our cybersecurity risk management and strategy processes are led by our CIO , who reports directly to our President and Chief Financial Officer. Our CIO meets with the Audit Committee of our Board as part of the governance process described above. This individual has prior work experience in various roles involving managing information security and risk management, developing cybersecurity strategies, and implementing cybersecurity programs. The IT subject matter experts meet quarterly to review the cybersecurity framework provided by the National Institute of Standards and Technology and evaluate current cybersecurity processes and procedures.

Company Information