i-80 Gold Corp. 10-K Cybersecurity GRC - 2025-04-01

Page last updated on April 1, 2025

i-80 Gold Corp. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-04-01 06:28:36 EDT.

Filings

10-K filed on 2025-04-01

i-80 Gold Corp. filed a 10-K at 2025-04-01 06:28:36 EDT
Accession Number: 0001628280-25-015753

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Risk Management and Strategy Overview Protecting the information systems, assets, data, and communication infrastructure is critical to the Company’s operations. Consequently, cybersecurity is prioritized through the implementation of a comprehensive cybersecurity risk management program that is managed by the executive team leadership in conjunction with the IT Department and falls within the boundaries of the overall organization risk management program. Key Principles of the Cybersecurity Risk Management Program: - Risk Management - a proactive approach to identifying and mitigating risks to protect the organization’s assets and integrity through third party assessments, internal assessments and global cybersecurity threat analysis. - Defense Strategy - adopts a robust defense approach to protect systems from potential threats, including an assumption of breach mindset. - Zero-Trust Architecture - implements a zero-trust philosophy, ensuring that no entity is inherently trusted without verification. - Least Privileged Access - employ strict identity and access management principles to limit user access based on necessity. - Mitigation and Management of Incidents or Disasters - our risk management program includes policies and procedures for incident response and mitigation. Key Components of the Cybersecurity Program: - Ongoing Detecting and Monitoring - Continuous surveillance of networks to identify threats and intrusions in real-time. - Vulnerability Assessment - Regular assessments conducted by both internal teams and external partners to identify system vulnerabilities. - Employee Training - Regular cybersecurity training and awareness campaigns are undertaken to equip employees with the knowledge needed to mitigate risks. - IT Leadership - The IT Department leads the implementation of the cybersecurity risk management program, ensuring adherence to Company and regulatory standards. Compliance Framework The cybersecurity program aligns with the National Institute of Standards and Technology’s Cybersecurity Framework. The IT Department, in collaboration with external vendors, diligently works to detect vulnerabilities, identify compromised devices, and maintain compliance across the organization’s IT systems. External Engagement The Company engages with third-party organizations to conduct regular assessments of compliance, controls, and overall risk management strategies, ensuring a comprehensive approach to cybersecurity. Quarterly vulnerability assessments are performed on external and internal systems, as well as a larger annual audit of system security and compliance. Responsibility and Communication The Company promotes a culture where cybersecurity awareness is recognized as everyone’s responsibility. Regular communications about cybersecurity risk mitigation and intrusion prevention measures are shared with senior management and the Board of Directors. Incident History The Company has not experienced any cybersecurity incidents during the year ended December 31, 2024, or in any prior year that resulted in interruptions to normal business operations or breaches of systems. Governance Structure IT Director’s Role - The IT Director leads the cybersecurity risk management program with over 25 years of experience in managing cybersecurity programs, auditing, and IT operations within the US mining and manufacturing sectors. They possess a bachelor’s degree in computer information security and a master’s degree in management information systems. Board of Directors Involvement - The Board is actively engaged in overseeing the cybersecurity program, receiving regular updates and assessments concerning governance and compliance. Quarterly updates from the IT Director cover the status of cybersecurity controls, exposures, and overall program results. The Board insists on being informed about any material cybersecurity incidents. This structured overview distills the essence of the cybersecurity risk management and governance processes within the Company, emphasizing the proactive approach to cybersecurity management and the involvement of leadership at all levels. 26 Table of C o ntents

Company Information