ALTAIR INTERNATIONAL CORP. 10-K Cybersecurity GRC - 2025-04-07

Page last updated on April 8, 2025

ALTAIR INTERNATIONAL CORP. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-04-07 17:24:03 EDT.

Filings

10-K filed on 2025-04-07

ALTAIR INTERNATIONAL CORP. filed a 10-K at 2025-04-07 17:24:03 EDT
Accession Number: 0001683168-25-002316

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Risk Management and Strategy The Company’s cybersecurity risk management practices are intended to assess, identify and manage risks from threats to the security of our information, systems, products and network. We have developed and implemented cybersecurity and data privacy processes and procedures that are informed by recognized cybersecurity frameworks and standards, including the National Institute of Standards and Technology (NIST) Cybersecurity Framework and International Organization for Standardization 27001 (ISO 27001) Framework. We use these frameworks, together with information collected from assessments, to tailor aspects of our cybersecurity and data privacy practices given the nature of our assets, operations and business. Key features of our cybersecurity and data privacy processes and procedures include the following: · Risk-based controls for information systems and information on our networks: We seek to maintain an information technology infrastructure that implements controls that are tailored based on risk and designed to protect the confidentiality, integrity and access to our information systems and information stored on our networks, including member, customer and employee information, intellectual property and proprietary information. We employ in-depth defense mechanisms throughout our enterprise, including, but not limited to, employee training, vulnerability management, multi-factor authentication, cybersecurity insurance and managed security services to monitor, mitigate and/or prevent cybersecurity incidents. · Cybersecurity incident management and response : We have a cybersecurity incident response plan and specified teams to respond to cybersecurity incidents. If a cybersecurity incident occurs or we identify a vulnerability, our cross-functional teams lead the initial assessment of priority and severity, and external experts may also be engaged as appropriate. Our cybersecurity teams assist in responding to incidents depending on severity levels and seek to improve our cybersecurity incident management plan through periodic simulations of common incidents. Further, we work closely with our external managed security services experts to provide ongoing monitoring and to augment our internal cybersecurity team with incident management and response specialists. · Cybersecurity awareness and training : Our employees are required to complete security awareness training and a compliance course annually, which we believe helps our employees understand their information protection and cybersecurity responsibilities. We also provide additional training to certain employees in accordance with member or customer requirements and regulatory obligations. Further, we regularly communicate with employees about evolving cybersecurity trends through company-wide cybersecurity alerts, which heightens awareness of cybersecurity events that may be impacting our business, peers and industry. · Our assessments of third parties : We have implemented a third-party risk management process that includes, among other things, periodic cybersecurity assessments on certain third parties on which we rely based on an assessment of their risk profile. We also seek contractual commitments from third parties to satisfy our cybersecurity and data privacy requirements, and require third parties to maintain their information technology systems and protect Premier’s information that is processed on their systems. · Third-party assessments of Premier third-party cybersecurity companies to periodically assess our cybersecurity and data privacy processes and procedures, and to assist in identifying and remediating risks from cybersecurity threats. It is our goal to have third-party assessors regularly conduct penetration testing and measure our processes, procedures and responses against industry standard frameworks. We will use the results of these periodic assessments to implement programmatic changes and continuous improvements in alignment with business requirements, industry standards and regulatory requirements. 15 We believe our cybersecurity risk management practices are an important part of our enterprise risk management processes, which must be continuously updated and improved. As of the date of this Annual Report, we have not identified risks from cybersecurity threats that have materially affected or are reasonably likely to materially affect the Company, including our business strategy, results of operations or financial condition. Governance The Board and management each actively assess the Company’s cybersecurity and data privacy risk management practices with the goal of being proactive rather than reactive. The Board regularly reviews the Company’s cybersecurity and data privacy risks, including our policies, controls and procedures for identifying, managing and mitigating such risks. The Board receives periodic reports from members of management , to the extent their relevant areas are impacted, regarding cybersecurity and data privacy measures and procedures, the identification of security gaps and compliance with applicable cybersecurity and data privacy regulations. T Management is responsible for day-to-day monitoring of the prevention, detection, mitigation and remediation of cybersecurity incidents. Our President, who reports to our Chief Executive Officer, has primary oversight of material risks from cybersecurity threats. Mr. Gourdie has over 30 years of experience in the aviation industry. Originally from Scotland, UK, Mr. Gourdie moved with his family to San Diego in the summer of 2018. His aviation career started immediately after high school in 1989 when he made the decision to join the UK’s military and serve in the Royal Air Force for 10 years as an Avionics Technician. After leaving the military in 1999 he transitioned into commercial airlines. Since 2018, Mr. Gourdie has been involved in the management and development of Premier Air Charter.

Company Information