Blaize Holdings, Inc. 10-K Cybersecurity GRC - 2025-04-14

Page last updated on April 15, 2025

Blaize Holdings, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-04-14 19:37:48 EDT.

Filings

10-K filed on 2025-04-14

Blaize Holdings, Inc. filed a 10-K at 2025-04-14 19:37:48 EDT
Accession Number: 0000950170-25-053870

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. Risk Management and Strategy We have in place certain infrastructure, systems, policies, and procedures that are designed to proactively and reactively address circumstances that arise when unexpected events such as a cybersecurity incident occur . These include processes for assessing, identifying, and managing material risks from cybersecurity threats. Our information security management program generally follows processes outlined in frameworks such as the International Organization for Standardization’s (“ISO”) international standard for Information Security (“ISO 27001”) and the National Institute of Standards and Technology’s Cybersecurity Framework 2.0 (“NCSF”) and we evaluate and evolve our security measures as appropriate. As of December 31, 2024, we have not completed all of the requirements to be ISO 27001 or NCSF certified. We consult with external parties , such as cybersecurity firms and risk management and governance experts, on risk management and strategy. Identifying, assessing, and managing cybersecurity risk is integrated into our overall risk management systems and processes, and we have in place cybersecurity and data privacy training and policies designed to (a) respond to new requirements in global privacy laws and (b) prevent, detect, respond to, mitigate and recover from identified and significant cybersecurity threats. We also have a vendor risk assessment process consisting of the distribution and review of supplier questionnaires designed to help us evaluate cybersecurity risks that we may encounter when working with third parties that have access to confidential and other sensitive company information. We take steps designed to ensure that such vendors have implemented data privacy and security controls that help mitigate the cybersecurity risks associated with these vendors. We routinely assess our high-risk suppliers’ conformance to industry standards (e.g., ISO 27001, ISO’s international standard for Supply Chain Security Management (“ISO 28001”), the NCSF, and the Customs-Trade Partnership Against Terrorism), and evaluate them for additional information, product, and physical security requirements. Refer to “Item 1A. Risk Factors” in this Annual Report for additional information about risks related to cybersecurity. Governance Information security matters, including managing and assessing risks from cybersecurity threats, remain under the oversight of the Company’s Board of Directors, or the Board. The Audit Committee of the Board, or the Audit Committee, also reviews the adequacy and effectiveness of the Company’s information security policies and practices and the internal controls regarding information security risks. The Audit Committee receives regular information security updates from management. The Board also receives annual reports on information security matters from members of our security team. Our security efforts are managed by a team of IT, engineering, operations, and legal professionals. We have established a cross-functional leadership team, consisting of executive-level leaders, that meets regularly to review cybersecurity matters and evaluate emerging threats. With oversight and guidance provided by the cross-functional leadership team, our information security teams refine our practices to address emerging security risks and changes in regulations. Our leadership team also participates in cybersecurity incident response efforts by engaging with the incident response team and helping direct the company’s response to and assessment of certain cybersecurity incidents. We have designated a Network and Security Engineer, who reports to the Director of IT & Security, to assess and manage our material cybersecurity risks and threats. In this role, the Network and Security Engineer installs and manages our corporate firewalls, Enterprise Infrastructure engineering, and network analysis, but also supports our incident response and vulnerability management efforts. With over 10 years of experience in cybersecurity, the Engineer ensures our controls remain effective and that any emerging threats are promptly addressed.

Company Information