LanzaTech Global, Inc. 10-K Cybersecurity GRC - 2025-04-15

Page last updated on April 15, 2025

LanzaTech Global, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-04-15 16:45:55 EDT.

Filings

10-K filed on 2025-04-15

LanzaTech Global, Inc. filed a 10-K at 2025-04-15 16:45:55 EDT
Accession Number: 0001628280-25-017874

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk Management and Strategy We have implemented a cybersecurity program for assessing, identifying, and managing cybersecurity risks aligned with the National Institute of Standard and Technology Cybersecurity Framework (NIST CSF) and where appropriate we have integrated these processes into our enterprise risk management framework. We have implemented administrative, technical, and physical safeguards designed to protect our information systems and protect the confidentiality, integrity, and availability of our data. We are continuously working to improve our information technology systems and provide employee awareness training around phishing, malware, and other cyber risks to enhance our levels of protection. We engage external parties, such as consultants, to enhance our cybersecurity oversight as required. We conduct periodic risk assessments to evaluate our cybersecurity posture, including through annual third-party vulnerability assessment and penetration tests performed by reputable service providers. We conduct risk assessments, as appropriate, on critical third parties who maintain material data or information to help assess and validate the information security capabilities of these third parties. We maintain insurance coverage for cybersecurity insurance as part of our overall insurance portfolio. We also have implemented administrative, technical, and physical safeguards designed to protect our information systems and protect the confidentiality, integrity, and availability of our data. Governance Related to Cyber Security Risks The Audit Committee of the Board has oversight of management’s efforts with respect to IT systems and cybersecurity. As part of this oversight, our Chief Information Security Officer (“CISO”) shares quarterly updates regarding any changes around our cybersecurity defenses, ongoing IT initiatives, and emerging threats and plans to pro-actively address these threats with the Audit Committee. During these meetings, the CISO provides the Audit Committee updates regarding any changes around our cyber defenses, ongoing IT initiatives, and emerging threats and plans to pro-actively address these threats. Our Board has delegated primary responsibility for the oversight of cybersecurity matters to the Audit Committee; however, the full Board reviews significant cybersecurity matters as appropriate. The Audit Committee provides updates to the Board on a quarterly basis on the activities that the Audit Committee oversees, including Cybersecurity . 59 Our Chief Information Security Officer is responsible for strengthening and continuously monitoring the effectiveness of our cybersecurity program. The individual currently serving in the role of Chief Information Security Officer has over 30 years of information systems and cybersecurity experience within complex and international business verticals such as technology, financial services, biotech, and other scientific organizations. He also holds the Certified Information Systems Security Professional (CISSP) certification. In addition, our cybersecurity steering committee assists in managing certain technical aspects related to cybersecurity. Our cybersecurity steering committee is informed about and monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents through monthly meetings and frequent communications. Regular members of the steering committee consist of participants from the IT infrastructure, Business Systems, AI and Modelling and Scientific Computing teams. Participants from other teams attend on an as-needed basis. To date, we have not identified any indication of a cybersecurity incident that would have a material impact on our business and consolidated financial statements. However, as discussed more fully under “Item 1A. Risk Factors”, the sophistication of cyber threats continues to increase and we cannot assure that our systems and processes will be successful, that we will be able to anticipate or detect all cyberattacks or other breaches, that we will be able to react to cyberattacks or other breaches in a timely manner or that our remediation efforts will be successful.

Company Information