SOBR Safe, Inc. 10-K Cybersecurity GRC - 2025-04-15

Page last updated on April 15, 2025

SOBR Safe, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-04-15 15:26:56 EDT.

Filings

10-K filed on 2025-04-15

SOBR Safe, Inc. filed a 10-K at 2025-04-15 15:26:56 EDT
Accession Number: 0001477932-25-002746

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C - CYBERSECURITY We have a cross-departmental approach to addressing cybersecurity risk, including input from employees and our Board of Directors. The Board, Audit Committee, and senior management devote significant resources to cybersecurity and risk management processes to adapt to the changing cybersecurity landscape and respond to emerging threats in a timely and effective manner. Assessing, identifying, and managing cybersecurity related risks are integrated into our overall enterprise risk management (“ERM”) process. We have a set of Company-wide policies and procedures outlined in our Employee Handbook that directly or indirectly relate to cybersecurity risks. These policies go through an internal review process and are approved by appropriate members of management. Consistent with best practices and requirements in the Employee Handbook, the Company conducts cybersecurity training on a periodic basis which occurs at least annually. Additionally, the Company continually addresses and maintains internal controls for identity and access management, logging and monitoring activities, performing periodic penetration testing and vulnerability scanning, general IT infrastructure governance and oversight, risk and threat assessment, employee awareness training and ongoing security monitoring. The Company engages a third-party hosting platform which internally manages ongoing vulnerability scanning, threat assessment and incident response through the hosting platform providing redundancy in threat preparedness, detection and response. Our Executive Vice President (“EVP”) of Technology is responsible for addressing and managing cybersecurity risks, developing and implementing our information security program and reporting on cybersecurity matters to the Board. Our EVP of Technology has over twenty years of professional experience as a senior executive in technology-driven enterprises with expertise across cybersecurity, compliance, manufacturing process engineering, database architecture, interface programming and more. Under the direction of the EVP of Technology, the Company also engages and retains qualified third-party consultants to assist in the identification and management of material risks from cybersecurity threats. The Company assesses the cybersecurity preparedness of third-party vendors by obtaining SOC 1 or SOC 2 reports. If a third-party vendor is not able to provide a SOC 1 or SOC 2 report, we take additional steps to assess their cybersecurity preparedness and assess our relationship on that basis. Our assessment of risks associated with the use of third-party providers is part of our overall cybersecurity risk management framework. The Board and Audit Committee, in conjunction with their oversight responsibility related to the ERM process and management, participates regularly in discussions with management regarding cybersecurity risks, and performs a review at least annually of the Company’s cybersecurity program. This includes discussions of management’s actions to identify and detect threats, as well as planned actions in the event of a response or recovery situation. We are subject to cyber incidents and will continue to be exposed to cyber incidents in the normal course of our business. Incident response plans, procedures and processes are in place to address any cyber incidents, events or occurrences. Along with our third-party hosting platform, we periodically test preparedness ensuring and appropriate response is designed for immediate application. Although, such risks have not materially affected or are reasonably unlikely to materially affect us, these risks could affect our business strategy, including financial condition, results of operations, or cash flows. The extensive approach we take to cybersecurity may not be successful in preventing or mitigating a cybersecurity incident that could have a material adverse effect on us in the future. See Item 1A - Risk Factors for a discussion of cybersecurity risks.

Company Information