2. Risk Management Strategy Disclosure Requirements

  • Description of processes, if any, for the assessment, identification, and management of material risks from cybersecurity threats, including:
  • Whether and how processes have been integrated into the overall risk management system or processes

 

  • Engagements with assessors, consultants, auditors, or other third parties in connection with any such processes
  • Disclosure of whether any risks from cybersecurity threats have materially affected or are reasonably likely to materially affect their business strategy, results of operations, or financial condition.

3.Governance and Board Expertise Disclosure Requirements

  • Description of the board’s oversight of risks from cybersecurity threat and any devoted committees or subcommittees

 

  • Description of management’s role in assessing and managing the registrant’s material risks from cybersecurity threats which may include:
  • Management positions or committees are responsible for assessing and managing risks, and the relevant expertise of each person
  • Processes on how management is informed about and monitor the prevention, detection, mitigation, and remediation of cybersecurity incidents
  • How information about such risks to the board of directors or a committee or subcommittee of the board of directors.