Our Board of Directors is responsible for reviewing the Company’s cybersecurity risk management and control systems in relation to the financial reporting by the Company, including the Company’s cybersecurity strategy. We maintain a process for assessing, identifying and managing material risks from cybersecurity threats, including risks relating to disruption of business operations or financial reporting systems, intellectual property theft; fraud; extortion; harm to employees or customers; violation of privacy laws and other litigation and legal risk; and reputational risk, as part of our overall risk management system and processes. We asses and manage our cybersecurity risks though our Information Technologies (“IT”) Committee, which is integrated by the Chief Executive Officer and the Chief Financial Officer. The Chief Executive Officer presents to our Board of Directors, on a yearly basis, the work carried out on the identification, categorization, and mitigation procedures put in place in relation to the most relevant risks of the company, including cybersecurity risks. In this sense, risks related to cybersecurity have been categorized as “high relevance” for the Company.

Our IT department is responsible for targeted and regular monitoring of cybersecurity risks. They independently and continuously monitor cybersecurity risks and countermeasures to defend against such threats and, in the event of a cybersecurity threat or cybersecurity incident, inform executive management and our Board of Directors. In addition to the regular meetings between executive management and the individual risk owners mainly consisting out of the various departments’ heads, a comprehensive cybersecurity risk analysis for internal and external risks is carried out as appropriate.

According to the priority of the cybersecurity risks as result of the risk evaluation, risks are addressed by concrete actions and, if appropriate and possible, necessary countermeasures. In order to be able to react quickly and flexibly to cybersecurity risks, risk management is integrated into existing processes and reporting channels. Our risk management program considers cybersecurity risks alongside other company risks, and our enterprise risk professionals consult with company subject matter experts to gather information necessary to identify cybersecurity risks and evaluate their nature and severity, as well as identify mitigations and assess the impact of those mitigations on residual risk. We may engage third parties from time to time to conduct risk assessments.

Our IT department is responsible for targeted and regular monitoring of cybersecurity risks. They independently and continuously monitor cybersecurity risks and countermeasures to defend against such threats and, in the event of a cybersecurity threat or cybersecurity incident, inform executive management and our Board of Directors. In addition to the regular meetings between executive management and the individual risk owners mainly consisting out of the various departments’ heads, a comprehensive cybersecurity risk analysis for internal and external risks is carried out as appropriate.