Asset Management

• Asset Management - ID.AM

  Identify and manage the data personnel devices systems and facilities that enable the organization to achieve business purposes in accordance with their relative importance to business objectives and the organization’s risk strategy.

• Business Environment - ID.BE

  Understand the organization’s mission objectives stakeholders and activities.

• Risk Assessment - ID.RA

  Understand the cybersecurity risk to organizational operations (including mission functions image and reputation) organizational assets and individuals.

• Risk Management Strategy - ID.RMS

  Establish and maintain the organization’s overall risk management strategy.

Governance

• Cybersecurity Risk Management Strategy - GV.01

  Establish and communicate the organization's cybersecurity risk management strategy.

• Roles and Responsibilities - GV.02

  Define and assign roles responsibilities and authorities for cybersecurity.

• Policy and Procedures - GV.03

  Establish implement and enforce cybersecurity policies and procedures.

• Oversight - GV.04

  Provide oversight and accountability for the organization's cybersecurity risk management efforts.

• Legal and Regulatory Requirements - GV.05

  Identify understand and manage legal regulatory and contractual requirements related to cybersecurity.

• Supply Chain Risk Management - GV.06

  Establish and implement processes for managing cybersecurity risks within the supply chain.

Identity Management Authentication and Access Control

• Identity Management Authentication and Access Control - PR.AC

  Manage and control physical and logical access to assets and associated facilities.

• Awareness and Training - PR.AW

  Ensure that the organization’s personnel and partners are provided cybersecurity awareness education and are adequately trained to perform their information security-related duties and responsibilities.

• Data Security - PR.DS

  Establish and manage baseline data security policies procedures and agreements to ensure the confidentiality integrity and availability of information.

• Information Protection Processes and Procedures - PR.IP

  Establish implement and maintain information protection processes and procedures to manage the protection of information assets.

• Protective Technology - PR.PT

  Manage and maintain protective technology to ensure the security of systems and assets.

Security Continuous Monitoring

• Security Continuous Monitoring - DE.CM

  Monitor cybersecurity events and verify the effectiveness of protective measures.

• Detection Processes - DE.DP

  Establish and maintain detection processes to timely discover cybersecurity events.

Response Planning

• Response Planning - RS.RP

  Establish and maintain response plans and procedures to manage a cybersecurity incident.

• Communications - RS.CO

  Coordinate response activities with relevant internal and external stakeholders.

• Analysis - RS.AN

  Perform analysis to ensure effective response and support recovery activities.

• Mitigation - RS.MI

  Perform activities to prevent expansion of an event mitigate its effects and eradicate the incident.

• Improvements - RS.IM

  Incorporate lessons learned from current and previous detection and response activities into organizational processes and procedures.

Recovery Planning

• Recovery Planning - RC.RP

  Establish and maintain recovery plans and procedures to restore systems or assets affected by cybersecurity incidents.

• Improvements - RC.IM

  Incorporate lessons learned from current and previous recovery activities into organizational processes and procedures.

• Communications - RC.CO

  Coordinate restoration activities with relevant internal and external stakeholders.

Business

• Principal Products and Services - SEC.1.1

  Describe the principal products and services offered by the company.

• Markets - SEC.1.2

  Describe the primary markets in which the company operates.

• Methods of Distribution - SEC.1.3

  Outline the methods used by the company to distribute its products and services.

• Competitive Conditions - SEC.1.4

  Describe the competitive landscape and the company's position within it.

• Research and Development Activities - SEC.1.5

  Detail the company's research and development activities.

• Patents Trademarks Licenses - SEC.1.6

  List and describe significant patents trademarks and licenses.

• Seasonality of the Business - SEC.1.7

  Explain any seasonality aspects that affect the company's business.

• Identification of Significant Risks - SEC.1A.1

  Identify the most significant risks that could adversely affect the company.

• Discussion of Potential Adverse Effects - SEC.1A.2

  Discuss how the identified risks could adversely affect the company's business financial condition or future results.

• Company-Specific Risks - SEC.1A.3

  Ensure risks discussed are specific to the company.

• Disclosure of Unresolved SEC Comments - SEC.1B.1

  Disclose any written comments received from the SEC staff regarding prior filings that remain unresolved.

• Location and Character of Principal Properties - SEC.2.1

  Provide information about the location and general character of the company's principal physical properties.

• Disclosure of Material Pending Legal Proceedings - SEC.3.1

  Disclose any material pending legal proceedings.

• Specific Information for Mining Operations - SEC.4.1

  Provide specific information about mine safety if the company is involved in mining operations.

• Information About Trading Market - SEC.5.1

  Provide information about the principal market(s) in which the company's common equity is traded.

• High and Low Sales Prices - SEC.5.2

  Report the high and low sales prices for the stock for each quarter within the two most recent fiscal years.

• Number of Holders of Common Equity - SEC.5.3

  Disclose the number of holders of common equity.

• Issuer Purchases of Equity Securities - SEC.5.4

  Provide information about any issuer purchases of its own equity securities.

• Analysis of Financial Performance - SEC.7.1

  Provide management’s perspective on the company's financial performance.

• Analysis of Liquidity and Capital Resources - SEC.7.2

  Discuss the company's liquidity and capital resources.

• Results of Operations for Specified Fiscal Years - SEC.7.3

  Discuss the results of operations for the last three fiscal years (or two for smaller reporting companies).

• Financial Condition as of Recent Fiscal Years - SEC.7.4

  Discuss the financial condition as of the end of the two most recent fiscal years.

• Disclosure of Interest Rate Risk Exposure - SEC.7A.1

  Provide information about the company's exposure to interest rate risk.

• Disclosure of Foreign Currency Exchange Rate Risk Exposure - SEC.7A.2

  Provide information about the company's exposure to foreign currency exchange rate risk.

• Disclosure of Commodity Price Risk Exposure - SEC.7A.3

  Provide information about the company's exposure to commodity price risk.

• Audited Balance Sheets - SEC.8.1

  Include the company's audited balance sheets for the past two fiscal years.

• Audited Income Statements - SEC.8.2

  Include the company's audited income statements for the past three fiscal years.

• Audited Statements of Cash Flows - SEC.8.3

  Include the company's audited statements of cash flows for the past three fiscal years.

• Audited Statements of Changes in Equity - SEC.8.4

  Include the company's audited statements of changes in equity for the past two fiscal years.

• Independent Auditor's Report - SEC.8.5

  Include the independent auditor's report on the financial statements.

• Supplementary Financial Information (If Required) - SEC.8.6

  Include any required supplementary financial information.

• Disclosure of Change in Independent Auditor - SEC.9.1

  Disclose if there has been a change in the company's independent auditor during the past two fiscal years.

• Disclosure of Disagreements With Former Auditor - SEC.9.2

  Disclose any disagreements with the former auditor on accounting and financial disclosure matters.

• Evaluation of Disclosure Controls and Procedures - SEC.9A.1

  Provide information about the company's disclosure controls and procedures.

• Management's Assessment of Internal Control Over Financial Reporting - SEC.9A.2

  Include management's assessment of the effectiveness of internal control over financial reporting.

• Independent Auditor's Attestation Report on ICFR (If Applicable) - SEC.9A.3

  Include the independent auditor's attestation report on internal control over financial reporting (for larger filers).

• Disclosure of Information Required in Form 8-K During Fourth Quarter - SEC.9B.1

  Disclose any other information that was required to be disclosed in a report on Form 8-K during the fourth quarter but was not reported.

• Disclosure of Inspection Prevention - SEC.9C.1

  Disclose if a foreign jurisdiction prevents PCAOB inspection of the company's auditor.

• Information About Directors and Executive Officers - SEC.10.1

  Provide names ages positions and business experience of directors and executive officers.

• Disclosure About the Company's Audit Committee - SEC.10.2

  Disclose information about the company's audit committee.

• Disclosure of Codes of Ethics - SEC.10.3

  Disclose information about the company's codes of ethics.

• Procedures for Nominating Directors - SEC.10.4

  Disclose procedures for nominating directors.

• Details of Compensation Paid to Named Executive Officers and Directors - SEC.11.1

  Detail the compensation paid to the company's named executive officers and directors.

• Information About Ownership by Significant Owners - SEC.12.1

  Provide information about the ownership of the company's securities by certain beneficial owners (those owning more than 5% of the outstanding shares).

• Information About Ownership by Directors and Executive Officers - SEC.12.2

  Provide information about the ownership of the company's securities by the company's directors and executive officers.

• Disclosure of Certain Relationships and Transactions - SEC.13.1

  Disclose certain relationships and transactions between the company and its directors executive officers and significant shareholders.

• Disclosure About the Independence of the Company's Directors - SEC.13.2

  Disclose information about the independence of the company's directors.

• Disclosure of Fees Paid to Independent Auditor - SEC.14.1

  Disclose the fees paid to the company's independent auditor for audit audit-related tax and other services.

• List of Exhibits Filed - SEC.15.1

  List all the exhibits filed as part of the Form 10-K.

• List of Financial Statement Schedules Filed - SEC.15.2

  Include a list of the financial statement schedules that are filed as part of the report.

• Optional Summary of Information - SEC.16.1

  Companies may voluntarily provide a summary of the information contained in the Form 10-K.

• Signature of Required Parties - SEC.Sig.1

  Ensure the Form 10-K is signed by the registrant its principal executive officer principal financial officer principal accounting officer and a majority of its board of directors.

• Electronic Filing Through EDGAR - SEC.File.1

  Ensure the Form 10-K is filed electronically with the SEC through the EDGAR system.

• Adherence to Filing Deadlines Based on Filer Status - SEC.Deadline.1

  Adhere to the filing deadline which depends on the company's filer status.