|Cybersecurity Risk Role of Management [Text Block]
|Risk
Management Strategy
Our cybersecurity risk management program is focused on the following key areas:
|
|●
|Governance:
Our cybersecurity risk management program is led by our outsourced security team. At present, our Board of Directors
does not directly oversee the cybersecurity risk management program; however, the Audit Committee is in the process of implementing procedures
to obtain regular updates on our cybersecurity program, including recent developments, key initiatives to strengthen our systems, applicable
industry standards, vulnerability assessments, third-party and independent reviews, and other information security considerations.
|
|●
|Approach:
We intend to use a cross-functional approach to identifying, preventing, assessing, and mitigating cybersecurity
threats and incidents, while implementing controls and procedures designed to provide for the prompt escalation of cybersecurity incidents
and support appropriate public disclosure and reporting. Our cybersecurity efforts include, or are expected to include, risk-based administrative,
technical, and physical controls. Trio is in the process of implementing an extensive set of policies, procedures, systems, and tools
designed to help safeguard our distributed systems and cloud-based data, including firewalls, intrusion detection systems, access controls
such as multi-factor authentication, vulnerability scanning, penetration testing, independent third-party control audits, an internal
bug bounty program, and other systems and processes.
|
|●
|Incident
Response Planning: We intend to maintain a breach reporting and resolution plan that includes defined processes, roles, communications,
responsibilities, and procedures for responding to cybersecurity incidents and other events that impact our operations. Our incident response
plans will be tested and evaluated on a regular basis.
|
|●
|Education
and Awareness: We plan to establish a security and privacy awareness program that runs throughout the year and includes training
for all company personnel to enhance employee awareness of how to detect and respond to cybersecurity threats, as well as more targeted
training for personnel with increased responsibility for mitigating certain cybersecurity risks.