XML 79 R38.htm IDEA: XBRL DOCUMENT v3.25.1
Cybersecurity Risk Management and Strategy Disclosure
12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
Risk Management & Strategy
As part of Titan America’s risk management framework, we maintain and continuously strive to enhance our cybersecurity program. This program is part of the wider Titan Group’s cybersecurity program, which is put in place at the Titan Group level and modified for local implementation. This program is in accordance with policies and standards, which include cybersecurity risk management and governance frameworks, guidance, and is based on globally recognized industry best practices and standards. The policies define information security responsibilities within Titan America and outline certain actions and procedures that officers and employees are required to follow, with respect to the assessment and management of cybersecurity risks to Titan America, including its systems and information. The policies, procedures, standards, and guidance are structured to help Titan America respond effectively to the dynamically changing environment of cybersecurity threats, cybersecurity risks, technologies, laws, and regulations. Titan America modifies its policies, standards, and guidance as needed to adjust to this changing environment.
Titan America relies on Titan Group’s outsourced and managed security operations center (“SOC”) to identify any cyber attacks, If Titan America’s cybersecurity risk management controls are overcome by a cyber attacker as identified by the SOC, Titan America follows an incident response plan and escalation process as defined in the cybersecurity program. The response process includes an assessment of whether an incident may be material, and this assessment is adjusted as necessary as additional facts become known during the incident response. Any incident that is assessed as potentially material is escalated to Titan America’s senior management, as well as the Chief Information Security (“CISO”) of Titan Group.
In the fiscal year ended December 31, 2024, Titan America has not identified any cyberattacks that materially affected the Company. However, there can be no guarantee that there will not be a future incident. For more information about risks Titan America faces from cyberattacks, please refer to “Any delay or problem with operating or upgrading our existing information technology infrastructure could cause a disruption in our business and adversely impact our financial results.” included in “Risk Factors” in “Item 3. Key Information.”
Titan America has also established policies and processes to help identify and manage cybersecurity risks associated with third parties, including companies that provide services and products to Titan America, and companies that hold Titan America information or have electronic access to Titan America systems or information. The policies and processes include assessment of the cybersecurity and privacy programs at certain third parties, the use of this risk information when making contracting decisions, and the use of contract language that includes cybersecurity and privacy requirements.
Most of the information security program is implemented by Titan America employees. Titan America also engages the services of external providers to enhance and support its information security program, including leading cyber response specialists as may be needed, and consultants to evaluate and help improve organization, policies, and other aspects of the program.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block] As part of Titan America’s risk management framework, we maintain and continuously strive to enhance our cybersecurity program. This program is part of the wider Titan Group’s cybersecurity program, which is put in place at the Titan Group level and modified for local implementation. This program is in accordance with policies and standards, which include cybersecurity risk management and governance frameworks, guidance, and is based on globally recognized industry best practices and standards.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block]
Governance
Board of Directors
The Audit and Risk Committee is responsible for the oversight of our overall risk management systems and processes and is responsible for reviewing the steps management has taken to monitor and mitigate such risks, including cybersecurity risks. The Audit and Risk Committee reviews and discusses with management the procedures and any related policies with respect to cybersecurity risk. This includes proposing adjustments and actions to our board of directors to correct any identified deficiencies.
Our Audit and Risk Committee and our board of directors receive monthly and annual reports on information technology issues from our internal audit department. When applicable, these reports summarize our cybersecurity activity and incidents and include observations and recommendations to improve our procedural and operational management. Additionally the Director of Information Security, who monitors the daily status of cybersecurity at Titan America, reports periodically to the CISO.
Management
The cybersecurity risk management processes described above are implemented through our Information Security Department. Alongside our Audit and Risk Committee, they are responsible for implementing initiatives to strengthen cybersecurity management processes, issuing internal policies and regulations regarding cybersecurity, identity management, user access controls and the protection of information. It also considers solutions, tools and services contracted through specialized suppliers.
Our Information Security Department is composed of the Director of Information Security working with our IT team, managers and the Titan Group Cyber Security and Resiliency department, headed by the Group Chief Information Security Officer (CISO). The managers ensure their functions are carried out in accordance with our cybersecurity strategy. The managers collaborate with specialists in the different technological domains to operate cybersecurity controls in accordance with our cybersecurity strategy. Our Information Security Department is guided by the Cyber Security and Resiliency department and is composed of four globally-based professionals. The CISO is an expert in cybersecurity management with over 25 years of experience and has numerous certifications in cybersecurity.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] The Audit and Risk Committee is responsible for the oversight of our overall risk management systems and processes and is responsible for reviewing the steps management has taken to monitor and mitigate such risks, including cybersecurity risks.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] The Audit and Risk Committee reviews and discusses with management the procedures and any related policies with respect to cybersecurity risk. This includes proposing adjustments and actions to our board of directors to correct any identified deficiencies.
Cybersecurity Risk Role of Management [Text Block] Our Audit and Risk Committee and our board of directors receive monthly and annual reports on information technology issues from our internal audit department.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
The cybersecurity risk management processes described above are implemented through our Information Security Department. Alongside our Audit and Risk Committee, they are responsible for implementing initiatives to strengthen cybersecurity management processes, issuing internal policies and regulations regarding cybersecurity, identity management, user access controls and the protection of information. It also considers solutions, tools and services contracted through specialized suppliers.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] The CISO is an expert in cybersecurity management with over 25 years of experience and has numerous certifications in cybersecurity.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] Our Information Security Department is composed of the Director of Information Security working with our IT team, managers and the Titan Group Cyber Security and Resiliency department, headed by the Group Chief Information Security Officer (CISO).
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true