XML 49 R34.htm IDEA: XBRL DOCUMENT v3.25.3
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Sep. 30, 2025
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] The Company has a cybersecurity risk management program designed to assess, identify, manage, and govern risks from cybersecurity threats. Our cybersecurity risk management program is a key component of our overall enterprise risk management strategy. The Company’s cybersecurity risk management program focuses on risk and threat identification, protection, detection, response, and recovery, designed to protect the confidentiality, integrity, and availability of critical systems and data. The Company’s cybersecurity incident response and crisis management plans are components of the cybersecurity risk management program, focusing on effective response to cybersecurity incidents or attacks. We monitor our internal technology for cybersecurity threats, and we use various security capabilities to mitigate the risk of these threats. Additionally, the Company provides annual cybersecurity and information security awareness training for all employees and contractors. The Company maintains a robust, risk-based approach to identifying and overseeing cybersecurity risks presented by third parties, including vendors, service providers, and other external users of the Company’s systems, as well as the systems of third parties that could adversely impact our business in the event of a cybersecurity incident affecting those third-party systems.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block] The Company has a cybersecurity risk management program designed to assess, identify, manage, and govern risks from cybersecurity threats. Our cybersecurity risk management program is a key component of our overall enterprise risk management strategy. The Company’s cybersecurity risk management program focuses on risk and threat identification, protection, detection, response, and recovery, designed to protect the confidentiality, integrity, and availability of critical systems and data. The Company’s cybersecurity incident response and crisis management plans are components of the cybersecurity risk management program, focusing on effective response to cybersecurity incidents or attacks. We monitor our internal technology for cybersecurity threats, and we use various security capabilities to mitigate the risk of these threats. Additionally, the Company provides annual cybersecurity and information security awareness training for all employees and contractors. The Company maintains a robust, risk-based approach to identifying and overseeing cybersecurity risks presented by third parties, including vendors, service providers, and other external users of the Company’s systems, as well as the systems of third parties that could adversely impact our business in the event of a cybersecurity incident affecting those third-party systems.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block] Cybersecurity oversight by the Board of Directors is shared between the full Board and the Audit Committee. The full Board of Directors receives periodic updates on the cybersecurity threat landscape, recent cybersecurity events, our cybersecurity strategy, and cybersecurity program priorities.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] The Audit Committee receives updates on information security, including internal controls and external reporting processes. The Audit Committee also receives updates from the Disclosure Committee with respect to cybersecurity incidents reviewed by the Disclosure Committee.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] The Audit Committee receives updates on information security, including internal controls and external reporting processes. The Audit Committee also receives updates from the Disclosure Committee with respect to cybersecurity incidents reviewed by the Disclosure Committee.
Cybersecurity Risk Role of Management [Text Block] The Company’s cybersecurity program is led by the Chief Information Security Officer (CISO). Our CISO has more than 30 years of technology and cybersecurity leadership experience and is a Certified Information System Security Professional (CISSP), and a Certified Information Systems Auditor (CISA). The CISO reports to the Chief Information Officer (CIO). The CISO leads a team that is responsible for executing cybersecurity strategy, to support risk management, and protection of Company systems, products, and employee and customer information. As the foundation of the cybersecurity program, the Company maintains cybersecurity policies and procedures that are informed by recognized security frameworks and applicable regulations, laws, and standards. We use various frameworks, standards, guidelines, and best practices as a guide to help us identify, assess, and manage cybersecurity risks relevant to our business. The Company engages third parties to assess our cybersecurity posture and program maturity.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] The Company’s cybersecurity program is led by the Chief Information Security Officer (CISO). Our CISO has more than 30 years of technology and cybersecurity leadership experience and is a Certified Information System Security Professional (CISSP), and a Certified Information Systems Auditor (CISA). The CISO reports to the Chief Information Officer (CIO).
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] Our CISO has more than 30 years of technology and cybersecurity leadership experience and is a Certified Information System Security Professional (CISSP), and a Certified Information Systems Auditor (CISA).
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
The Company’s Disclosure Committee is a part of the cybersecurity risk program as it meets quarterly to review cyber incidents that have occurred during the quarter, and additionally, as needed, to discuss any potentially material cybersecurity incidents. The Disclosure Committee, which includes senior leaders from finance and accounting, legal, investor relations, and corporate communications, is responsible for determining if risks from cybersecurity threats have materially affected or are reasonably likely to materially affect, the organization such that public disclosure is necessary. Additional management governance is provided by an Enterprise Security Council, comprised of key senior business leadership with diverse experiences and responsibilities. The Enterprise Security Council oversees key cybersecurity and product security matters and initiatives, including policy, standards, strategy, program metrics, and cybersecurity risk escalation.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true