XML 24 R8.htm IDEA: XBRL DOCUMENT v3.25.0.1
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

ITEM 1C. CYBERSECURITY 

 

Risk Management and Strategy

 

We rely on information systems to obtain, rapidly process, analyze, and manage data in order to effectively operate our business. We are committed to protecting our business information, intellectual property, customer, supplier and employee data and information systems from cybersecurity risks and maintain an active cybersecurity risk management program.

 

We maintain enterprise-wide information security policies, processes and standards that set the requirements around acceptable use of information systems and data, risk assessment and management, identity and access management, data security, security operations, security incident response and threat and vulnerability management. We work to align to the National Institute of Standards and Technology (NIST) 800-171 Cybersecurity Framework, as its program controls are designed to protect and maintain confidentiality, integrity, and continued availability of our data and information systems. Our team of information system professionals and third-party providers monitors our information systems for cybersecurity threats, breaches, intrusions and other weaknesses, responds to cybersecurity incidents, develops and implements plans to mitigate cybersecurity threats and facilitates training for our employees.

 

We also engage consultants and other third-party advisors to conduct independent assessments of our cybersecurity readiness and control effectiveness. In collaboration with our third-party providers, we seek to gain insights into emerging threats and vulnerabilities, industry trends, and leading practices to inform our cybersecurity response.

 

For more information on the Company’s cybersecurity-related risks, see Item 1A, Risk Factors, of this Form 10-K. 
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block] We maintain enterprise-wide information security policies, processes and standards that set the requirements around acceptable use of information systems and data, risk assessment and management, identity and access management, data security, security operations, security incident response and threat and vulnerability management. We work to align to the National Institute of Standards and Technology (NIST) 800-171 Cybersecurity Framework, as its program controls are designed to protect and maintain confidentiality, integrity, and continued availability of our data and information systems. Our team of information system professionals and third-party providers monitors our information systems for cybersecurity threats, breaches, intrusions and other weaknesses, responds to cybersecurity incidents, develops and implements plans to mitigate cybersecurity threats and facilitates training for our employees.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block] For more information on the Company’s cybersecurity-related risks, see Item 1A, Risk Factors, of this Form 10-K.
Cybersecurity Risk Board of Directors Oversight [Text Block]

Governance

 

Management plays a critical role in assessing and managing material risks from cybersecurity threats. Our Director of Information Technology leads an internal team and works directly with our third-party information security professionals to manage our cybersecurity risk management program and activities. This includes monitoring our information systems for cybersecurity threats, reviewing cybersecurity incidents, analyzing emerging threats, and the development and implementation of risk mitigation strategies.

 

Our Director of Information Technology reports directly to our executive leadership team on cybersecurity matters, providing the leadership team with updates on enterprise risks, cybersecurity incidents, the status of ongoing initiatives, key metrics, and additional cybersecurity topics. Our information technology team, led by the Director of Information Technology, meets regularly to discuss the progress of ongoing program initiatives, cybersecurity priorities, identified risks and metrics.

 

The Board of Directors exercises direct oversight of strategic risks to the Company. The Board has delegated the responsibility for cybersecurity oversight to the Audit Committee. The Audit Committee’s responsibilities include reviewing and discussing with management the strategies, process and controls pertaining to the management of information technology operations, including cybersecurity risks and information security. The Director of Information Technology reports to the Audit Committee annually and more frequently, as needed, on cybersecurity matters, including the cybersecurity threat landscape, key metrics demonstrating the overall management of our cybersecurity risk and risk management program, related key initiatives, enterprise program framework alignment, annual risk mitigation strategy, and review of cybersecurity incidents. Our Board is committed to maintaining a well-informed and cybersecurity-aware posture, engaging through regular and requested updates on our strategy and evolving threat landscape.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] The Board of Directors exercises direct oversight of strategic risks to the Company. The Board has delegated the responsibility for cybersecurity oversight to the Audit Committee. The Audit Committee’s responsibilities include reviewing and discussing with management the strategies, process and controls pertaining to the management of information technology operations, including cybersecurity risks and information security. The Director of Information Technology reports to the Audit Committee annually and more frequently, as needed, on cybersecurity matters, including the cybersecurity threat landscape, key metrics demonstrating the overall management of our cybersecurity risk and risk management program, related key initiatives, enterprise program framework alignment, annual risk mitigation strategy, and review of cybersecurity incidents. Our Board is committed to maintaining a well-informed and cybersecurity-aware posture, engaging through regular and requested updates on our strategy and evolving threat landscape.
Cybersecurity Risk Role of Management [Text Block] Management plays a critical role in assessing and managing material risks from cybersecurity threats. Our Director of Information Technology leads an internal team and works directly with our third-party information security professionals to manage our cybersecurity risk management program and activities. This includes monitoring our information systems for cybersecurity threats, reviewing cybersecurity incidents, analyzing emerging threats, and the development and implementation of risk mitigation strategies.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] Our Director of Information Technology reports directly to our executive leadership team on cybersecurity matters, providing the leadership team with updates on enterprise risks, cybersecurity incidents, the status of ongoing initiatives, key metrics, and additional cybersecurity topics. Our information technology team, led by the Director of Information Technology, meets regularly to discuss the progress of ongoing program initiatives, cybersecurity priorities, identified risks and metrics.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true