|
Cybersecurity Risk Management, Strategy and Governance
|12 Months Ended
Sep. 30, 2025
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
ITEM 1C. CYBERSECURITY RISK MANAGEMENT AND STRATEGY
We have continued to invest in an evolving state-of-the-art cybersecurity framework of tools, processes, training, and people designed to efficiently assess, identify, and remediate material risks that could affect business operations, financials, or public reputation. Our multi-layered approach to cybersecurity involves regular network monitoring, vulnerability scanning, advanced threat detection, and incident response capabilities against recognized cyber threats to our business and stakeholders, including ransomware, data breaches and insider threats. We regularly update our security measures, as necessary, to ensure we address all new threats and technologies, using the National Institute of Standards and Technology (“NIST”) Framework as a guide, when appropriate and relevant to our business.
As further protections, we utilize encryption, access control mechanisms and secure cloud infrastructures, and we invest in extensive user training. All users regularly undergo updated cybersecurity awareness training in an ongoing effort to reduce the risk of human error contributing to any potential security incidents. All users are also subject to simulated phishing emails with real time feedback for a more continuous layer of training.
We have retained an industry expert to be our virtual Information Security Officer (“vISO”) to assist and guide our IT organization in maintaining and evolving a comprehensive and robust cyber security environment. Monthly meetings review all facets of our current status against appropriate NIST standards, review any incidents, and review the results of ongoing simulated phishing exercises to identify certain users who may need extended training. In addition, as part of our annual security review, we hire a third-party network penetration testing firm to provide simulated probing and subsequent reporting. We use the results of these annual tests to improve the strength and flexibility of our network’s security.
Our Incident Response Plan (“IRP”) has evolved with our cyber environment and consists of a set of state-of-the-art-tools capable of monitoring, reporting and alerting, as well as regular reviews. The IRP also sets forth guidelines on how to triage, assess the severity and materiality of findings, and remediate and escalate findings to upper management in a timely manner, as necessary. In addition, as part of our overall risk mitigation strategy, we also maintain cyber insurance coverage. However, such insurance may not be sufficient to cover us against all possible claims related to security breaches, cyber-attacks and other related breaches. As of the date of this report, we have not identified cybersecurity threats that we believe are reasonably likely to materially affect us. However, cybersecurity risk is dynamic, and future incidents could materially affect our operations, financial condition, or reputation.
Cybersecurity Governance and Oversight
The Board of Directors has assigned the Audit Committee to be responsible for reviewing our cybersecurity risk management and strategy program and is presented, at least annually, with a review of our environment and reported incidents. Part of our IRP also calls for the elevation of any material incidents to upper management in a timely manner whenever they occur.
We have also formed a steering committee, composed of IT staff and relevant business leaders responsible for the Company’s material information, including commercially sensitive data. The goals of this steering committee include overseeing our annual material risk assessment and documenting and reporting to senior management. The steering committee also reviews changes to procedural and other controls. We have also formed a risk register subcommittee to review and formally discuss any critical risks identified during our vISO annual assessment of our cyber environment.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|Our multi-layered approach to cybersecurity involves regular network monitoring, vulnerability scanning, advanced threat detection, and incident response capabilities against recognized cyber threats to our business and stakeholders, including ransomware, data breaches and insider threats. We regularly update our security measures, as necessary, to ensure we address all new threats and technologies, using the National Institute of Standards and Technology (“NIST”) Framework as a guide, when appropriate and relevant to our business
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Cybersecurity Governance and Oversight
The Board of Directors has assigned the Audit Committee to be responsible for reviewing our cybersecurity risk management and strategy program and is presented, at least annually, with a review of our environment and reported incidents. Part of our IRP also calls for the elevation of any material incidents to upper management in a timely manner whenever they occur.
We have also formed a steering committee, composed of IT staff and relevant business leaders responsible for the Company’s material information, including commercially sensitive data. The goals of this steering committee include overseeing our annual material risk assessment and documenting and reporting to senior management. The steering committee also reviews changes to procedural and other controls. We have also formed a risk register subcommittee to review and formally discuss any critical risks identified during our vISO annual assessment of our cyber environment.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
The Board of Directors has assigned the Audit Committee to be responsible for reviewing our cybersecurity risk management and strategy program and is presented, at least annually, with a review of our environment and reported incidents. Part of our IRP also calls for the elevation of any material incidents to upper management in a timely manner whenever they occur.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
We have also formed a steering committee, composed of IT staff and relevant business leaders responsible for the Company’s material information, including commercially sensitive data. The goals of this steering committee include overseeing our annual material risk assessment and documenting and reporting to senior management. The steering committee also reviews changes to procedural and other controls. We have also formed a risk register subcommittee to review and formally discuss any critical risks identified during our vISO annual assessment of our cyber environment.
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef