|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Cybersecurity Risk Oversight and Risk Assessment
We recognize the importance of developing, implementing, and maintaining robust cybersecurity measures to safeguard our information systems and protect the confidentiality, integrity, and availability of our data.
One of the key functions of our board of directors is to provide informed oversight of our risk management processes. While management is assigned responsibility for the day-to-day response to material risks we face, our board of directors maintains responsibility for risk oversight, including risks related to cybersecurity threats. The Audit Committee of our board of directors is responsible for discussing risk exposures relating to cybersecurity, including current and emerging developments and threats, and the steps management has taken to monitor and control such exposures. The Audit Committee is composed of board members with diverse expertise, including financial, governance, and information security and controls, which equips them to oversee cybersecurity risks effectively.
Our cybersecurity risk identification and assessment process is integrated into our enterprise risk management process. Our board of directors and key members of management across the organization rank previously identified risks, identify new or emerging risks, and provide commentary on the financial or strategic impact these risks could have on the Company. The risk survey responses are analyzed in the context of our business, recommendations are made where appropriate, and ownership of risk response is assigned to specific individuals. The results of this process are presented to our board of directors at least annually. In addition, our Information Technology (IT) Director provides quarterly updates to our board of directors on cybersecurity incidents, cybersecurity awareness activities, including results of mock-phishing exercises, regulatory and compliance matters specific to cybersecurity, and activities related to business continuity, including data validation and restore testing and tabletop exercises. Risk assessment for cybersecurity threats is embedded into these quarterly updates, with each topic discussed being assigned a risk level.In 2024, we did not identify any cybersecurity threats that have materially affected or are reasonably likely to materially affect our business strategy, results of operations, or financial condition. However, we can provide no assurance that there will not be cybersecurity threats or incidents in the future or that they will not materially affect us, including our business strategy, results of operations, or financial condition. For more information regarding the risks we face from cybersecurity threats, see Item 1A. "Risk Factors" included in this report.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|Our cybersecurity risk identification and assessment process is integrated into our enterprise risk management process. Our board of directors and key members of management across the organization rank previously identified risks, identify new or emerging risks, and provide commentary on the financial or strategic impact these risks could have on the Company.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
One of the key functions of our board of directors is to provide informed oversight of our risk management processes. While management is assigned responsibility for the day-to-day response to material risks we face, our board of directors maintains responsibility for risk oversight, including risks related to cybersecurity threats. The Audit Committee of our board of directors is responsible for discussing risk exposures relating to cybersecurity, including current and emerging developments and threats, and the steps management has taken to monitor and control such exposures. The Audit Committee is composed of board members with diverse expertise, including financial, governance, and information security and controls, which equips them to oversee cybersecurity risks effectively.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|our Information Technology (IT) Director provides quarterly updates to our board of directors on cybersecurity incidents, cybersecurity awareness activities, including results of mock-phishing exercises, regulatory and compliance matters specific to cybersecurity, and activities related to business continuity, including data validation and restore testing and tabletop exercises.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The risk survey responses are analyzed in the context of our business, recommendations are made where appropriate, and ownership of risk response is assigned to specific individuals. The results of this process are presented to our board of directors at least annually. In addition, our Information Technology (IT) Director provides quarterly updates to our board of directors on cybersecurity incidents, cybersecurity awareness activities, including results of mock-phishing exercises, regulatory and compliance matters specific to cybersecurity, and activities related to business continuity, including data validation and restore testing and tabletop exercises. Risk assessment for cybersecurity threats is embedded into these quarterly updates, with each topic discussed being assigned a risk level.
|Cybersecurity Risk Role of Management [Text Block]
|
Primary responsibility for assessing, monitoring and managing our cybersecurity risks rests with our IT Director. Our current IT Director has been in his position since 2014 and has over 30 years of information technology, finance, and operational experience in our organization. Our IT Director is certified in governance of enterprise IT (CGEIT), is a Certified Data Privacy Solutions Engineer (CDPSE) and a Certified Information Systems Auditor (CISA). Our IT Director and other IT leaders systematically use the Control Objectives for Information and Related Technology (COBIT) framework as an IT governance framework and remain educated on other best practices in compliance, projects, and processes. In addition, our IT Director reviews our operational plan annually with our operating segments, which includes review and discussion of a cybersecurity risk management framework.
Our information services department, led by our IT Director, manages and continually enhances our information systems with the ultimate goal of preventing cybersecurity incidents to the extent feasible, while simultaneously increasing our system resilience in an effort to minimize the business impact should an incident occur. We work to install new and upgrade existing information technology systems. We recognize the importance of preventative controls in mitigating the risk from cybersecurity threats and have implemented measures such as anti-virus security, two-factor authentication, web filtering, browser isolation tools, and mobility safeguards to enable enhanced security on personal devices. In addition, we provide mandatory cybersecurity training to our employees around phishing, malware, and other cybersecurity risks to ensure that we are protected, to the greatest extent possible, against cybersecurity risks and security breaches.
Recognizing the complexity and evolving nature of cybersecurity threats, we engage independent third parties to penetration test our systems, consult on security enhancements, and perform industrial control system audits. In addition, our IT-related internal controls over financial reporting are audited by both our internal auditors and independent external auditors. These practices allow us to leverage specialized knowledge and insights, identify risks, and continuously improve our information technology internal controls and processes to respond to the evolving cybersecurity threats.We also acknowledge the risks associated with third-party service providers. We employ a risk-based due diligence process of engaging and managing third-party relationships. The third-party management program is integrated into our enterprise risk management process to measure risks and evaluate current and evolving resource needs. We perform risk assessments of new and existing service providers, develop and maintain a proactive approach to address non-compliance, and establish monitoring plans based on risk scores. This process continues throughout the lifecycle of the third-party relationship. Initially, new third parties are segmented into risk categories based on reputational/sanction screenings, geographical location, contractual obligations, financial arrangements, data transfer/sharing agreements, subcontractor/additional entity relationships of the third party, and business relationship oversight feedback. When the ongoing risk monitoring identifies a change in risk profiles, monitoring plans are adjusted as appropriate to ensure proper controls are in place and due diligence is applied to mitigate higher-risk relationships. These practices are designed to mitigate risks related to data breaches and other security incidents originating from third-party service providers.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|Primary responsibility for assessing, monitoring and managing our cybersecurity risks rests with our IT Director.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Our current IT Director has been in his position since 2014 and has over 30 years of information technology, finance, and operational experience in our organization. Our IT Director is certified in governance of enterprise IT (CGEIT), is a Certified Data Privacy Solutions Engineer (CDPSE) and a Certified Information Systems Auditor (CISA).
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|We have an established cross-functional IT incident response team, which includes our IT Director, to respond to cyber incidents effectively and to coordinate communications that may be necessary in the event of an incident. The incident response team has a prescriptive plan to track cyber incidents and responses and has established communication protocols when an event occurs, enabling better reporting of such events.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef