|
Cybersecurity Risk Management, Strategy and Governance
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Item 1C. Cybersecurity.
The security of our information technology systems and Company data is important to our operations and reputation. Accordingly, we are committed to identifying and managing cybersecurity risks. Our cybersecurity team performs periodic risk assessments and, on a quarterly basis, provides our Enterprise Risk Management Committee (“ERM”) information related to the Company’s cybersecurity, including statistics on attempted cyber-attacks, status of employee information security training awareness, and information on any security investigations. The cybersecurity team advises the ERM of significant global cyber events that occurred during the quarter and whether they impacted DIRTT. The cybersecurity team regularly discusses with the ERM the Company’s cybersecurity posture and whether the Company should implement additional protections and controls to assist the Company in protecting, responding to, or mitigating potential future cyber-attacks.
DIRTT has developed and implemented a cybersecurity risk management strategy which consists of 5 phases: Identify, Protect, Detect, Respond, and Recover. Each phase has multiple processes and technologies supporting those processes.
Identify
Identification processes at DIRTT include: system asset identification, threat identification, vulnerability identification and maintaining cybersecurity policies and standards.
Protect
Protection processes at DIRTT include: cyber awareness training, cyber awareness assessment (each employee is assigned a cybersecurity awareness grade calculated by a best in class cybersecurity vendor), implementation of identity and access controls, perimeter and endpoint security, annual vulnerability assessments and remediation, data encryption in transit, key vendor (third parties) control effectiveness assessment, and pre-implementation of software and systems cybersecurity assessments.
Detect
Detection processes at DIRTT include: automated event collection, collation, analysis, alerting and end user incident reporting.
Respond
Respond processes at DIRTT include: containment, communication, investigation and analysis, and long-term mitigation planning.
Recover
Recovery processes at DIRTT include: impact identification and analysis, system restoration, internal and external communications as deemed necessary.
DIRTT engages external assessors annually for specific controls, to assess and provide assurance on the health of DIRTT’s cybersecurity posture and controls.
DIRTT’s Senior Vice President of Technology (“SVP of Technology”), who reports to the President and Chief Operating Officer, is responsible for DIRTT’s cybersecurity and has over 15 years of technology experience. The SVP of Technology is supported by dedicated cybersecurity staff and Governance, Risk and Compliance (“GRC”) staff. DIRTT’s cybersecurity team leader has over 20 years of experience in cybersecurity, multiple industry standard cybersecurity certifications, and extensive offensive and defensive cybersecurity tactical skills. DIRTT’s GRC lead has over 20 years of GRC experience and industry standard certifications. Cybersecurity incidents, response and remediation activities and statuses are reported directly to the SVP of Technology.
The ERM of the Board of Directors oversees risks resulting from cybersecurity threats. DIRTT’s management, represented by the SVP of Technology, is responsible for identifying, assessing, and managing risks arising from cybersecurity threats. Quarterly, DIRTT’s SVP of Technology reports to the ERM on the health of DIRTT’s cybersecurity, incidents, and emerging threats and vulnerabilities that may impact the Company.
As of the date of this Annual Report, the Company has not identified any cybersecurity incidents that have materially affected or are reasonably likely to materially affect the Company’s results of operations and/or financial condition. See “Item 1A. Risk Factors” for additional information about cybersecurity risk.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
DIRTT has developed and implemented a cybersecurity risk management strategy which consists of 5 phases: Identify, Protect, Detect, Respond, and Recover. Each phase has multiple processes and technologies supporting those processes.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
DIRTT’s Senior Vice President of Technology (“SVP of Technology”), who reports to the President and Chief Operating Officer, is responsible for DIRTT’s cybersecurity and has over 15 years of technology experience. The SVP of Technology is supported by dedicated cybersecurity staff and Governance, Risk and Compliance (“GRC”) staff. DIRTT’s cybersecurity team leader has over 20 years of experience in cybersecurity, multiple industry standard cybersecurity certifications, and extensive offensive and defensive cybersecurity tactical skills. DIRTT’s GRC lead has over 20 years of GRC experience and industry standard certifications. Cybersecurity incidents, response and remediation activities and statuses are reported directly to the SVP of Technology.
The ERM of the Board of Directors oversees risks resulting from cybersecurity threats. DIRTT’s management, represented by the SVP of Technology, is responsible for identifying, assessing, and managing risks arising from cybersecurity threats. Quarterly, DIRTT’s SVP of Technology reports to the ERM on the health of DIRTT’s cybersecurity, incidents, and emerging threats and vulnerabilities that may impact the Company.
As of the date of this Annual Report, the Company has not identified any cybersecurity incidents that have materially affected or are reasonably likely to materially affect the Company’s results of operations and/or financial condition. See “Item 1A. Risk Factors” for additional information about cybersecurity risk.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
The ERM of the Board of Directors oversees risks resulting from cybersecurity threats. DIRTT’s management, represented by the SVP of Technology, is responsible for identifying, assessing, and managing risks arising from cybersecurity threats. Quarterly, DIRTT’s SVP of Technology reports to the ERM on the health of DIRTT’s cybersecurity, incidents, and emerging threats and vulnerabilities that may impact the Company.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Quarterly, DIRTT’s SVP of Technology reports to the ERM on the health of DIRTT’s cybersecurity, incidents, and emerging threats and vulnerabilities that may impact the Company.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|DIRTT’s Senior Vice President of Technology (“SVP of Technology”), who reports to the President and Chief Operating Officer, is responsible for DIRTT’s cybersecurity and has over 15 years of technology experience.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|DIRTT’s Senior Vice President of Technology (“SVP of Technology”), who reports to the President and Chief Operating Officer, is responsible for DIRTT’s cybersecurity and has over 15 years of technology experience. The SVP of Technology is supported by dedicated cybersecurity staff and Governance, Risk and Compliance (“GRC”) staff. DIRTT’s cybersecurity team leader has over 20 years of experience in cybersecurity, multiple industry standard cybersecurity certifications, and extensive offensive and defensive cybersecurity tactical skills. DIRTT’s GRC lead has over 20 years of GRC experience and industry standard certifications.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|DIRTT’s management, represented by the SVP of Technology, is responsible for identifying, assessing, and managing risks arising from cybersecurity threats. Quarterly, DIRTT’s SVP of Technology reports to the ERM on the health of DIRTT’s cybersecurity, incidents, and emerging threats and vulnerabilities that may impact the Company.
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef