|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
We recognize the importance of assessing, identifying, and managing material risks associated with cybersecurity threats, as such term is defined in Form 20-F, Part II, Item 16K(a). These risks include, among other things, operational risks; intellectual property theft; fraud; extortion; harm to employees or customers; violation of privacy or security laws and other litigation and legal risk; and reputational risks.
We also maintain an incident response plan to coordinate the activities we take to protect against, detect, respond to and remediate cybersecurity incidents, as such term is defined in Form 20-F, Part II, Item 16K(a), as well as to comply with potentially applicable legal obligations and mitigate brand and reputational damage.
We have implemented several cybersecurity processes, technologies, and controls to aid in our efforts to identify, assess, and manage material risks, as well as to test and improve our incident response plan. Our approach includes, among other things:
• conducting regular network and endpoint monitoring designed to identify threat risks on our information systems, as such term is defined in Form 20-F, Part II, Item 16K(a);
• performing RBAC (role based access control) to groups of employees by isolating assets of each group, applying minimal rights for each group and ensuring that assets are not accessible from public network but only via a VPN;
• using basic open source software to detect intrusions;
• implementing disaster recovery procedures and multiple site redundancy;
• introduction in 2023 of new tools, applications, policies and cyber procedures based on a transition to Microsoft 365 for mails, files sharing and communication of essential assets and to Teams with Microsoft 365 Standard Security providing a baseline protection profile that protects against spam, phishing, and malware threats;
• a planned unification of credential management in 2025 through a Single Sign-On (SSO) solution and enforcement of Multi-Factor Authentication (MFA) across critical systems to further strengthen access security; and
• general policy and practice requiring employees, as well as third-parties who provide services on our behalf, to treat customer information and data with care.
These approaches vary in maturity across the business and we work to continually improve them.
Our process for identifying and assessing material risks from cybersecurity threats operates alongside our broader overall risk assessment process, covering all company risks. As part of this process appropriate disclosure personnel will collaborate with subject matter specialists, as necessary, to gather insights for identifying and assessing material cybersecurity threat risks, their severity, and potential mitigations.
As part of the above approach and processes, we regularly engage with auditors to help identify areas for continued focus, improvement and/or compliance.
In our risk factors, we describe whether and how risks from identified cybersecurity threats, including as a result of any previous cybersecurity incidents, have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations, or financial condition. See our risk factor disclosures at Item 3D of this Annual Report on Form 20-F.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
We have implemented several cybersecurity processes, technologies, and controls to aid in our efforts to identify, assess, and manage material risks, as well as to test and improve our incident response plan. Our approach includes, among other things:
• conducting regular network and endpoint monitoring designed to identify threat risks on our information systems, as such term is defined in Form 20-F, Part II, Item 16K(a);
• performing RBAC (role based access control) to groups of employees by isolating assets of each group, applying minimal rights for each group and ensuring that assets are not accessible from public network but only via a VPN;
• using basic open source software to detect intrusions;
• implementing disaster recovery procedures and multiple site redundancy;
• introduction in 2023 of new tools, applications, policies and cyber procedures based on a transition to Microsoft 365 for mails, files sharing and communication of essential assets and to Teams with Microsoft 365 Standard Security providing a baseline protection profile that protects against spam, phishing, and malware threats;
• a planned unification of credential management in 2025 through a Single Sign-On (SSO) solution and enforcement of Multi-Factor Authentication (MFA) across critical systems to further strengthen access security; and
• general policy and practice requiring employees, as well as third-parties who provide services on our behalf, to treat customer information and data with care.
These approaches vary in maturity across the business and we work to continually improve them.
Our process for identifying and assessing material risks from cybersecurity threats operates alongside our broader overall risk assessment process, covering all company risks. As part of this process appropriate disclosure personnel will collaborate with subject matter specialists, as necessary, to gather insights for identifying and assessing material cybersecurity threat risks, their severity, and potential mitigations.
As part of the above approach and processes, we regularly engage with auditors to help identify areas for continued focus, improvement and/or compliance.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Cybersecurity is an important part of our risk management processes and an area of increasing focus for the Company's board of directors (the “Board”) and management.
As part of our entire Board’s operational risk management responsibilities, the Board provides oversight of risks from cybersecurity threats. The Audit Committee has been designated with the responsibility to regularly review the Company’s processes and procedures around managing cybersecurity threat risks and cybersecurity incidents. At least semi-annually, the Audit Committee receives an overview from management of our cybersecurity threat risk management and strategy processes covering topics such as data security posture, results from third-party assessments, progress towards pre-determined risk-mitigation-related goals, our incident response plan, and cybersecurity threat risks or incidents and developments, as well as the steps management has taken to respond to such risks.
Our cybersecurity risk management and strategy processes, which are discussed in greater detail above, are led by our Director of Information Systems (DIS), who has over 34 years of work experience in various roles in computer science and enterprise/solution/software architecture.
Throughout his career, our DIS has served in pivotal roles in our and other companies, including as Chief Information Officer, overseeing strategic initiatives and driving technological advancements. Notably, he led the implementation of security solutions for a public university with over 75,000 students and 3,000 teachers, ensuring robust protection of sensitive data. His expertise spans enterprise and systems architecture, software engineering, database management, and end-user computing, aligning closely with the multifaceted demands of modern cybersecurity. He has navigated complex regulatory landscapes, ensuring compliance with industry standards and regulatory requirements. His academic background as a lecturer, reinforced by practical experience, includes a Bachelor of Science and Master of Science degrees in Engineering from the French École Nationale Supérieure d'Electrotechnique, d'Electronique, d'Informatique, d'Hydraulique et des Télécommunications (ENSEEIHT), providing a strong foundation for addressing the evolving challenges of information security and cybersecurity strategy.These members of management are informed about and monitor the prevention, mitigation, detection, and remediation of cybersecurity incidents through their management of, and participation in, the cybersecurity risk management and strategy processes described above.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|As part of our entire Board’s operational risk management responsibilities, the Board provides oversight of risks from cybersecurity threats. The Audit Committee has been designated with the responsibility to regularly review the Company’s processes and procedures around managing cybersecurity threat risks and cybersecurity incidents.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|At least semi-annually, the Audit Committee receives an overview from management of our cybersecurity threat risk management and strategy processes covering topics such as data security posture, results from third-party assessments, progress towards pre-determined risk-mitigation-related goals, our incident response plan, and cybersecurity threat risks or incidents and developments, as well as the steps management has taken to respond to such risks.
|Cybersecurity Risk Role of Management [Text Block]
|
Our cybersecurity risk management and strategy processes, which are discussed in greater detail above, are led by our Director of Information Systems (DIS), who has over 34 years of work experience in various roles in computer science and enterprise/solution/software architecture.
Throughout his career, our DIS has served in pivotal roles in our and other companies, including as Chief Information Officer, overseeing strategic initiatives and driving technological advancements. Notably, he led the implementation of security solutions for a public university with over 75,000 students and 3,000 teachers, ensuring robust protection of sensitive data. His expertise spans enterprise and systems architecture, software engineering, database management, and end-user computing, aligning closely with the multifaceted demands of modern cybersecurity. He has navigated complex regulatory landscapes, ensuring compliance with industry standards and regulatory requirements. His academic background as a lecturer, reinforced by practical experience, includes a Bachelor of Science and Master of Science degrees in Engineering from the French École Nationale Supérieure d'Electrotechnique, d'Electronique, d'Informatique, d'Hydraulique et des Télécommunications (ENSEEIHT), providing a strong foundation for addressing the evolving challenges of information security and cybersecurity strategy.These members of management are informed about and monitor the prevention, mitigation, detection, and remediation of cybersecurity incidents through their management of, and participation in, the cybersecurity risk management and strategy processes described above.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|
Our cybersecurity risk management and strategy processes, which are discussed in greater detail above, are led by our Director of Information Systems (DIS), who has over 34 years of work experience in various roles in computer science and enterprise/solution/software architecture.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|
Throughout his career, our DIS has served in pivotal roles in our and other companies, including as Chief Information Officer, overseeing strategic initiatives and driving technological advancements. Notably, he led the implementation of security solutions for a public university with over 75,000 students and 3,000 teachers, ensuring robust protection of sensitive data. His expertise spans enterprise and systems architecture, software engineering, database management, and end-user computing, aligning closely with the multifaceted demands of modern cybersecurity. He has navigated complex regulatory landscapes, ensuring compliance with industry standards and regulatory requirements. His academic background as a lecturer, reinforced by practical experience, includes a Bachelor of Science and Master of Science degrees in Engineering from the French École Nationale Supérieure d'Electrotechnique, d'Electronique, d'Informatique, d'Hydraulique et des Télécommunications (ENSEEIHT), providing a strong foundation for addressing the evolving challenges of information security and cybersecurity strategy.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|These members of management are informed about and monitor the prevention, mitigation, detection, and remediation of cybersecurity incidents through their management of, and participation in, the cybersecurity risk management and strategy processes described above.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef