|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management Strategy And Governance [Abstract]
|Cybersecurity Risk Management Processes For Assessing Identifying And Managing Threats [Text Block]
|
We operate in the health and wellness sector, which faces various cybersecurity risks that could adversely impact our business, financial condition, and operations. These risks include, but are not limited to, potential attacks to steal intellectual property, commit fraud or extortion, harm employees or customers, violate privacy laws, or damage our reputation. Recognizing the importance of cybersecurity, we have measures in place to protect sensitive information and prevent data loss or other security breaches. Management is actively involved in continuously assessing and addressing privacy and compliance cybersecurity threats through prevention, detection, and response.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
Our cybersecurity program implements a defense-in-depth strategy, ensuring comprehensive safeguards are in place across various security domains. These include Intrusion Detection Firewalls (IPS/IDS) with Advanced malware prevention (AMP), Azure Conditional Access Policies, Multi-Factor Authentication (MFA), Identity and Access Management (IAM), Vulnerability Management, Endpoint Detection and Response (EDR) using CrowdStrike Falcon Complete with Managed Detection and Response (MDR), Data Loss Prevention (DLP), Barracuda XDR for Security Information Event Management (SIEM) and ongoing Security Awareness and Phishing Simulation exercises via KnowBe4 aimed at mitigating the risk of social engineering attacks, and Mobile Device Security Management. A robust incident response system is in place via our MSP partner to handle all security incidents including email (malware, phishing, etc.), cloud, endpoint, data loss prevention alerts and incidents across the organization. Our information security governance is underpinned by standards and policies documents that are reviewed by the Committee and updated annually by the Director of Data Privacy & Security.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight And Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected Or Reasonably Likely To Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board Of Directors Oversight [Text Block]
|
The Audit Committee is responsible for oversight of risks from cybersecurity threats in conjunction with the Committee. The Audit Committee receives quarterly reports and updates from the Committee with respect to the management of risks from cybersecurity threats. Such reports cover our information technology security program, including its status, capabilities, objectives, and plans, as well as the evolving cybersecurity threat landscape. Additionally, the Audit Committee considers risks from cybersecurity threats as part of its oversight of our business strategy, risk management, and financial oversight by reviewing our incident and response matrix, as well as unmediated threats. In addition, The Committee will provide a mitigation and remediation roadmap based on threat criticality for review by the Audit Committee.
|Cybersecurity Risk Board Committee Or Subcommittee Responsible For Oversight [Text Block]
|Audit Committee
|Cybersecurity Risk Process For Informing Board Committee Or Subcommittee Responsible For Oversight [Text Block]
|The Audit Committee receives quarterly reports and updates from the Committee with respect to the management of risks from cybersecurity threats.
|Cybersecurity Risk Role Of Management [Text Block]
|
Our current program was established in 2022 and is based on the NIST Cybersecurity Framework (“NIST CSF”), outlining governance, policies, procedures, and technologies to identify and manage cyber risks. Our Director of Data Privacy & Security and the Privacy & Compliance Committee (“Committee”) oversee day-to-day cybersecurity activities, supported by our managed service provider (“MSP”) partner. The Director of Data Privacy & Security is a highly qualified cybersecurity governance practitioner with industry credentials such as Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP), Project Management Professional (PMP), and Certified Secure Software Lifecycle Professional (CSSLP) amongst others. The Committee provides oversight and receives regular updates on program status, capabilities, objectives, and evolving threats. The Committee members include our Director of Data Privacy & Security and Director of Technology Operations. In the event of a cybersecurity incident, the Committee would then be expanded to include our General Counsel. Data is collected and reviewed as needed and reviewed weekly by our Director of Technology Operations. The Committee reviews all potential incidents as well as all remediation and future mitigation measures. Formal updates regarding potential incidents and/or other cybersecurity initiatives are provided to our CEO on an as-needed basis, and our CEO communicates such incidents and/or cybersecurity initiatives to the Audit Committee of the Board of Directors (the “Audit Committee”). Depending on the materiality of a
potential incident and/or cybersecurity initiatives, the Committee will present all information directly to the Audit Committee.
|Cybersecurity Risk Management Positions Or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions Or Committees Responsible [Text Block]
|Director of Data Privacy & Security and the Privacy & Compliance Committee (“Committee”)
|Cybersecurity Risk Management Expertise Of Management Responsible [Text Block]
|The Director of Data Privacy & Security is a highly qualified cybersecurity governance practitioner with industry credentials such as Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP), Project Management Professional (PMP), and Certified Secure Software Lifecycle Professional (CSSLP) amongst others.
|Cybersecurity Risk Process For Informing Management Or Committees Responsible [Text Block]
|The Committee reviews all potential incidents as well as all remediation and future mitigation measures. Formal updates regarding potential incidents and/or other cybersecurity initiatives are provided to our CEO on an as-needed basis, and our CEO communicates such incidents and/or cybersecurity initiatives to the Audit Committee of the Board of Directors (the “Audit Committee”). Depending on the materiality of a potential incident and/or cybersecurity initiatives, the Committee will present all information directly to the Audit Committee.
|Cybersecurity Risk Management Positions Or Committees Responsible Report To Board [Flag]
|true
|X
- References
+ Details
No definition available.
|X
- References
+ Details
No definition available.
|X
- References
+ Details
No definition available.
|X
- References
+ Details
No definition available.
|X
- References
+ Details
No definition available.
|X
- References
+ Details
No definition available.
|X
- References
+ Details
No definition available.
|X
- References
+ Details
No definition available.
|X
- References
+ Details
No definition available.
|X
- References
+ Details
No definition available.
|X
- References
+ Details
No definition available.
|X
- References
+ Details
No definition available.
|X
- References
+ Details
No definition available.
|X
- References
+ Details
No definition available.
|X
- References
+ Details
No definition available.
|X
- References
+ Details
No definition available.