|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
We are increasingly dependent on sophisticated software applications and computing infrastructure to conduct key operations. We depend on both our own systems, networks, and technology as well as the systems, networks and technology of our contractors, consultants, vendors and other business partners.
Cybersecurity Program
Given the importance of cybersecurity to our business, we maintain a robust and comprehensive cybersecurity program to support both the effectiveness of our systems and our preparedness for information security risks. This program includes a number of administrative, physical and technical safeguards, with regular evaluations of our cybersecurity posture, including internal and external audits, as well as annual penetration tests. We also require cybersecurity training when onboarding new employees and contractors and on an annual basis thereafter. Our cybersecurity program leverages industry frameworks, including the National Institute of Standards and Technology (NIST) Cybersecurity Framework to strengthen our program effectiveness and reduce cybersecurity risks.
We use a risk-based approach with respect to our oversight of third-party service providers. As part of our process for onboarding new vendors, we assess new third-party service providers for technical capabilities, reputation, financial stability, pricing, and other criteria and such third-party service providers are reviewed and approved by our Finance and Legal departments. We have implemented processes to confirm that agreements with third-parties contain data security and privacy terms as appropriate. For certain key third-party service providers, we obtain a SOC type 2 audit report from the vendor’s audit firm which provides detailed information and assurance about a service organization’s security, availability, processing integrity, confidentiality and privacy controls.
Process for Assessing, Identifying and Managing Material Risks from Cybersecurity Threats
In the event of a cybersecurity incident, we maintain a regularly tested Incident Management and Response program as well as business continuity and disaster recovery plans. Pursuant to the program and its escalation protocols, designated personnel are responsible for assessing the severity of an incident and associated threat and handling it in accordance with that severity level.
We have relationships with a number of third-party service providers to assist with cybersecurity evaluation, containment and remediation efforts.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|Given the importance of cybersecurity to our business, we maintain a robust and comprehensive cybersecurity program to support both the effectiveness of our systems and our preparedness for information security risks.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Board OversightWhile our Board of Directors has overall responsibility for risk oversight, our Audit Committee oversees cybersecurity risk matters. The Audit Committee is responsible for reviewing, discussing with management, and overseeing our data privacy, information technology and security and cybersecurity risk exposures. On at least an annual basis, the ED, IT & IS reports to the Audit Committee on information security and cybersecurity matters, including significant information technology risks, significant threats (and the potential impact of those exposures on our business, financial results, operations and reputation) and the steps implemented by management to monitor and mitigate exposures. He also apprises the Audit Committee promptly of high priority cybersecurity incidents, consistent with our Incident Management and Response Policy, and provides updates to the full Board as needed.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The controls and processes employed to assess, identify and manage material risks from cybersecurity threats are implemented and overseen by our Executive Director of IT and Information Security (ED, IT & IS), who reports to our Chief Financial Officer
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|He is responsible for the day-to-day management of the cybersecurity program, including the prevention, detection, investigation, response to, and recovery from cybersecurity threats and incidents, and is regularly engaged to help ensure the cybersecurity program functions effectively in the face of evolving cybersecurity threats. He provides regular briefings (quarterly at a minimum) to our Computer Security Incident Response Team consisting of the Chief Financial Officer and General Counsel/Chief Compliance Officer on cybersecurity matters, including threats, events, and program enhancements.
|Cybersecurity Risk Role of Management [Text Block]
|
Management Oversight
The controls and processes employed to assess, identify and manage material risks from cybersecurity threats are implemented and overseen by our Executive Director of IT and Information Security (ED, IT & IS), who reports to our Chief Financial Officer. Our ED, IT & IS has over 30 years of IT experience and an Advanced Graduate Certification in Cybersecurity. He is responsible for the day-to-day management of the cybersecurity program, including the prevention, detection, investigation, response to, and recovery from cybersecurity threats and incidents, and is regularly engaged to help ensure the cybersecurity program functions effectively in the face of evolving cybersecurity threats. He provides regular briefings (quarterly at a minimum) to our Computer Security Incident Response Team consisting of the Chief Financial Officer and General Counsel/Chief Compliance Officer on cybersecurity matters, including threats, events, and program enhancements.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|Executive Director of IT and Information Security (ED, IT & IS), who reports to our Chief Financial Officer
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Our ED, IT & IS has over 30 years of IT experience and an Advanced Graduate Certification in Cybersecurity.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|
The controls and processes employed to assess, identify and manage material risks from cybersecurity threats are implemented and overseen by our Executive Director of IT and Information Security (ED, IT & IS), who reports to our Chief Financial Officer. Our ED, IT & IS has over 30 years of IT experience and an Advanced Graduate Certification in Cybersecurity. He is responsible for the day-to-day management of the cybersecurity program, including the prevention, detection, investigation, response to, and recovery from cybersecurity threats and incidents, and is regularly engaged to help ensure the cybersecurity program functions effectively in the face of evolving cybersecurity threats. He provides regular briefings (quarterly at a minimum) to our Computer Security Incident Response Team consisting of the Chief Financial Officer and General Counsel/Chief Compliance Officer on cybersecurity matters, including threats, events, and program enhancements.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef