|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
The Company, through SSH as its administrator, maintains a cybersecurity team with dedicated personnel and resources to prevent, detect, and respond to cyberattacks. Our focus is to reduce the risk of occurrences of attacks by utilizing available technologies to establish and maintain detection capabilities for new and emerging threats and to contain threats in the event of a successful cyberattack. These cybersecurity services are provided to us under the Amended Administrative Services Agreement with SSH, pursuant to which SSH acts as administrator of information technology services, which maintains an information technology department (the “IT Department”) of over 40 employees that carry out cybersecurity policies and procedures for the Company.
The IT Department’s cybersecurity team regularly reviews, amends or adopts policies and processes to identify and contain cybersecurity threats, including but not limited to the following areas:
•Information technology and proper usage of resources
•Patch Management
•Network Security
•Application Security
•Systems Security
•Cryptography
The governance procedures of the IT Department are built in accordance with known standards and frameworks, such as ISO, NIST, and OWASP, among others.
Our public attack surface and internet-based services are monitored regularly, which is reinforced by regular invasive tests and attack simulations. Further, SSH performs manual and automated internal audits and engages and oversees external third party consultants to perform audits of its cybersecurity activities (e.g. vulnerability exercises, configuration audits). The objective of these efforts is to promote effective compliance with our governance policies and to detect deviations in cybersecurity policies as early as possible to allow timely remediation.
The Company, through SSH as its administrator, has built a cybersecurity operation center for the IT Department supported by dedicated tools and personnel for the purpose of detecting and responding to cybersecurity threats and attacks and implementing incident responses. The IT Department evaluates the cybersecurity policies and strategies of third parties to protect the Company’s interests. A vendor assessment process is also used to ensure a vendor’s digital footprint matches our requirements.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
The Company, through SSH as its administrator, maintains a cybersecurity team with dedicated personnel and resources to prevent, detect, and respond to cyberattacks. Our focus is to reduce the risk of occurrences of attacks by utilizing available technologies to establish and maintain detection capabilities for new and emerging threats and to contain threats in the event of a successful cyberattack. These cybersecurity services are provided to us under the Amended Administrative Services Agreement with SSH, pursuant to which SSH acts as administrator of information technology services, which maintains an information technology department (the “IT Department”) of over 40 employees that carry out cybersecurity policies and procedures for the Company.
The IT Department’s cybersecurity team regularly reviews, amends or adopts policies and processes to identify and contain cybersecurity threats, including but not limited to the following areas:
•Information technology and proper usage of resources
•Patch Management
•Network Security
•Application Security
•Systems Security
•Cryptography
The governance procedures of the IT Department are built in accordance with known standards and frameworks, such as ISO, NIST, and OWASP, among others.
Our public attack surface and internet-based services are monitored regularly, which is reinforced by regular invasive tests and attack simulations. Further, SSH performs manual and automated internal audits and engages and oversees external third party consultants to perform audits of its cybersecurity activities (e.g. vulnerability exercises, configuration audits). The objective of these efforts is to promote effective compliance with our governance policies and to detect deviations in cybersecurity policies as early as possible to allow timely remediation.
The Company, through SSH as its administrator, has built a cybersecurity operation center for the IT Department supported by dedicated tools and personnel for the purpose of detecting and responding to cybersecurity threats and attacks and implementing incident responses. The IT Department evaluates the cybersecurity policies and strategies of third parties to protect the Company’s interests. A vendor assessment process is also used to ensure a vendor’s digital footprint matches our requirements.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Our Chief Information Officer, supported by the Information Security Officer, (both of whom are employees of SSH), are responsible for the oversight of the Company’s cybersecurity strategy. The Chief Information Officer reports to our Vice President, who has the overall risk ownership and accountability to control such risks. Our Vice President formulates cybersecurity strategies and drives initiatives, and together with the Chief Information Officer, sets targets, develops policies and procedures to mitigate the cybersecurity risks, and execute our cybersecurity efforts.
Furthermore, the IT Department collects key performance indicators (“KPIs”) which are reported to the Company’s Vice President and Chief Operating Officer on a monthly basis. These KPIs include the public attack surface score and the infrastructure vulnerability index.
The cybersecurity team is part of Scorpio's Cyber-Security Committee, which is made up of Scorpio's ship management security officers and selected representatives from all corporate departments within Scorpio. The Cybersecurity Committee meets monthly to discuss main threats to information technology (including those systems related to our vessels), coordinates vessel drills and aligns on the various cybersecurity initiatives conducted through the year.
The Chief Information Officer and Chief Operating Officer provide reports to the Company’s Audit Committee, which ultimately oversees cybersecurity risks and initiatives, on at least a quarterly basis. These reports summarize any material cybersecurity incidents, updates on the Company’s cybersecurity strategy, and any recent actions taken.
Management’s Cyber Security Experience
Our Chief Information Officer has more than 20 years of experience in IT management and has held the role of Chief Information Officer with Scorpio for 8 years with enterprise responsibility for information security. Our Information Security Officer has extensive experience of more than 8 years in Information Security and cybersecurity and has the following certifications:
•ISACA CISM Certified Security Information Manager
•ISC2 CISSP Certified Information Systems Security Professional
•EC-Council CCISO Certified Chief Security Information Officer
•PECB ISO27001 Lead Implementer and Lead Auditor
•EC-Council (CEH) Certified Ethical Hacker, (CIH) Certified Incident Handler, (CHFI) Computer Hacking Forensics Investigator, (CSA) Certified SOC Analyst
Our Chief Operating Officer has extensive experience in senior positions in the shipping industry for over 30 years and from overseeing the Company’s information technology and enterprise risk management for more than 14 years. As Chief Operating Officer and a member of the Board of Directors, he has had the overall managerial responsibility for the Company’s information security, and he has been closely involved in designing our risk management policies and procedures.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
The Chief Information Officer and Chief Operating Officer provide reports to the Company’s Audit Committee, which ultimately oversees cybersecurity risks and initiatives, on at least a quarterly basis. These reports summarize any material cybersecurity incidents, updates on the Company’s cybersecurity strategy, and any recent actions taken.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
The Chief Information Officer and Chief Operating Officer provide reports to the Company’s Audit Committee, which ultimately oversees cybersecurity risks and initiatives, on at least a quarterly basis. These reports summarize any material cybersecurity incidents, updates on the Company’s cybersecurity strategy, and any recent actions taken.
|Cybersecurity Risk Role of Management [Text Block]
|
Our Chief Information Officer, supported by the Information Security Officer, (both of whom are employees of SSH), are responsible for the oversight of the Company’s cybersecurity strategy. The Chief Information Officer reports to our Vice President, who has the overall risk ownership and accountability to control such risks. Our Vice President formulates cybersecurity strategies and drives initiatives, and together with the Chief Information Officer, sets targets, develops policies and procedures to mitigate the cybersecurity risks, and execute our cybersecurity efforts.
Furthermore, the IT Department collects key performance indicators (“KPIs”) which are reported to the Company’s Vice President and Chief Operating Officer on a monthly basis. These KPIs include the public attack surface score and the infrastructure vulnerability index.
The cybersecurity team is part of Scorpio's Cyber-Security Committee, which is made up of Scorpio's ship management security officers and selected representatives from all corporate departments within Scorpio. The Cybersecurity Committee meets monthly to discuss main threats to information technology (including those systems related to our vessels), coordinates vessel drills and aligns on the various cybersecurity initiatives conducted through the year.
The Chief Information Officer and Chief Operating Officer provide reports to the Company’s Audit Committee, which ultimately oversees cybersecurity risks and initiatives, on at least a quarterly basis. These reports summarize any material cybersecurity incidents, updates on the Company’s cybersecurity strategy, and any recent actions taken.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|The cybersecurity team is part of Scorpio's Cyber-Security Committee, which is made up of Scorpio's ship management security officers and selected representatives from all corporate departments within Scorpio. The Cybersecurity Committee meets monthly to discuss main threats to information technology (including those systems related to our vessels), coordinates vessel drills and aligns on the various cybersecurity initiatives conducted through the year.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|
Our Chief Information Officer has more than 20 years of experience in IT management and has held the role of Chief Information Officer with Scorpio for 8 years with enterprise responsibility for information security. Our Information Security Officer has extensive experience of more than 8 years in Information Security and cybersecurity and has the following certifications:
•ISACA CISM Certified Security Information Manager
•ISC2 CISSP Certified Information Systems Security Professional
•EC-Council CCISO Certified Chief Security Information Officer
•PECB ISO27001 Lead Implementer and Lead Auditor
•EC-Council (CEH) Certified Ethical Hacker, (CIH) Certified Incident Handler, (CHFI) Computer Hacking Forensics Investigator, (CSA) Certified SOC Analyst
Our Chief Operating Officer has extensive experience in senior positions in the shipping industry for over 30 years and from overseeing the Company’s information technology and enterprise risk management for more than 14 years. As Chief Operating Officer and a member of the Board of Directors, he has had the overall managerial responsibility for the Company’s information security, and he has been closely involved in designing our risk management policies and procedures.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|
Our Chief Information Officer, supported by the Information Security Officer, (both of whom are employees of SSH), are responsible for the oversight of the Company’s cybersecurity strategy. The Chief Information Officer reports to our Vice President, who has the overall risk ownership and accountability to control such risks. Our Vice President formulates cybersecurity strategies and drives initiatives, and together with the Chief Information Officer, sets targets, develops policies and procedures to mitigate the cybersecurity risks, and execute our cybersecurity efforts.
Furthermore, the IT Department collects key performance indicators (“KPIs”) which are reported to the Company’s Vice President and Chief Operating Officer on a monthly basis. These KPIs include the public attack surface score and the infrastructure vulnerability index.The cybersecurity team is part of Scorpio's Cyber-Security Committee, which is made up of Scorpio's ship management security officers and selected representatives from all corporate departments within Scorpio. The Cybersecurity Committee meets monthly to discuss main threats to information technology (including those systems related to our vessels), coordinates vessel drills and aligns on the various cybersecurity initiatives conducted through the year.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef