|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Abstract]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|We
employ procedures designed to identify, protect, detect and respond to and manage reasonably foreseeable cybersecurity risks and threats.
To protect our information systems from cybersecurity threats, we use various security tools that help prevent, identify, escalate, investigate,
resolve and recover from identified vulnerabilities and security incidents in a timely manner. Our information security framework is
based on the NIST Cybersecurity Framework, which along with continuous vigilance through ongoing vulnerability analyses, internal/external
testing, alerts and reviews of cybersecurity events, our comprehensive strategic risk assessment is achieved with collaboration of multidisciplinary
teams, and our vendor management that includes a robust contracting process and engages third parties for cybersecurity support, ensure
a resilient operation.
We regularly assess risks from cybersecurity and technology threats and monitor our information systems for potential vulnerabilities, including those that could arise from internal sources and external sources such as third-party service providers we do business with. We use a widely-adopted risk quantification model to identify, measure and prioritize cybersecurity and technology risks and develop related security controls and safeguards. We conduct regular reviews and other exercises to evaluate the effectiveness of our information security program and improve our security measures and planning. We currently engage an external assessor and may in the future determine to engage an assessor(s), consultant(s), auditor(s) or other third party(s) to supplement our processes.
The Board oversees our annual enterprise risk assessment, where we assess key risks within the company, including security and technology risks and cybersecurity threats. The Audit Committee of the Board oversees our cybersecurity risk and receives regular reports from our management team on various cybersecurity matters, including risk assessments, mitigation strategies, areas of emerging risks, incidents and industry trends, and other areas of importance. One of the Audit Committee members has a Bachelor’s degree in Computer Science, is Certified in AI from MIT, and serves as the cybersecurity expert on the board of another company, bringing relevant expertise in cybersecurity and technology risk management.
Our cybersecurity team is deeply integrated into our risk management process, led by the Director of Information and Technology and our Cybersecurity Coordinator. Since 2022, the Director has overseen the company’s cybersecurity strategy, engaging with leading vendors, participating in industry events such as CPX, and leading the 2024 security policy redesign with an external advisor. The Cybersecurity Coordinator, a certified expert in ISO27001 and ISO27032, specializes in ethical hacking, SOC management, network security, and standards compliance, ensuring a well-documented and secure cybersecurity architecture. Together, they periodically review and update our incident response plan, and collaborate with subject matter specialists to ensure a comprehensive approach to identifying and managing material cybersecurity threats. An established Information security committee contributes to a vigilant cybersecurity stance.
To date, we have not experienced any attacks intended to lead to interruptions and delays in our service and operations as well as loss, misuse or theft of personal information (of third parties, employees, and our members) and other data, confidential information or intellectual property. Any significant disruption to our service or access to our systems in the future could adversely affect our business and results of operation. Further, a penetration of our systems or a third-party’s systems or other misappropriation or misuse of personal information could subject us to business, regulatory, litigation and reputation risk, which could have a negative effect on our business, financial condition and results of operations. See “Risk Factors - We may be adversely affected by any disruption in our information technology systems. Our operations are dependent upon our information technology systems, which encompass all of our major business functions.”
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block]
|Together, they periodically review and update our incident response plan, and collaborate with subject matter specialists to ensure a comprehensive approach to identifying and managing material cybersecurity threats
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|An established Information security committee contributes to a vigilant cybersecurity stance.
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef