|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Mar. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Cybersecurity Risk Management
Our Cyber Security risks are managed in the following manner.
The Head of IT reviews Cyber Security risk on a regular basis as identified by our external IT service provider based on the current threat landscape and threat intelligence publicly available. These are with a background and understanding of ISO 27002 controls and IASME Cyber Essentials.
These threats are then addressed by implementing appropriate technical and management controls or policies. The board are made aware of the risk, impact and approve a business response.
Our IT provider is responsible for asset management, automated patching, monitoring of critical systems, Security information and event management, incident detection and response, mobile device security and remote management of all the business digital assets.
Our program is outlined within our IT Security Policy and includes but is not limited to: authentication and authorization procedures, employee security awareness training, logging and monitoring procedures, in transit and at rest encryption of certain data we deem sensitive, periodic vulnerability scanning, periodic phishing attack simulations. We also use external service providers, where appropriate, to assess, test or otherwise assist with aspects of our security processes.
Since the beginning of the last financial year, we have identified and prevented risks from known cybersecurity threats that have not had any material affected on the business. For a discussion of how cybersecurity risks could materially affect us in the future, please see the risk factors set forth under the caption Part I, Item 1A, Risk Factors.
Cybersecurity Governance
We follow a practical approach to Cyber Security governance. Cyber Security governance is handled primarily within the IT team and reported directly to the CEO or any affected key management personnel as appropriate.
This in-house capability is further enhanced by a long-standing partnership with an outsourced IT provider with over 23 years of operation, offering access to a broad pool of expertise, including on-demand virtual CTO and CISO services.
We follow an annual IT Security assessment based on the IASME Cyber Essentials framework which is approved by the UK government Cyber Security NCSC and implement policies and controls based on the understanding of ISO 27001 and NIST framework which assist the governance process.
Our Senior management team are highly engaged and hands on with all areas of the business operations and are in close contact and communication with the Head of IT and act quickly to implement controls, policy and change within the business where it is communicated by the IT team.
|Cybersecurity Risk Role of Management [Text Block]
|
We follow a practical approach to Cyber Security governance. Cyber Security governance is handled primarily within the IT team and reported directly to the CEO or any affected key management personnel as appropriate.
This in-house capability is further enhanced by a long-standing partnership with an outsourced IT provider with over 23 years of operation, offering access to a broad pool of expertise, including on-demand virtual CTO and CISO services.
We follow an annual IT Security assessment based on the IASME Cyber Essentials framework which is approved by the UK government Cyber Security NCSC and implement policies and controls based on the understanding of ISO 27001 and NIST framework which assist the governance process.
Our Senior management team are highly engaged and hands on with all areas of the business operations and are in close contact and communication with the Head of IT and act quickly to implement controls, policy and change within the business where it is communicated by the IT team.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|Cyber Security governance is handled primarily within the IT team and reported directly to the CEO or any affected key management personnel as appropriate.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef