Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Cybersecurity Risk Management and Oversight

We have processes for assessing, identifying, and managing cybersecurity risks, integrated into our overall risk management program and information technology function. These processes are designed to:

●

Protect our information assets and operations from internal and external cyber threats,

●

Safeguard employee, vendor, and collaborator information from unauthorized access or attack, and

●

Secure our networks and systems.

Our cybersecurity framework includes physical, procedural, and technical safeguards, as well as:

●

Continuous security monitoring to detect any anomalies and events,

●

Response plans for cyber incidents,

●

Regular system testing and incident simulations, and

●

Routine reviews of policies and procedures to identify risks and enhance practices.

To strengthen our cybersecurity risk management practices and oversight, we engage external consultants with expertise in information security, incident response, and governance. Additionally, we evaluate the internal risk oversight programs of third-party service providers before engaging them in order to help protect us from any related vulnerabilities.

Employee Training and Technology-Based Safeguards

We provide annual data protection and cybersecurity training for all personnel, including full-time, part-time, and temporary staff. This program covers topics such as:

●

Social engineering and phishing awareness,

●

Password protection and mobile security, and

●

Incident response and reporting.

To complement employee training, we utilize technology-based tools and practices to mitigate cybersecurity risks, including:

●

Proactive cybersecurity monitoring for threat detection and swift response,

●

Tools to address vulnerabilities and protect information assets,

●

Endpoint security measures, geo-fencing, and geo-blocking on firewalls, and

●

Automatic email prioritization to help our information technology department efficiently address the most critical threats.

Cybersecurity Risk Management Processes Integrated [Text Block]

We have processes for assessing, identifying, and managing cybersecurity risks, integrated into our overall risk management program and information technology function. These processes are designed to:

●

Protect our information assets and operations from internal and external cyber threats,

●

Safeguard employee, vendor, and collaborator information from unauthorized access or attack, and

●

Secure our networks and systems.

Our cybersecurity framework includes physical, procedural, and technical safeguards, as well as:

●

Continuous security monitoring to detect any anomalies and events,

●

Response plans for cyber incidents,

●

Regular system testing and incident simulations, and

●

Routine reviews of policies and procedures to identify risks and enhance practices.

To strengthen our cybersecurity risk management practices and oversight, we engage external consultants with expertise in information security, incident response, and governance. Additionally, we evaluate the internal risk oversight programs of third-party service providers before engaging them in order to help protect us from any related vulnerabilities.

We provide annual data protection and cybersecurity training for all personnel, including full-time, part-time, and temporary staff. This program covers topics such as:

●

Social engineering and phishing awareness,

●

Password protection and mobile security, and

●

Incident response and reporting.

To complement employee training, we utilize technology-based tools and practices to mitigate cybersecurity risks, including:

●

Proactive cybersecurity monitoring for threat detection and swift response,

●

Tools to address vulnerabilities and protect information assets,

●

Endpoint security measures, geo-fencing, and geo-blocking on firewalls, and

●

Automatic email prioritization to help our information technology department efficiently address the most critical threats.

Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]

true

Cybersecurity Risk Board of Directors Oversight [Text Block]

Board and Audit Committee Oversight

We do not believe that there are currently any known risks from cybersecurity threats that are reasonably likely to materially impact the company or its business strategy, operations, or financial condition. The Audit Committee provides direct oversight of cybersecurity risk and updates the Board of Directors on such matters.

Management delivers quarterly cybersecurity updates to the Audit Committee, with additional updates provided as significant new threats or incidents arise.

Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]

Management delivers quarterly cybersecurity updates to the Audit Committee, with additional updates provided as significant new threats or incidents arise.

Cybersecurity Risk Management Positions or Committees Responsible [Flag]

true

Cybersecurity Risk Management Expertise of Management Responsible [Text Block]

Our VP of IT brings over 15 years of experience in cybersecurity, including serving as Chief Information Security Officer for a multinational company in the specialty materials industry. Our VP of IT has experience with compliance programs for cybersecurity-related regulations and standards.

Additionally, the VP of IT has participated in Gartner cybersecurity programs and conferences and received training on combating cyber threats, including phishing, malware, and social engineering.

Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]

true