|
Cybersecurity Risk Management, Strategy, and Governance
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Item 1C. Cybersecurity.
Risk Management and Strategy
We recognize the importance of developing, implementing and maintaining cybersecurity measures to safeguard our information systems and protect the confidentiality, integrity, and availability of data. We have integrated cybersecurity risk management into our broader risk management framework. Our digital and technology organization outside the Company continually addresses cybersecurity risk in alignment with our business objectives and operational needs.
Our cybersecurity program is focused on the following areas:
•
Governance: We leverage multiple cybersecurity frameworks (e.g., ISO 27001 and NIST CSF) and regulatory requirements to inform our externally managed information technology (“IT”) infrastructure. Policies for IT use and management for each employee are part of the employee onboarding process and those policies are refreshed periodically as threats emerge that could be relevant to our IT infrastructure.
•
Technical Safeguards: The Company does not use a centralized server where all information is stored and therefore where all information is placed at risk. Instead, we deploy technical and procedural measures using a distributed model so that no one location or machine could cripple the company’s IT infrastructure. Protection measures include network firewalls, network intrusion detection and prevention, penetration testing, vulnerability assessments and monthly risk assessments and management, threat intelligence, anti-malware and access controls, plus data loss prevention and monitoring.
•
Security Awareness / Training: All employees are required to adhere to our Standards of Business Conduct, which identifies an employee's responsibility for information security. We also disseminate security awareness information periodically throughout the year.
•
Third-Party Suppliers and Service Providers: We manage our IT infrastructure with an external vendor who maintains and evaluates risk exposure in real-time and conducts monthly risk assessments and adjustments to preclude cyberattacks. Vendor security reviews evaluate numerous key security controls and the outputs of these reviews are used as part of business decisions regarding storage and dissemination of virtual data and to assess a vendor's overall security posture.
Risks from Cybersecurity Threats
While we are subject to ongoing cybersecurity threats, the risks from these threats have not materially affected, or are reasonably likely to materially affect the company, including our business strategy, results of operations or financial condition. For additional information regarding risks from cybersecurity threats, see "Item 1A. Risk Factors-Risks Related to Our Operations" in this Annual Report.
Board Oversight of Cybersecurity Risks
Our Board is responsible for the oversight of our risk management program and regularly reviews information regarding our most significant strategic, operational, financial, legal and compliance risks, including cybersecurity risks. The Board reviews mitigation plans through discussions with management, which includes regular Board reports and findings from management’s monthly discussions with our outside IT group. Our Board of Directors also reviews and approves our cybersecurity policies, strategies, and budgets on an annual basis.
Management's Role in Assessing and Managing Cybersecurity Risks
Our CEO in conjunction with our external IT team are responsible for setting the strategy and communicating cybersecurity risks. With the Company’s distributed model of data storage, risks have been limited and the Company has not experienced a cybersecurity breach. The Company’s security measures and monthly system audits to identify potential vulnerabilities and remediate deficiencies in real time.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|We have integrated cybersecurity risk management into our broader risk management framework. Our digital and technology organization outside the Company continually addresses cybersecurity risk in alignment with our business objectives and operational needs.
Our cybersecurity program is focused on the following areas:
•
Governance: We leverage multiple cybersecurity frameworks (e.g., ISO 27001 and NIST CSF) and regulatory requirements to inform our externally managed information technology (“IT”) infrastructure. Policies for IT use and management for each employee are part of the employee onboarding process and those policies are refreshed periodically as threats emerge that could be relevant to our IT infrastructure.
•
Technical Safeguards: The Company does not use a centralized server where all information is stored and therefore where all information is placed at risk. Instead, we deploy technical and procedural measures using a distributed model so that no one location or machine could cripple the company’s IT infrastructure. Protection measures include network firewalls, network intrusion detection and prevention, penetration testing, vulnerability assessments and monthly risk assessments and management, threat intelligence, anti-malware and access controls, plus data loss prevention and monitoring.
•
Security Awareness / Training: All employees are required to adhere to our Standards of Business Conduct, which identifies an employee's responsibility for information security. We also disseminate security awareness information periodically throughout the year.
•
Third-Party Suppliers and Service Providers: We manage our IT infrastructure with an external vendor who maintains and evaluates risk exposure in real-time and conducts monthly risk assessments and adjustments to preclude cyberattacks. Vendor security reviews evaluate numerous key security controls and the outputs of these reviews are used as part of business decisions regarding storage and dissemination of virtual data and to assess a vendor's overall security posture.
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Our Board is responsible for the oversight of our risk management program and regularly reviews information regarding our most significant strategic, operational, financial, legal and compliance risks, including cybersecurity risks. The Board reviews mitigation plans through discussions with management, which includes regular Board reports and findings from management’s monthly discussions with our outside IT group. Our Board of Directors also reviews and approves our cybersecurity policies, strategies, and budgets on an annual basis.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Our Board is responsible for the oversight of our risk management program and regularly reviews information regarding our most significant strategic, operational, financial, legal and compliance risks, including cybersecurity risks.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Our Board of Directors also reviews and approves our cybersecurity policies, strategies, and budgets on an annual basis.
|Cybersecurity Risk Role of Management [Text Block]
|Our CEO in conjunction with our external IT team are responsible for setting the strategy and communicating cybersecurity risks. With the Company’s distributed model of data storage, risks have been limited and the Company has not experienced a cybersecurity breach. The Company’s security measures and monthly system audits to identify potential vulnerabilities and remediate deficiencies in real time.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|Our CEO in conjunction with our external IT team are responsible for setting the strategy and communicating cybersecurity risks.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|The Board reviews mitigation plans through discussions with management, which includes regular Board reports and findings from management’s monthly discussions with our outside IT group
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef