|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Apr. 30, 2025
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
We have implemented a set of comprehensive cybersecurity and data protection policies and procedures placing special interest in addressing cybersecurity threats and effectively managing associated risks. Our cybersecurity program is designed to identify, assess, and proactively manage material risk from cybersecurity threats, which are integrated into our overall risk management systems, as overseen by the Company’s Board of Directors, primarily through its Audit Committee. Risks from cybersecurity threats are regularly evaluated as a part of our broader risk management activities and as a fundamental component of our internal control system. Our information technology, or IT, program is led by our Director of Information Technology, who strives to monitor and mitigate risks from cybersecurity threats and provides reporting to the Audit Committee.
Our approach to cybersecurity is not a one-time effort but an ongoing process. We engage in monitoring, risk assessments, and robust security measures designed to ensure the confidentiality, integrity, and availability of our information systems, including critical computer networks, hosted services, communication systems, hardware, and software and to protect critical data, including our employees’ and customers’ data, intellectual property, confidential and proprietary data, and strategic competitive information. We address cybersecurity challenges and enhance our overall risk management efforts by adopting and working to integrate recognized best practices, standards, and controls utilizing guidelines from the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF) for our protection and prevention of cybersecurity, risk management, data backup, and disaster recovery.
Our cybersecurity program includes some key aspects such as (i) a Cybersecurity Leader who oversees our day-to-day program, (ii) outsourced information technology firm and consultants with significant expertise in cybersecurity (iii) an incident response team comprised of a cross-section of management with oversight over our programs, (iv) incident detection and response policies, and (v) ongoing security awareness training programs for all employees.
We maintain a practical approach to cybersecurity. Our cybersecurity risk management program (an integral part of our overall Enterprise Risk Management Program) is designed to incorporate guidance from NIST CSF and other industry best practices. Within our program, we conduct internal and external security-based activities, including reviews and assessments of our third-party service providers and vendors. Our employees receive a formal cybersecurity awareness training on an annual basis, including specific topics related to social engineering and email frauds.
Detailed activities include:
•Continuous Monitoring and Detection: Leveraging industry leading technologies to detect and alert on any suspicious activity across the enterprise to prevent and minimize cybersecurity attacks;
•Information Security Assessments: Collaborating with internal and external partners to evaluate our data and network security;
•Vulnerability Scanning and Penetration Testing: Engaging third-party service providers to assess internal and external vulnerabilities and potential threats;
•Cyber Risk Register Reviews: Regularly reviewing our internal risk register to remain fully informed and prepared to address potential and identified risks;
•Risk Prioritization: Prioritizing and addressing risks through our dedicated cybersecurity risk management program and cybersecurity council;
•Annual Third-Party SOC Reviews: Ensuring that our financially critical service partners maintain effective internal controls, including access controls, change management, backup, and disaster recovery planning; and
•Tabletop Exercises and Event Simulations: Engaging all employees across the company to build awareness, education, and enhance our cyber response posture and the collective team decision-making processes.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|We have implemented a set of comprehensive cybersecurity and data protection policies and procedures placing special interest in addressing cybersecurity threats and effectively managing associated risks. Our cybersecurity program is designed to identify, assess, and proactively manage material risk from cybersecurity threats, which are integrated into our overall risk management systems, as overseen by the Company’s Board of Directors, primarily through its Audit Committee. Risks from cybersecurity threats are regularly evaluated as a part of our broader risk management activities and as a fundamental component of our internal control system. Our information technology, or IT, program is led by our Director of Information Technology, who strives to monitor and mitigate risks from cybersecurity threats and provides reporting to the Audit Committee.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|Our Board of Directors has assigned oversight of cybersecurity risk management to the Audit Committee. The Audit Committee regularly receives reports from management, including IT leadership, and third parties on cybersecurity matters.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Our Board of Directors has assigned oversight of cybersecurity risk management to the Audit Committee. The Audit Committee regularly receives reports from management, including IT leadership, and third parties on cybersecurity matters.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|As noted above, the Audit Committee regularly receives reports on cybersecurity matters from senior IT leadership.
|Cybersecurity Risk Role of Management [Text Block]
|IT leadership is responsible for developing appropriate cybersecurity programs, including as may be required by applicable law or regulation. This includes the coordination and creation of an Incident Response Policy, Incident Response Team, and Incident Response Plan in the event of a cybersecurity event. The AOB Incident Response policy covers our internal program and guidelines. The incident response team is composed of various stakeholders from all necessary aspects of the business, and the plan includes the steps to follow and communications necessary if/when a cybersecurity event occurs.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|
IT leadership is responsible for developing appropriate cybersecurity programs, including as may be required by applicable law or regulation. This includes the coordination and creation of an Incident Response Policy, Incident Response Team, and Incident Response Plan in the event of a cybersecurity event. The AOB Incident Response policy covers our internal program and guidelines. The incident response team is composed of various stakeholders from all necessary aspects of the business, and the plan includes the steps to follow and communications necessary if/when a cybersecurity event occurs. The individual incident response team members represent expertise in IT, cybersecurity, finance, and operations that has been obtained generally from a combination of education and awareness, including relevant degrees and/or certifications, and work experience. The Director of IT has served in various roles in information technology and information security for 30 years, including serving in technical management and leadership positions in multiple verticals. The Director of IT holds undergraduate and graduate degrees in computer science and has attained several recognized network and security certifications throughout their career. The individual incident response team members are informed by their respective cybersecurity teams regarding the monitoring, prevention, detection, mitigation and remediation of cybersecurity incidents as part of the cybersecurity programs described above.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|The Director of IT has served in various roles in information technology and information security for 30 years, including serving in technical management and leadership positions in multiple verticals. The Director of IT holds undergraduate and graduate degrees in computer science and has attained several recognized network and security certifications throughout their career.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|Information regarding cybersecurity risks may be elevated by IT leadership through a variety of channels, including discussions between or among key leaders and our management and reports to the Company’s Board of Directors and/or certain Board committees. When a cybersecurity incident is detected, we conduct an immediate assessment, determine materiality, and take appropriate actions as described above. This process is also followed when we are notified that a supplier has a cybersecurity incident.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef