XML 20 R12.htm IDEA: XBRL DOCUMENT v3.25.1
Cybersecurity Risk Management, Strategy and Governance
 12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

ITEM 1C. CYBERSECURITY

We have developed and implemented a cybersecurity risk management program intended to protect the confidentiality, integrity, and availability of our critical systems and information. Our cybersecurity risk management program is aligned with the Company’s business strategy. It shares common methodologies, reporting channels, and governance processes that apply to other areas of enterprise risk, including legal, compliance, strategic, operational, and financial risk. Key elements of our cybersecurity risk management program include:

risk assessments designed to help identify material cybersecurity risks to our critical systems, information, products, services, and our broader enterprise information technology environment;
the use of external service providers, where appropriate, to assess, test, or otherwise assist with aspects of our security controls;
training and awareness programs for team members that include periodic and ongoing assessments to drive adoption and awareness of cybersecurity processes and controls;
a cybersecurity incident response plan that includes procedures for responding to cybersecurity incidents; and
a third-party risk management process for service providers, suppliers, and vendors.

In the last three fiscal years, the Company has not experienced any material cybersecurity incidents. We describe whether and how risks from identified cybersecurity threats have or that are reasonably likely to affect our financial position, results of operations, and cash flows, under the heading “Cyber-attacks and other disruptions, security breaches, and incidents could have an adverse effect on our business, harm our reputation, and expose us to liability” included as part of our Item 1A. "Risk Factors" of this Annual Report on Form 10-K, which disclosures are incorporated by reference herein.

The Company outsources around-the-clock coverage to a third-party managed service provider who provides timely alerting and notification of potential cybersecurity issues. We continually work with third-party experts to advise on new threats and cybersecurity strategy best practices for specific capabilities.

Our Audit Committee of the Board of Directors is responsible for oversight of our risk assessment, risk management, disaster recovery procedures, and cybersecurity risks. Periodically each year, the Audit Committee receives an overview from our Chief Executive Officer of our cybersecurity threat risk management and strategy processes, including potential impact on the Company, the efforts of management to manage the risks that are identified, and our disaster recovery preparations. Members of the Board of Directors regularly engage in discussions with management on cybersecurity-related news events and discuss any updates to our cybersecurity risk management and strategy programs.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block] We have developed and implemented a cybersecurity risk management program intended to protect the confidentiality, integrity, and availability of our critical systems and information. Our cybersecurity risk management program is aligned with the Company’s business strategy.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Board of Directors Oversight [Text Block]

The Company outsources around-the-clock coverage to a third-party managed service provider who provides timely alerting and notification of potential cybersecurity issues. We continually work with third-party experts to advise on new threats and cybersecurity strategy best practices for specific capabilities.

Our Audit Committee of the Board of Directors is responsible for oversight of our risk assessment, risk management, disaster recovery procedures, and cybersecurity risks. Periodically each year, the Audit Committee receives an overview from our Chief Executive Officer of our cybersecurity threat risk management and strategy processes, including potential impact on the Company, the efforts of management to manage the risks that are identified, and our disaster recovery preparations. Members of the Board of Directors regularly engage in discussions with management on cybersecurity-related news events and discuss any updates to our cybersecurity risk management and strategy programs.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] Our Audit Committee of the Board of Directors is responsible for oversight of our risk assessment, risk management, disaster recovery procedures, and cybersecurity risks.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] Our Audit Committee of the Board of Directors is responsible for oversight of our risk assessment, risk management, disaster recovery procedures, and cybersecurity risks. Periodically each year, the Audit Committee receives an overview from our Chief Executive Officer of our cybersecurity threat risk management and strategy processes, including potential impact on the Company, the efforts of management to manage the risks that are identified, and our disaster recovery preparations.
Cybersecurity Risk Role of Management [Text Block] It shares common methodologies, reporting channels, and governance processes that apply to other areas of enterprise risk, including legal, compliance, strategic, operational, and financial risk. Key elements of our cybersecurity risk management program include:
risk assessments designed to help identify material cybersecurity risks to our critical systems, information, products, services, and our broader enterprise information technology environment;
the use of external service providers, where appropriate, to assess, test, or otherwise assist with aspects of our security controls;
training and awareness programs for team members that include periodic and ongoing assessments to drive adoption and awareness of cybersecurity processes and controls;
a cybersecurity incident response plan that includes procedures for responding to cybersecurity incidents; and
a third-party risk management process for service providers, suppliers, and vendors.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] Audit Committee receives an overview from our Chief Executive Officer of our cybersecurity threat risk management and strategy processes, including potential impact on the Company, the efforts of management to manage the risks that are identified, and our disaster recovery preparations.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] Periodically each year, the Audit Committee receives an overview from our Chief Executive Officer of our cybersecurity threat risk management and strategy processes, including potential impact on the Company, the efforts of management to manage the risks that are identified, and our disaster recovery preparations. Members of the Board of Directors regularly engage in discussions with management on cybersecurity-related news events and discuss any updates to our cybersecurity risk management and strategy programs.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] Members of the Board of Directors regularly engage in discussions with management on cybersecurity-related news events and discuss any updates to our cybersecurity risk management and strategy programs.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true