|
Cybersecurity Risk Management, Strategy, and Governance
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Item 1C. Cybersecurity.
Cybersecurity is a critical element of our information security program. Security controls are implemented in a manner that protects the confidentiality, integrity and availability of our information assets without hindering business operations. Management is responsible for the day-to-day administration of our cybersecurity policies, processes, and practices. Our cybersecurity policies, standards, processes, and practices are based on recognized frameworks established by the National Institute of Standards and Technology (the “NIST”) and management’s knowledge of best practices in the cybersecurity industry. In general, we seek to address material cybersecurity threats through a company-wide approach that addresses the confidentiality, integrity and availability of our information systems or the information that we collect and store, by proactively monitoring for cybersecurity threats and assessing, identifying and managing cybersecurity issues as they occur.
We routinely assess material risks from cybersecurity threats, including any potential unauthorized occurrence on or conducted through our information systems that may result in adverse effects on the confidentiality, integrity, or availability of our information systems or any information residing therein. Key elements of our cybersecurity risk management strategy include:
•
We require an annual Service Organization Control 2 Type 1 report from all third-party providers attesting to the presence of security processes. Additionally, we require that SaaS/PaaS providers perform risk assessments and manage the security risks associated with their services.
•
We have established and maintain a comprehensive incident response plan designed to address our response to a cybersecurity incident. We conduct regular training scenarios to test these plans and ensure personnel are familiar with their roles in a response scenario.
•
We provide regular, mandatory training for employees regarding cybersecurity threats as a means to equip our employees with effective tools to address cybersecurity threats, and to communicate our evolving information security policies, standards, processes and practices.
•
We use a third party to conduct a periodic assessment of our cybersecurity risk posture and maturity against the NIST Cybersecurity Framework. The results are evaluated by management and the Audit Committee and are used to adjust our cybersecurity policies, standards, processes and practices as necessary.
•
The Company studies and evaluates threats in cyber landscape and aims to regularly improve our risk posture by learning from those lessons.
Our Audit Committee receives quarterly presentations and reports on developments in the cybersecurity space, including risk management practices, recent developments, vulnerability assessments, third-party and independent reviews, the threat environment, and information security issues encountered by other public companies.
The Senior Director of IT acts as the Incident Manager and meets regularly with our Incident Response Team, including members of Financial Risk Management, IT Security and Human Resources senior management to discuss the necessary measures to take prior to and during an incident. In the event of an incident, the Incident Manager meets regularly with the executive leadership team and keeps them apprised of the status of any incident during the incident response. Our Board and the Audit Committee also receive prompt and timely information from the Senior Director of IT and executive leadership regarding any cybersecurity risks that meet certain reporting thresholds, as well as ongoing updates regarding any such risk. Finally, the Incident Response Manager briefs corporate leadership on lessons learned from the incident during or after the recovery phase.
The Senior Director of IT, in collaboration with a team of IT professionals, our legal counsel and Human Resources, are tasked with implementing a program designed to protect our information systems from cybersecurity threats and manage material risks. The Senior Director of IT has served in various roles in information technology and information security for over 20 years. The Senior Director of IT and senior management are informed about and monitor the prevention, detection, mitigation and remediation of cybersecurity threats and incidents in real time and report such threats and incidents to the Audit Committee when appropriate.
Risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, have not materially affected and are not reasonably likely to materially affect our Company, including our business strategy, results of operations, or financial condition as of December 31, 2024. For more information, please see the risk factor disclosures included in Item 1A of this Annual Report on Form 10-K.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
•
We have established and maintain a comprehensive incident response plan designed to address our response to a cybersecurity incident. We conduct regular training scenarios to test these plans and ensure personnel are familiar with their roles in a response scenario.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Our Audit Committee receives quarterly presentations and reports on developments in the cybersecurity space, including risk management practices, recent developments, vulnerability assessments, third-party and independent reviews, the threat environment, and information security issues encountered by other public companies.
The Senior Director of IT acts as the Incident Manager and meets regularly with our Incident Response Team, including members of Financial Risk Management, IT Security and Human Resources senior management to discuss the necessary measures to take prior to and during an incident. In the event of an incident, the Incident Manager meets regularly with the executive leadership team and keeps them apprised of the status of any incident during the incident response. Our Board and the Audit Committee also receive prompt and timely information from the Senior Director of IT and executive leadership regarding any cybersecurity risks that meet certain reporting thresholds, as well as ongoing updates regarding any such risk. Finally, the Incident Response Manager briefs corporate leadership on lessons learned from the incident during or after the recovery phase.
The Senior Director of IT, in collaboration with a team of IT professionals, our legal counsel and Human Resources, are tasked with implementing a program designed to protect our information systems from cybersecurity threats and manage material risks. The Senior Director of IT has served in various roles in information technology and information security for over 20 years. The Senior Director of IT and senior management are informed about and monitor the prevention, detection, mitigation and remediation of cybersecurity threats and incidents in real time and report such threats and incidents to the Audit Committee when appropriate.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Our Board and the Audit Committee also receive prompt and timely information from the Senior Director of IT and executive leadership regarding any cybersecurity risks that meet certain reporting thresholds, as well as ongoing updates regarding any such risk.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
Our Audit Committee receives quarterly presentations and reports on developments in the cybersecurity space, including risk management practices, recent developments, vulnerability assessments, third-party and independent reviews, the threat environment, and information security issues encountered by other public companies.
|Cybersecurity Risk Role of Management [Text Block]
|
The Senior Director of IT acts as the Incident Manager and meets regularly with our Incident Response Team, including members of Financial Risk Management, IT Security and Human Resources senior management to discuss the necessary measures to take prior to and during an incident. In the event of an incident, the Incident Manager meets regularly with the executive leadership team and keeps them apprised of the status of any incident during the incident response. Our Board and the Audit Committee also receive prompt and timely information from the Senior Director of IT and executive leadership regarding any cybersecurity risks that meet certain reporting thresholds, as well as ongoing updates regarding any such risk. Finally, the Incident Response Manager briefs corporate leadership on lessons learned from the incident during or after the recovery phase.
The Senior Director of IT, in collaboration with a team of IT professionals, our legal counsel and Human Resources, are tasked with implementing a program designed to protect our information systems from cybersecurity threats and manage material risks. The Senior Director of IT has served in various roles in information technology and information security for over 20 years. The Senior Director of IT and senior management are informed about and monitor the prevention, detection, mitigation and remediation of cybersecurity threats and incidents in real time and report such threats and incidents to the Audit Committee when appropriate.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|The Senior Director of IT acts as the Incident Manager and meets regularly with our Incident Response Team, including members of Financial Risk Management, IT Security and Human Resources senior management to discuss the necessary measures to take prior to and during an incident. In the event of an incident, the Incident Manager meets regularly with the executive leadership team and keeps them apprised of the status of any incident during the incident response.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|The Senior Director of IT has served in various roles in information technology and information security for over 20 years.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|The Senior Director of IT and senior management are informed about and monitor the prevention, detection, mitigation and remediation of cybersecurity threats and incidents in real time and report such threats and incidents to the Audit Committee when appropriate.
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef