|
Cybersecurity Risk Management, Strategy and Governance
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
ITEM 1C. CYBERSECURITY.
We have processes in place for identifying, assessing and managing material risks associated with cybersecurity threats. For a discussion of how risks from cybersecurity threats affect our business, please see our Risk Factors discussion under the heading, “Cybersecurity and Information Technology Risks” in this Form 10-K.
Risk Management and Strategy
Enterprise risk management is the responsibility of our executive management team consisting of our chief executive officer, chief financial officer, chief legal officer and our vice presidents of operations, business development and environmental, health and safety. Our executive management team meets on a weekly basis and discusses cybersecurity on an ad hoc basis when it is relevant. Our director of Information Technology, who reports directly to our chief executive officer, and our director of Internal Audit are primarily responsible for management of cybersecurity risk. Our director of Information Technology is an active ISC2 accredited member with 15 years of information technology experience, namely in developing solutions focused on private and hybrid cloud computing systems for small scale organizations. In accordance with our overall enterprise risk management process, our executive management team supervises our director of Information Technology to assess, identify, report and manage material risks from cybersecurity threats and relies on our director of Internal Audit to assess, identify and report those risks. As part of this process, we rely significantly on third-party providers to assist us with our cybersecurity risk management and strategy. These providers supply ongoing services including consulting services, access to a virtual CISO, threat monitoring and detection, threat response and mitigation strategies, updates on emerging trends and developments with policy and procedure guidance. Other service providers offer targeted assistance such as security and forensic expertise on an as needed basis. We also maintain cybersecurity insurance.
With respect to our employees, we run a multi-faceted security awareness program that includes regular, mandatory trainings for our personnel on data protection and malware detection, policy and process awareness, periodic phishing simulations and other kinds of preparedness testing.
As part of our Sarbanes-Oxley controls, our Internal Audit department tests our IT policies including those pertaining to passwords, backup and recovery, user access, change control and hardware and software maintenance. These audits assess key information security and cybersecurity risks in the environment that may affect the confidentiality, integrity and availability of financial reporting systems and data. Additionally, key employees complete a survey containing questions about cybersecurity in connection with the quarterly Sarbanes-Oxley certification process. If any control deficiencies that represent material cybersecurity risks are identified in connection with these audits, those would be reported to the Audit Committee and Board of Directors. We also obtain SOC 2 certifications from certain of our third-party service providers.
As of the date of this Annual Report on Form 10-K, we have not implemented formal processes to oversee and identify risks from cybersecurity threats associated with our use of third parties. We are working toward the implementation of a third-party risk management program. We believe that this program will better enable us to identify and manage material risks from cybersecurity threats related to our third-party service providers.
As of December 31, 2024, we have not identified any risks from cybersecurity threats (including any previous cybersecurity incidents) that have materially affected us, our business strategy, our results of operations or our financial condition. For a discussion of risks from cybersecurity threats that could be reasonably likely to materially affect us, please see our Risk Factors discussion under the heading, “Cybersecurity and Information Technology Risks” in this Form 10-K.
Governance
The Audit Committee is tasked with overseeing our risks related to cybersecurity, including reviewing the state of our cybersecurity, emerging cybersecurity developments and threats, and our strategy to mitigate cybersecurity risks. From time to time,
members of our executive management team and our directors of Information Technology and Internal Audit provide updates to the Audit Committee and the Board of Directors regarding cybersecurity incidents and cybersecurity planning.
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block]
|
As of December 31, 2024, we have not identified any risks from cybersecurity threats (including any previous cybersecurity incidents) that have materially affected us, our business strategy, our results of operations or our financial condition. For a discussion of risks from cybersecurity threats that could be reasonably likely to materially affect us, please see our Risk Factors discussion under the heading, “Cybersecurity and Information Technology Risks” in this Form 10-K.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|If any control deficiencies that represent material cybersecurity risks are identified in connection with these audits, those would be reported to the Audit Committee and Board of Directors. We also obtain SOC 2 certifications from certain of our third-party service providers.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
The Audit Committee is tasked with overseeing our risks related to cybersecurity, including reviewing the state of our cybersecurity, emerging cybersecurity developments and threats, and our strategy to mitigate cybersecurity risks. From time to time,members of our executive management team and our directors of Information Technology and Internal Audit provide updates to the Audit Committee and the Board of Directors regarding cybersecurity incidents and cybersecurity planning
|Cybersecurity Risk Role of Management [Text Block]
|Our executive management team meets on a weekly basis and discusses cybersecurity on an ad hoc basis when it is relevant. Our director of Information Technology, who reports directly to our chief executive officer, and our director of Internal Audit are primarily responsible for management of cybersecurity risk. Our director of Information Technology is an active ISC2 accredited member with 15 years of information technology experience, namely in developing solutions focused on private and hybrid cloud computing systems for small scale organizations. In accordance with our overall enterprise risk management process, our executive management team supervises our director of Information Technology to assess, identify, report and manage material risks from cybersecurity threats and relies on our director of Internal Audit to assess, identify and report those risks.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|The Audit Committee is tasked with overseeing our risks related to cybersecurity, including reviewing the state of our cybersecurity, emerging cybersecurity developments and threats, and our strategy to mitigate cybersecurity risks.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Our director of Information Technology is an active ISC2 accredited member with 15 years of information technology experience,
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef