XML 23 R6.htm IDEA: XBRL DOCUMENT v3.25.1
Cybersecurity Risk Management, Strategy, and Governance
 12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

ITEM 16K. Cybersecurity.

We maintain programs and technologies to ensure that our information systems are effective and prepared for data privacy and cybersecurity risks, including regular oversight of our security programs for monitoring internal and external threats to ensure the confidentiality and privacy of our data. As the volume and complexity of cyber-attacks continue to evolve, we continue to enhance our security capabilities by continued

investment in cyber technologies, further developing our internal cybersecurity personnel and educating our workforce regarding cyber-security and leveraging emerging technologies.

Risk Management and Strategies

Our board of directors have adopted a Cybersecurity Policy to serve as a standard for setting, reviewing and implementing our cybersecurity goals, objectives and targets. Our Cybersecurity Policy serves as a framework within which risks to the confidentiality, integrity or availability of our assets within our information technology network and infrastructure ("Cyberspace") are managed, and applies to all of our directors, officers, employees, consultants and contractors. We regularly perform evaluations of our security program and continue to implement controls aligned with industry guidelines to identify threats, detect attacks and protect data. Our risk management strategy is focused on three areas: (i) technology, being our hardware and software systems; (ii) processes, being our cybersecurity reporting, testing and other processes; and (iii) people, which refers to our internal cybersecurity personnel, external service providers and individual training and human interaction within our information technology and cybersecurity processes.

When reviewing third-party information technology service providers, our engagement process customarily includes, among other things, a review of such providers' cybersecurity measures.

We periodically undertake cybersecurity audits, the results of which are reported to our Audit Committee. We have also implemented security monitoring programs designed to alert us of any suspicious activity and have developed an incident response program in the event of a security breach.

We implement various training programs periodically to ensure that our employees and other personnel comply with internal processes and to enhance their cybersecurity awareness. Member of our board of directors and management overseeing our information security risk management approach are provided with opportunities for continuing education in cybersecurity and evolving cybersecurity risks in order to better understand and evaluate our preparedness.

Additionally, we have engaged third-party providers to supplement our response capabilities for both informational and operational technology incidents, as needed.

See also "Item 3. Key Information – D. Risk Factors – Risks Related to our Business – A significant disruption to our information technology systems or those of our third-party service providers could adversely affect our business and operating results".

Governance

Our board of directors oversees our Cybersecurity Policy primarily through the Audit Committee. The Audit Committee is responsible for the implementation of our oversight, programs, procedures and policies related to cybersecurity, cybersecurity risks, information security and data privacy, including reviewing our cybersecurity-related disclosures in our annual securities filings, monitoring (on an ongoing basis) the implementation and effectiveness of our Cybersecurity Policy and assessing potential risks to our Cyberspace and our risk exposure, resiliency of our processes, industry trends and best practices and any relevant cybersecurity and digital technology metrics. The Audit Committee reports regularly to our board of directors concerning the matters covered under the policy and advises our board of directors of any developments that it believes should have our board of directors' consideration.

Our chief executive officer and chief financial officer oversee the details of our information security risk management approach and may appoint team leads from various departments from time to time to assist with certain aspects of our cybersecurity risk mitigation strategy.

Management is required to report to the Audit Committee on our strategy, risks, metrics and operations relating to cybersecurity and information security matters. Management is responsible for ensuring that personnel are provided with adequate resources and trainings to fully understand the guidelines and expectations for cybersecurity. Members of our management team may be asked by our chief financial officer to assist with IT security investigations in the event of a breach of our Cybersecurity Policy. Upon becoming aware of a potential violation of our policy or a breach of cybersecurity, the member of management must immediately document the violation and request the individual surrender possession of any devices that may have suffered a security breach. Any member of management who is unaware of the best course of action in dealing with an IT-related matter is required to contact our third-party IT representative.

All of our employees, consultants and contractors are encouraged to exercise professional judgement in using computing devices and network resources connected to the Cyberspace, and are strictly prohibited from certain acts enumerated in our Cybersecurity Policy including, among other things, access for non-business purposes, disabling our security features and requirements, exporting information or technologies without consent and password sharing.

Violations or breaches of our Cybersecurity Policy or the associated schedules, standards or guidelines may result in suspension and/or discipline up to and including termination, in addition to administrative sanctions or legal actions.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Board of Directors Oversight [Text Block] Member of our board of directors and management overseeing our information security risk management approach are provided with opportunities for continuing education in cybersecurity and evolving cybersecurity risks in order to better understand and evaluate our preparedness.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]

We periodically undertake cybersecurity audits, the results of which are reported to our Audit Committee. We have also implemented security monitoring programs designed to alert us of any suspicious activity and have developed an incident response program in the event of a security breach.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]

We implement various training programs periodically to ensure that our employees and other personnel comply with internal processes and to enhance their cybersecurity awareness. Member of our board of directors and management overseeing our information security risk management approach are provided with opportunities for continuing education in cybersecurity and evolving cybersecurity risks in order to better understand and evaluate our preparedness.
Cybersecurity Risk Role of Management [Text Block]

Governance

Our board of directors oversees our Cybersecurity Policy primarily through the Audit Committee. The Audit Committee is responsible for the implementation of our oversight, programs, procedures and policies related to cybersecurity, cybersecurity risks, information security and data privacy, including reviewing our cybersecurity-related disclosures in our annual securities filings, monitoring (on an ongoing basis) the implementation and effectiveness of our Cybersecurity Policy and assessing potential risks to our Cyberspace and our risk exposure, resiliency of our processes, industry trends and best practices and any relevant cybersecurity and digital technology metrics. The Audit Committee reports regularly to our board of directors concerning the matters covered under the policy and advises our board of directors of any developments that it believes should have our board of directors' consideration.

Our chief executive officer and chief financial officer oversee the details of our information security risk management approach and may appoint team leads from various departments from time to time to assist with certain aspects of our cybersecurity risk mitigation strategy.

Management is required to report to the Audit Committee on our strategy, risks, metrics and operations relating to cybersecurity and information security matters. Management is responsible for ensuring that personnel are provided with adequate resources and trainings to fully understand the guidelines and expectations for cybersecurity. Members of our management team may be asked by our chief financial officer to assist with IT security investigations in the event of a breach of our Cybersecurity Policy. Upon becoming aware of a potential violation of our policy or a breach of cybersecurity, the member of management must immediately document the violation and request the individual surrender possession of any devices that may have suffered a security breach. Any member of management who is unaware of the best course of action in dealing with an IT-related matter is required to contact our third-party IT representative.

All of our employees, consultants and contractors are encouraged to exercise professional judgement in using computing devices and network resources connected to the Cyberspace, and are strictly prohibited from certain acts enumerated in our Cybersecurity Policy including, among other things, access for non-business purposes, disabling our security features and requirements, exporting information or technologies without consent and password sharing.

Violations or breaches of our Cybersecurity Policy or the associated schedules, standards or guidelines may result in suspension and/or discipline up to and including termination, in addition to administrative sanctions or legal actions.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] The Audit Committee is responsible for the implementation of our oversight, programs, procedures and policies related to cybersecurity, cybersecurity risks, information security and data privacy, including reviewing our cybersecurity-related disclosures in our annual securities filings, monitoring (on an ongoing basis) the implementation and effectiveness of our Cybersecurity Policy and assessing potential risks to our Cyberspace and our risk exposure, resiliency of our processes, industry trends and best practices and any relevant cybersecurity and digital technology metrics.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] Management is required to report to the Audit Committee on our strategy, risks, metrics and operations relating to cybersecurity and information security matters. Management is responsible for ensuring that personnel are provided with adequate resources and trainings to fully understand the guidelines and expectations for cybersecurity.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true