|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Abstract]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|Risk
Management and Strategy
We utilize a Cloud-only architecture which enables us to reduce risk by leveraging the scalability, high availability, and advanced security features of cloud platforms, thereby minimizing the potential for system downtime and data breaches while ensuring seamless disaster recovery options.
All 3rd party vendors’ security policies are reviewed and updated as part of our annual Security Risk Assessment. Access to sensitive data is strictly regulated and provided on a need to know basis. Access is granted for the express purpose of assisting our customers with technical and training issues related to the use of our SaaS products; or for the purpose of research, design and development of product related features and bugfixes.
Risk management in software development involves identifying, assessing, and mitigating risks that could impact the project’s success. This strategy begins with a thorough risk identification process, where potential issues such as technical challenges, project scope changes, and resource constraints are recognized early. Each risk is then assessed for its probability of occurrence and potential impact on the project. Based on this assessment, risk mitigation strategies are developed and implemented. These strategies might include adopting flexible project management methodologies like Agile, investing in training for team members, implementing robust testing and quality assurance processes, and maintaining open communication channels with all stakeholders. Additionally, regular risk reviews are conducted throughout the project lifecycle to ensure that new risks are identified and managed promptly.
The Company’s’ Cybersecurity Policies are updated annually and reviewed by Independent 3rd Party Vendors to certify compliance. The Company requires Cybersecurity Awareness training for all new hires and a minimum of an annual review of such policies for all employees. The Company created and deployed an extensive Learning Management System that tracks employee adherence to Cyber Security Awareness, HIPAA and other related content. The Company’s’ Cybersecurity Incident Response Policy provides specific steps for any employee that detects an attack to take to help stop the propagation of the threat and report the incident to their Superiors, the IT Team and the Security Manager.
While there are significant threats of all types in the modern connected world, studies show that phishing attacks and social engineering through email and other electronic means are of high concern. With the vast majority (some say as high as 95%) of such attacks originating via email, employee education on how to identify and handle suspicious email and other forms of communication is critical in protecting the data and infrastructure.
To date, we have not experienced any cybersecurity incidents that have materially affected our business strategy, results of operations or financial condition.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block]
|To date, we have not experienced any cybersecurity incidents that have materially affected our business strategy, results of operations or financial condition.
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|Governance
The Board is responsible for general risk oversight. The Board reviews and evaluates management’s evaluation and mitigation of cyber risks as part of its oversight of the Company’s Risk Management program. Management periodically reviews cyber risks, incidents, and risk mitigation plans and activities with the Board.
We engaged an outside consulting firm to conduct a review of our information systems environment and make recommendations to improve security where appropriate. Management shared the report’s findings with the Board and periodically updates the Board regarding our progress on implementing the report’s recommendations.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Board is responsible for general risk oversight. The Board reviews and evaluates management’s evaluation and mitigation of cyber risks as part of its oversight of the Company’s Risk Management program.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|Management shared
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef