|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Risk Management and Strategy
We employ risk management, mitigation and prevention strategies based on frameworks provided by the National Institute of Standards and Technology (“NIST”) regulation standards, third party cyber service providers, and common industry practices. These frameworks are applied across all network, hardware, software and communication platforms whether the platform is self-hosted or provided as a service. We leverage a Risk Assessment Score (“RAS”) based on these standards against any internal networks, platforms, technologies or initiatives as well as any perimeter or connected partner, vendor or third-party service.
Our cyber posture, policies and in-production procedures are designed and developed to manage and minimize risk, threat, or loss to business processing, business objectives and business assets as well as protecting the integrity, confidentiality and personal identifying information (“PII”) of our employees and partners.
Our security team is intentionally comprised of internal personnel with a range of technical, legal and management disciplines as well as external, third-party cyber service providers, auditors and technical consultants. This allows for broader monitoring, objective reporting, controlled policy, decreased recovery time objectives and quicker incident response.
We maintain cybersecurity risk insurance, conduct threat scenario exercises, provide end user cyber awareness and security training, perform regular vulnerability audits and formally report the relevant results, statuses or assessments to our senior management team or other identified key stakeholders.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
We employ risk management, mitigation and prevention strategies based on frameworks provided by the National Institute of Standards and Technology (“NIST”) regulation standards, third party cyber service providers, and common industry practices. These frameworks are applied across all network, hardware, software and communication platforms whether the platform is self-hosted or provided as a service. We leverage a Risk Assessment Score (“RAS”) based on these standards against any internal networks, platforms, technologies or initiatives as well as any perimeter or connected partner, vendor or third-party service.
Our cyber posture, policies and in-production procedures are designed and developed to manage and minimize risk, threat, or loss to business processing, business objectives and business assets as well as protecting the integrity, confidentiality and personal identifying information (“PII”) of our employees and partners.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Governance
Cybersecurity operations generally fall under the discretion of the IT Director, who has 20 years of experience and is a Certified Secure Infrastructure Specialist (CSIS - Comptia) and IT Operations Specialist (CIOS - Comptia). Our IT Director regularly communicates with and provides relevant cyber reporting, analysis, statistics and statuses to the Chief Financial Officer, who also has a background in IT and is a Certified Information Systems Auditor.
Our Cyber Incident Response Plan employs an operational incident-handling capability that includes preparation, detection, analysis, containment, eradication, recovery, and communication procedures.
Our cyber policies are based on the National Institute of Standards and Technology 800-171 and CMMC Level 2 framework, requiring formal written policies, procedures, plans of action, general security plans and regular audits. In addition, Southland carries Privacy, Security and Technology Insurance covering incidents and responses related to business interruption, data recovery, data breach, extortion and ransomware, and crisis management.
The Company’s cybersecurity program, identified events, current and future strategies are presented to the Audit Committee for periodic review. The Audit Committee may choose to present relevant information to our board of directors (the “Board”) as deemed necessary.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Audit Committee
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
The Company’s cybersecurity program, identified events, current and future strategies are presented to the Audit Committee for periodic review. The Audit Committee may choose to present relevant information to our board of directors (the “Board”) as deemed necessary.
|Cybersecurity Risk Role of Management [Text Block]
|Our IT Director regularly communicates with and provides relevant cyber reporting, analysis, statistics and statuses to the Chief Financial Officer, who also has a background in IT and is a Certified Information Systems Auditor.Our Cyber Incident Response Plan employs an operational incident-handling capability that includes preparation, detection, analysis, containment, eradication, recovery, and communication procedures.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|Cybersecurity operations generally fall under the discretion of the IT Director
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Cybersecurity operations generally fall under the discretion of the IT Director, who has 20 years of experience and is a Certified Secure Infrastructure Specialist (CSIS - Comptia) and IT Operations Specialist (CIOS - Comptia).
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|Our IT Director regularly communicates with and provides relevant cyber reporting, analysis, statistics and statuses to the Chief Financial Officer, who also has a background in IT and is a Certified Information Systems Auditor.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef