XML 64 R44.htm IDEA: XBRL DOCUMENT v3.25.0.1
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Abstract]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
Risk Management and Strategy
 
We have developed and implemented a cybersecurity risk management program intended to protect the confidentiality, integrity, and availability of our critical systems, information, and data. Our cybersecurity policies, standards, processes, and practices are part of our information security management system, or ISMS, program, which is aligned to ISO 27001:2022, an international standard for information security management.
 
Our ISMS program is led by our Chief Information Officer and Cyber Security Manager. Our policy is that information in all forms must be protected from accidental or intentional unauthorized modification, destruction or disclosure throughout its lifecycle. This protection includes an appropriate level of security over the equipment, processes and software used to process, store and transmit information. We have established and seek to continuously improve effective information security governance. We apply a risk-based approach in line with our general risk management framework to address potential gaps in security controls. All employees and contractors undertake regular information security training.
 
Key elements of our cybersecurity risk management program include, but are not limited to the following:
 
a cybersecurity threat defense system that addresses both internal and external threats;

a cybersecurity incident response plan that includes procedures for responding to cybersecurity incidents and risk assessments designed to help identify material cybersecurity risks to our critical systems, information, products, services, and our broader enterprise IT environment;

a security team principally responsible for managing (1) our cybersecurity risk assessment processes, (2) our security controls, and (3) our response to cybersecurity incidents;


the use of external service providers, where appropriate, to assess, test or otherwise assist with aspects of our security processes;


a third-party risk management process for key service providers based on our assessment of their criticality to our operations and respective risk profile;

network, host and application security; and

sensitive information protection methods, including:

technical safeguards;

procedural requirements;

monitoring program on our corporate network;

continuous testing of our security posture both internally and with outside vendors;

security system effectiveness reviews with reference to applicable security standards; and

regular cybersecurity awareness training for employees.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block]
We have developed and implemented a cybersecurity risk management program intended to protect the confidentiality, integrity, and availability of our critical systems, information, and data. Our cybersecurity policies, standards, processes, and practices are part of our information security management system, or ISMS, program, which is aligned to ISO 27001:2022, an international standard for information security management.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block] Our board of directors is responsible for overseeing cybersecurity risk as part of its risk oversight function and has delegated to the Audit and Risk Committee oversight of cybersecurity and other information technology risks.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] The Audit and Risk Committee oversees management’s implementation of our cybersecurity risk management program.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
Our board of directors is responsible for overseeing cybersecurity risk as part of its risk oversight function and has delegated to the Audit and Risk Committee oversight of cybersecurity and other information technology risks. The Audit and Risk Committee oversees management’s implementation of our cybersecurity risk management program.
Cybersecurity Risk Role of Management [Text Block] The Audit and Risk Committee oversees management’s implementation of our cybersecurity risk management program.

Additionally, our risk monitoring systems are regularly audited by our internal auditors as well as cyber security audit companies. We consider the results of external and internal audits of our risk detection and monitoring systems and implement modifications as necessary.
 
Our cybersecurity management team, led by our Chief Information Officer and Cyber Security Manager, are responsible for assessing and managing our material risks from cybersecurity threats. The team is primarily responsible for our overall cybersecurity risk management program and supervises both our internal cybersecurity personnel and our retained external cybersecurity consultants. Our cybersecurity management team has relevant academic backgrounds and possesses extensive knowledge in cybersecurity risk management.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] Our cybersecurity management team, led by our Chief Information Officer and Cyber Security Manager, are responsible for assessing and managing our material risks from cybersecurity threats. The team is primarily responsible for our overall cybersecurity risk management program and supervises both our internal cybersecurity personnel and our retained external cybersecurity consultants.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] Our cybersecurity management team has relevant academic backgrounds and possesses extensive knowledge in cybersecurity risk management.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
Our cybersecurity management team is informed about and monitors the prevention, detection, mitigation, and remediation of cybersecurity risks and incidents through various means, which may include briefings from internal security personnel, threat intelligence and other information obtained from governmental, public or private sources, including external consultants engaged by us, and alerts and reports produced by security tools deployed in the IT environment.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true