|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Sep. 30, 2025
|Cybersecurity Risk Management, Strategy, and Governance [Abstract]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Item 1C. Cybersecurity
Cyber criminals are becoming more sophisticated and effective every day, and they are increasingly targeting companies similar to ours operating in the technology, software and identification space. All companies utilizing technology are subject to threats of breaches of their cybersecurity programs. To mitigate the threat to our business, we take a comprehensive approach to cybersecurity risk management and make securing the data customers and other stakeholders entrust to us a top priority. Our Board of directors and our management are actively involved in the oversight of our risk management program, of which cybersecurity represents an important component. As described in more detail below, we have established policies, standards, processes and practices for assessing, identifying, and managing material risks from cybersecurity threats. We have devoted significant financial and personnel resources to implement and maintain security measures to meet regulatory requirements and customer expectations, and we intend to continue to make significant investments to maintain the security of our data and cybersecurity infrastructure. There can be no guarantee that our policies and procedures will be properly followed in every instance or that those policies and procedures will be effective to prevent cyberattack incidents. Such incidents, whether or not successful, could result in our incurring significant costs related to, for example, rebuilding our internal systems, implementing additional threat protection measures, providing modifications or replacements to our products and services, defending against litigation, responding to regulatory inquiries or actions, paying damages, providing customers with incentives to maintain a business relationship with us, or taking other remedial steps with respect to third parties, as well as incurring significant reputational harm. In addition, these threats are constantly evolving, thereby increasing the difficulty of successfully defending against them or implementing adequate preventative measures. We have seen an increase in cyberattack volume, frequency, and sophistication. Although our Risk Factors include further detail about the material cybersecurity risks we face, we believe that as of the date of this Annual Report on Form 10-K, risks from prior cybersecurity threats, have not materially affected our business to date. We can provide no assurance that there will not be incidents in the future or that they will not materially affect us, including our business strategy, results of operations, or financial condition.
Risk Management and Strategy
Our policies, standards, processes and practices for assessing, identifying, and managing material risks from cybersecurity threats are based on frameworks established by the International Organization for Standardization, specifically ISO/IEC 27001:2013 and other applicable industry standards. We have established comprehensive Information Security Management Systems (“ISMS”) policies, which are independently reviewed and audited annually for conformity and effectiveness under ISO/IEC 27001. Our cybersecurity program in particular focuses on the following key areas:
Collaboration
Our cybersecurity risks are identified and addressed through a comprehensive, cross-functional approach. Key security, risk, and compliance stakeholders, including a member of the Board meet at least monthly to develop strategies for preserving the confidentiality, integrity and availability of our company and customer information, identifying, preventing and mitigating cybersecurity threats, and effectively responding to cybersecurity incidents. We maintain controls and procedures that are designed to ensure prompt escalation of certain cybersecurity incidents so that decisions regarding public disclosure and reporting of such incidents can be made by management and the Board in a timely manner.
Risk Assessment
At least annually, we conduct a cybersecurity risk assessment that takes into account information from internal stakeholders, known information security vulnerabilities, and information from external sources (e.g., reported security incidents that have impacted other companies, industry trends, and evaluations by third parties and consultants). The results of the assessment are used to drive alignment on, and prioritization of, initiatives to enhance our security controls, make recommendations to improve processes, and inform a broader enterprise-level risk assessment that is presented to our Board and members of management. Risk assessment is integral to all engineering, business and operational decisions and in addition to the annual reviews, is an ongoing effort, as circumstances and facts arise.
Self Audit
At least annually we conduct a self-audit of our information security management systems (“ISMS”), in order to identify if there is any non-conformance with our ISMS policies and procedures. The results of the self-audit are reported to our Steering Committee and our external auditor for ISO/IEC 27001 compliance.
Technical Safeguards
We regularly assess and deploy technical safeguards designed to protect our information systems from cybersecurity threats. Such safeguards are regularly evaluated and improved based on vulnerability assessments, cybersecurity threat intelligence and incident response experience.
Incident Response and Recovery Planning
We have established comprehensive incident response and recovery plans and continue to regularly test and evaluate the effectiveness of those plans. Our incident response and recovery plans address — and guide our employees, management and the Board on — our response to a cybersecurity incident.
Third-Party Risk Management
We have implemented controls designed to identify and mitigate cybersecurity threats associated with our use of third-party service providers. Such providers are subject to security risk assessments at the time of onboarding and contract renewal. We use a variety of inputs in such risk assessments, including information supplied by providers and third parties. In addition, we require our providers to meet appropriate security requirements, controls and responsibilities.
Education and Awareness
Our policies require each of our employees to contribute to our data security efforts. We regularly remind employees of the importance of handling and protecting customer and employee data, including through regular privacy and security training and testing to enhance employee awareness of how to detect and respond to cybersecurity threats.
External Assessments
Our cybersecurity policies, standards, processes and practices are regularly assessed by consultants and external independent auditors. These assessments include a variety of activities including information security assessments, audits and independent reviews of our ISMS, control environment and operating effectiveness. For example, in 2023 and 2024, we conducted independent audits to assess our ISMS against the ISO/IEC 27001:2013 standard and received certification of compliance with the standard. We also undertake regular penetration testing of our systems. The results of significant assessments are reported to management and the Board. Cybersecurity processes are adjusted based on the information provided from these assessments. We have also obtained industry certifications and attestations that demonstrate our dedication to protecting the data our customers entrust to us.
Governance
Board Oversight
Our Board oversees our management of cybersecurity risk. They receive regular reports from management about the prevention, detection, mitigation, and remediation of cybersecurity incidents, including material security risks and information security vulnerabilities. Our Security Committee directly oversees our cybersecurity program. The Board receives periodic updates from management on cybersecurity risk resulting from risk assessments, progress of risk reduction initiatives, external auditor feedback, control maturity assessments, and relevant internal and industry cybersecurity incidents.
Management’s Role
Our Chief Technology Officer (“CTO”) and Chief Operating Officer (“COO”) have primary responsibility for assessing and managing material cybersecurity risks.
Our CTO and COO are both seasoned computer scientists and technology entrepreneurs with over 25 years of experience.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block]
|Our cybersecurity risks are identified and addressed through a comprehensive, cross-functional approach. Key security, risk, and compliance stakeholders, including a member of the Board meet at least monthly to develop strategies for preserving the confidentiality, integrity and availability of our company and customer information, identifying, preventing and mitigating cybersecurity threats, and effectively responding to cybersecurity incidents. We maintain controls and procedures that are designed to ensure prompt escalation of certain cybersecurity incidents so that decisions regarding public disclosure and reporting of such incidents can be made by management and the Board in a timely manner.
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Governance
Board Oversight
Our Board oversees our management of cybersecurity risk. They receive regular reports from management about the prevention, detection, mitigation, and remediation of cybersecurity incidents, including material security risks and information security vulnerabilities. Our Security Committee directly oversees our cybersecurity program. The Board receives periodic updates from management on cybersecurity risk resulting from risk assessments, progress of risk reduction initiatives, external auditor feedback, control maturity assessments, and relevant internal and industry cybersecurity incidents.
Management’s Role
Our Chief Technology Officer (“CTO”) and Chief Operating Officer (“COO”) have primary responsibility for assessing and managing material cybersecurity risks.
Our CTO and COO are both seasoned computer scientists and technology entrepreneurs with over 25 years of experience.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Our Board oversees our management of cybersecurity risk. They receive regular reports from management about the prevention, detection, mitigation, and remediation of cybersecurity incidents, including material security risks and information security vulnerabilities. Our Security Committee directly oversees our cybersecurity program.
|Cybersecurity Risk Role of Management [Text Block]
|
Our Chief Technology Officer (“CTO”) and Chief Operating Officer (“COO”) have primary responsibility for assessing and managing material cybersecurity risks.
Our CTO and COO are both seasoned computer scientists and technology entrepreneurs with over 25 years of experience.
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|Our Chief Technology Officer (“CTO”) and Chief Operating Officer (“COO”) have primary responsibility for assessing and managing material cybersecurity risks.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|Our CTO and COO are both seasoned computer scientists and technology entrepreneurs with over 25 years of experience.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|Insider Trading Policies and Procedures Adopted [Flag]
|false
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef