|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Sep. 30, 2025
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
We have implemented a comprehensive cybersecurity risk management strategy to evaluate, detect, and mitigate significant risks posed by cybersecurity threats. The Information Security Risk component of our overall Risk Management Policy outlines our approach to manage processes, people and technology to address and meet the ever-changing challenges in the global IT security landscape. Our program aims to safeguard our systems, data, and operations against cyber threats, maintain business continuity, ensure compliance with relevant privacy and other regulations, and fulfill our commitments to members, customers, suppliers, employees, and other stakeholders.
Our cybersecurity program is designed to align with and meet the rigorous standards set by industry frameworks such as NIST, SOC 2 Type 2, and other relevant guidelines. By adhering to these frameworks, we ensure that our security measures are robust, comprehensive, and effective in protecting our systems, data, and operations. This commitment not only helps us maintain compliance with regulatory requirements but also demonstrates our dedication to providing a secure environment for our members, customers, suppliers, employees, and other stakeholders.
Risk Assessment; Third Party Assessments and Audits
An information security Risk Assessment (RA) is conducted annually or following any significant changes to the operating or sensitive data environments to identify vulnerabilities and implement appropriate controls and risk mitigation strategies. These assessments can be conducted on any entity within CSPi or any external entity that has signed a Third-Party Agreement with CSPi, covering information systems, applications, servers, networks, and related processes. The IT Manager, along with the responsible department, oversees the execution, development, and implementation of remediation programs. The RA process involves assembling a team, defining the scope, identifying business and IT owners, conducting interviews, reviewing controls and incidents, developing a threat/risk matrix, and preparing an executive summary with recommendations. The executive team reviews and approves the recommendations, and a project is initiated to implement the necessary controls and procedures, which are tested quarterly.
Incident Response Planning
Our incident response policies and procedures are aligned with applicable laws and state policies. They encompass the identification of roles and responsibilities, investigation, containment and escalation procedures, documentation and preservation of evidence, communication protocols, and lessons learned.
We have established robust incident reporting policies and procedures. These include training employees and contractors to recognize and report incidents promptly upon discovery, as well as preparing and submitting follow-up written reports.
To date, no cybersecurity incident has resulted in any material impact on our business, operations or financial results or our ability to service our customers or run our business.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
We have implemented a comprehensive cybersecurity risk management strategy to evaluate, detect, and mitigate significant risks posed by cybersecurity threats. The Information Security Risk component of our overall Risk Management Policy outlines our approach to manage processes, people and technology to address and meet the ever-changing challenges in the global IT security landscape. Our program aims to safeguard our systems, data, and operations against cyber threats, maintain business continuity, ensure compliance with relevant privacy and other regulations, and fulfill our commitments to members, customers, suppliers, employees, and other stakeholders.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|A formal process exists through our enterprise risk management matrix developed by the management team of the Company that tracks the Company’s material risks, associated mitigation and remediation strategies and direct accountability which is submitted quarterly to the Audit Committee of the Board of Directors for review and oversight.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Audit Committee
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
A formal process exists through our enterprise risk management matrix developed by the management team of the Company that tracks the Company’s material risks, associated mitigation and remediation strategies and direct accountability which is submitted quarterly to the Audit Committee of the Board of Directors for review and oversight.
|Cybersecurity Risk Role of Management [Text Block]
|
The management team includes our Vice President and General Manager of the HPP segment, who has developed cybersecurity software at the Company. In addition, he has been the Chief Technical Officer and served in various roles at several cybersecurity companies over his 40 year career. He holds a Bachelor of Science in Business and Engineering as well as a Masters of Science in Finance. Also on the team is the Vice President of Managed Services at the TS segment, who has over twenty years of technology experience including the monitoring and management of other organization’s security systems.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|Vice President and General Manager of the HPP segment
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|In addition, he has been the Chief Technical Officer and served in various roles at several cybersecurity companies over his 40 year career. He holds a Bachelor of Science in Business and Engineering as well as a Masters of Science in Finance. Also on the team is the Vice President of Managed Services at the TS segment, who has over twenty years of technology experience including the monitoring and management of other organization’s security systems.
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef