|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Cybersecurity Program
The Company’s cybersecurity program is an integral element of the Company's overarching strategic plan and risk management system. The robustness of the cybersecurity initiatives directly impact the realization of the Company's mission, vision, and goals. Aligned with the National Institute of Standards and Technology Cyber Security Framework, the Company employs a comprehensive "defense-in-depth" strategy, deploying multiple security measures to safeguard its operational environment and data integrity systems.
The Company continually evaluates and refines its cybersecurity program in response to key factors such as evolving threat landscapes, program maturation, gap analysis, and guidance from external security consultants. The Company’s cybersecurity program relies on three key pillars: People, Process and Technology (PPT) to deliver a robust cybersecurity program. The cybersecurity program includes various aspects of PPT, including, but not limited to:
Our Chief Technology Officer (CTO), with over 25 years of experience in various disciplines of information technology, oversees the cybersecurity program. Reporting to the Chief Executive Officer, the CTO provides regular briefs to the Board of Directors (the Board) and executive management, informing them about prevention, detection, mitigation, and remediation of cybersecurity incidents, as well as ongoing risks and threats.
In our industry, the continuous functioning of information systems is of the utmost importance. Leveraging information technology systems, we collect, process and safeguard sensitive data and utilize automated tools to operate our plants.
Cybersecurity threats encompass potential hazards such as malicious code, employee misconduct, advanced persistent threats, fraud, and phishing attacks. These risks have the potential to lead to information technology system failures, threat to water supply, or compromise of sensitive information.
Our cybersecurity program aims to protect the uninterrupted availability of critical information technology resources. Regular assessments, conducted both internally and by third parties, evaluate our program against industry standards, including the National Institute of Standards and Technology Cybersecurity Standard and the Risk Management Framework.
Although we have not experienced cybersecurity breaches or incidents that have significantly impacted our financial condition, results of operations, or business strategy, the effectiveness of our measures to prevent, detect, mitigate, or recover is based on currently known threats and recovery methods. There is no guarantee that cybersecurity breaches or incidents will not impact our business operations, strategy, financial condition, or operations.
The ever-evolving landscape of cybersecurity threats introduces ongoing challenges. The Company recognizes the increasing frequency and sophistication of these threats. Despite implementing measures to secure operational and technology systems and fostering a culture of continuous improvement, the dynamic nature of cyber-attacks and vulnerabilities implies that these defenses may not be foolproof.
Cybersecurity Risk Management Program and Strategy
Cybersecurity risk management strategy is an integral component of our operations and our overall risk management process. Recognizing the dynamic nature of cybersecurity threats, we have implemented a comprehensive risk management program that aims to identify, assess, and mitigate potential risks. Our strategy involves a proactive approach, incorporating preventative measures, continuous monitoring, and adaptive response mechanisms. We prioritize the safeguarding of our operational network environment, sensitive data, including confidential business information and personal details of our customers and employees. Regular assessments conducted both internally and by third parties ensure our cybersecurity program aligns with industry standards. In addition to a dedicated cybersecurity team, we employ a defense-in-depth strategy, utilizing multiple security measures to protect our information technology system. Collaboration with third-party experts, industry peers and ongoing training initiatives ensures our cybersecurity strategy remains robust and responsive to evolving threats. We understand the importance of maintaining a vigilant and adaptive stance in the ever-evolving landscape of cybersecurity to safeguard our business operations, financial stability, and as a direct result, our overall success.
Key elements of our cybersecurity risk mitigation approach are comprised of:
Third-Party Relationships
The Company utilizes partners and third-party service providers to help deliver safe and reliable water and wastewater services across its regulated operations. In connection with these relationships, we perform due diligence, cyber risk scoring, cybersecurity related contractual obligations, and periodic reviews of third-party control environments to ensure alignment with the Company's risk exposure, business requirements, and risk tolerances.
We extend our cybersecurity focus to third-party service providers by evaluating and monitoring their cybersecurity risks. High-risk vendors undergo continuous monitoring, and we maintain contractual agreements that mandate our third-party providers’ commitment to managing cybersecurity risks, providing incident notifications, and being subject to cybersecurity audits.
|Cybersecurity Risk Role of Management [Text Block]
|
The Company’s cybersecurity program is an integral element of the Company's overarching strategic plan and risk management system. The robustness of the cybersecurity initiatives directly impact the realization of the Company's mission, vision, and goals. Aligned with the National Institute of Standards and Technology Cyber Security Framework, the Company employs a comprehensive "defense-in-depth" strategy, deploying multiple security measures to safeguard its operational environment and data integrity systems.
The Company continually evaluates and refines its cybersecurity program in response to key factors such as evolving threat landscapes, program maturation, gap analysis, and guidance from external security consultants. The Company’s cybersecurity program relies on three key pillars: People, Process and Technology (PPT) to deliver a robust cybersecurity program. The cybersecurity program includes various aspects of PPT, including, but not limited to:
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Our Chief Technology Officer (CTO), with over 25 years of experience in various disciplines of information technology, oversees the cybersecurity program.
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|Reporting to the Chief Executive Officer, the CTO provides regular briefs to the Board of Directors (the Board) and executive management, informing them about prevention, detection, mitigation, and remediation of cybersecurity incidents, as well as ongoing risks and threats.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block]
|
Although we have not experienced cybersecurity breaches or incidents that have significantly impacted our financial condition, results of operations, or business strategy, the effectiveness of our measures to prevent, detect, mitigate, or recover is based on currently known threats and recovery methods. There is no guarantee that cybersecurity breaches or incidents will not impact our business operations, strategy, financial condition, or operations.
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Cybersecurity Governance
The Corporate Governance and Nominating Committee of the Board is tasked with serving as the Board of Director’s primary body to oversee management’s risk identification, management and mitigation strategies related to, among other risks, information technology, cybersecurity and data security risks. Management, including the CTO, provides regular reports to the Board covering aspects such as risks, threats, the evolving threat landscape, enhancements to the cybersecurity program, and the preparedness of internal responses.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Management, including the CTO, provides regular reports to the Board covering aspects such as risks, threats, the evolving threat landscape, enhancements to the cybersecurity program, and the preparedness of internal responses.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
The Company utilizes partners and third-party service providers to help deliver safe and reliable water and wastewater services across its regulated operations. In connection with these relationships, we perform due diligence, cyber risk scoring, cybersecurity related contractual obligations, and periodic reviews of third-party control environments to ensure alignment with the Company's risk exposure, business requirements, and risk tolerances.
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef