|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Risk management and strategy
All decisions are to be made by CIO, after consulting CEO, CFO and COO. Any formal communications to go through the Company’s formal PR process. The IT team in South Africa and Zimbabwe have the authority to make emergency decisions should the CIO not be reachable after consulting either the CEO, CFO or COO with regards to the matter. If a Cybersecurity Incident takes place, the Company’s Incident Response Plan (as defined below) will be implemented.
Cybersecurity controls and procedures are formally documented using guidance from the National Institute of Standards and Technology Cybersecurity Framework and are assessed byparties, external audits and internal audits on a regular basis. Examples of the Company’s cybersecurity controls and procedures include the following:
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|The Company has an integrated cybersecurity risk management program for assessing, identifying, and managing risk from cybersecurity threats. Reporting on progress and performance of the cybersecurity risk management program is done regularly to the IT Steering Committee (comprised of senior management) and quarterly to the Board of Directors. The Chief Information Officer (“CIO”) is responsible for maintaining this program along with a skilled team of IT professionals. The Company’s policies and procedures related to the cybersecurity risk management program include the following:
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block]
|While Caledonia has not, as of the date of this Annual Report, experienced a “cybersecurity threat” (as defined in Item 106(a) of Regulation S-K) or “cybersecurity incident” (as defined in Item 106(a) of Regulation S-K) that has materially affected or was reasonably likely to materially affect the Company, including our business strategy, results of operations, or financial condition, there can be no guarantee that we will not experience such a cybersecurity threat or cybersecurity incident in the future.
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Governance
Board Oversight
Management’s Role
Engaging the Board on a cybersecurity incident:
The Board of Directors is notified once a cybersecurity incident is deemed material by the.
Communication of cybersecurity performance to stakeholders:
Only material cybersecurity incidents are communicated to stakeholders in accordance with applicable rules (including SEC rules) and requirements. Any potentially material cybersecurity incidents are reported to the IT Steering Committee as required.
Quantification of our cybersecurity risk in financial terms is performed so that we can make informed decisions about risk mitigation and risk transfer as follows: cybersecurity quantification is performed as part of the Incident Response Plan – respond phase (qualitative and quantitative factors are taken into consideration bearing in mind, in particular, information that a reasonable investor would consider important in making an investment decision, and information that would alter the total mix of information made available).
As part of the quantification of our Cybersecurity risk, and in addition to financial impact, the Company evaluates the extent of potential damage in the event of a Cybersecurity incident and the risk to systems and privileged accounts in particular. The Company audits which privileged accounts are being used, whether any passwords have been changed, and what applications are being used. Any risks identified are assessed for materiality, including the consideration of qualitative factors, such as effects on reputation, customer relationships, vendor relationships and regulatory compliance. A third party assurance provider will be used to assist Caledonia with the quantification should this be deemed necessary by the IT Steering Committee.
Measurements to determine whether our investments in cybersecurity are reducing our risk in a cost-effective manner include: bi-annual cybersecurity risk assessments and penetration tests are performed by third party assurance providers.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Cybersecurity is a focus risk area for the Company, and the Board of Directors provides oversight on risks from cybersecurity threats. Key cybersecurity matters are discussed at a weekly senior management meeting and in regular IT Steering Committee meetings attended by the CEO, COO, CFO and CIO.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Cybersecurity is a focus risk area for the Company, and the Board of Directors provides oversight on risks from cybersecurity threats. Key cybersecurity matters are discussed at a weekly senior management meeting and in regular IT Steering Committee meetings attended by the CEO, COO, CFO and CIO.
|Cybersecurity Risk Role of Management [Text Block]
|Cybersecurity, as part of the general IT ecosystem, is also reported quarterly to the Board of Directors, and, should a cybersecurity incident occur, the reporting of such cybersecurity incident will be in line with the Company’s Incident Response Plan.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|The CEO, CFO, CIO and COO, as part of the IT Steering Committee, and the General Counsel, as Head of Risk, are responsible for assessing and managing the Company’s cybersecurity risk, along with external advisors if necessary, and reporting to the Board of Directors.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|The IT Steering Committee members have sufficient expertise (Finance, IT and Operational) to assess the risk related to a cybersecurity matter, along with experts in the IT team that will provide analysis on any security matters.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|The CIO and her team are responsible for updating the Isometrix system which is used to record all cybersecurity incidents. Quarterly updates on cybersecurity are provided to the Board of Directors.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef