XML 29 R11.htm IDEA: XBRL DOCUMENT v3.25.1
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Abstract]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] We have implemented a risk-based approach to identify and assess the cybersecurity threats that could affect our business and information systems. We use recognized commercially reasonable measures, tools, and methodologies to manage cybersecurity risk, which are tested regularly. We also monitor and evaluate our cybersecurity posture on an ongoing basis through regular malware scans, penetration tests, and third-party reviews. Specific controls that are used to some extent include endpoint threat detection, identity and access management (IAM), privileged access management (PAM), logging and monitoring, multi-factor authentication (MFA), firewalls and intrusion detection and prevention, and vulnerability and patch management. 

To manage our material risks from cybersecurity threats and to protect against, detect, and prepare to respond to cybersecurity incidents, we undertake the below listed activities:

 

  Monitor emerging data protection laws and implement changes to our compliance processes;
  Conduct periodic cybersecurity assessments for employees who use our system to evaluate training needs;
  Conduct onboarding and cyber security training for all employees on an ongoing basis;
  Conduct regular phishing email simulations for all employees; and
  Carry cybersecurity risk insurance that protects against the potential losses from a cybersecurity incident.

 

Our incident response plan coordinates the activities that we and our third-party cybersecurity provider take to prepare to respond to and recover from cybersecurity incidents. These include processes to triage, assess severity, investigate, escalate, contain, and remediate an incident, as well as to comply with potentially applicable legal obligations and mitigate brand and reputational damage. We have an IT continuity plan that we continuously review and update in line with our evolving applications architecture.

 
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block] We have implemented a risk-based approach to identify and assess the cybersecurity threats that could affect our business and information systems. We use recognized commercially reasonable measures, tools, and methodologies to manage cybersecurity risk, which are tested regularly. We also monitor and evaluate our cybersecurity posture on an ongoing basis through regular malware scans, penetration tests, and third-party reviews.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Board of Directors Oversight [Text Block] Our Board of Directors and Audit Committee oversee our cybersecurity efforts to ensure effective governance in managing risks associated with cybersecurity threats. Our Director of Information Technology provides periodic updates to the Board of Directors and Audit Committee regarding our cybersecurity program, including status updates on various projects to enhance our overall cybersecurity posture.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] Our Board of Directors and Audit Committee oversee our cybersecurity efforts to ensure effective governance in managing risks associated with cybersecurity threats.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] Our Director of Information Technology provides periodic updates to the Board of Directors and Audit Committee regarding our cybersecurity program, including status updates on various projects to enhance our overall cybersecurity posture.