Cybersecurity Risk Management and Strategy Disclosure

12 Months Ended

Dec. 31, 2024

Cybersecurity Risk Management, Strategy, and Governance [Line Items]

Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Description of Processes for Assessing, Identifying and Managing Cybersecurity Risks

Vista’s system of internal controls includes consideration of cybersecurity risks. The Company uses technology and control procedures designed to mitigate cybersecurity risks, with our management team working to monitor, identify, assess, and respond to potential cybersecurity incidents that may threaten the Company. The system of controls also focuses on security awareness and training for employees and contractors with access to Company facilities or systems. Company management periodically reviews system and organization control reports (SOC 1, Type 2) for key outsourced information systems to ensure that third-party data processing is subject to appropriate controls and security measures. Cybersecurity risks for Vista include the potential for financial loss, loss of data, and business interruption. Vista maintains technology and non-technology-based system controls, a data backup program, and disaster recovery testing to mitigate these risks.

Our cybersecurity controls also follow defense in depth principles, which aim to implement various layered access control, detection, prevention, and response measures. We periodically engage with third parties to assess our vulnerabilities and help us mitigate cybersecurity-related risks.

Cybersecurity Risk Management Processes Integrated [Flag]

true

Cybersecurity Risk Management Processes Integrated [Text Block]

Vista’s system of internal controls includes consideration of cybersecurity risks. The Company uses technology and control procedures designed to mitigate cybersecurity risks, with our management team working to monitor, identify, assess, and respond to potential cybersecurity incidents that may threaten the Company. The system of controls also focuses on security awareness and training for employees and contractors with access to Company facilities or systems. Company management periodically reviews system and organization control reports (SOC 1, Type 2) for key outsourced information systems to ensure that third-party data processing is subject to appropriate controls and security measures.

Cybersecurity Risk Management Third Party Engaged [Flag]

true

Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]

true

Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]

false

Cybersecurity Risk Board of Directors Oversight [Text Block]

Board of Directors’ Oversight of Risks from Cybersecurity

Management, under supervision of the CEO and CFO, has developed a system of internal controls that identifies risks to the Company, designed controls intended to reduce risks to an appropriately low level, implemented control procedures, and subsequently tested such control procedures. Management presents an enterprise risk management assessment to the Audit Committee on a quarterly basis and provides the Audit Committee with frequent updates of specific financial statement risks. Risks associated with cybersecurity are included in these risk assessments, subjected to testing of key controls, and reflected in management’s reports to the Audit Committee. The Board of Directors receives periodic briefings on selected risk matters, and is invited to participate in each Audit Committee meeting and, as such, is provided with the same information presented to the Audit Committee.

Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]

Audit Committee

Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]

Management presents an enterprise risk management assessment to the Audit Committee on a quarterly basis and provides the Audit Committee with frequent updates of specific financial statement risks.

Cybersecurity Risk Role of Management [Text Block]

Management’s Role in Assessing and Managing Cybersecurity Risks

The Company’s chief executive officer (“CEO”) and chief financial officer (“CFO”) have primary responsibility for cybersecurity risk management and the implementation of processes for identifying, assessing, and managing material risks from cybersecurity threats. Officers of the Company and its Australian subsidiary review, at least quarterly, developments relevant to the Company’s cybersecurity control environment. This group of officers has experience managing public companies and overseeing internal controls associated with cybersecurity. Additional support for information technology (“IT”) general controls and specific cybersecurity matters is provided to the Company through third-party IT specialists. In accordance with the Company’s policies, including its Disclosure Policy and Code of Business Conduct and Ethics, cybersecurity incidents are to be immediately reported to the Vista management team for resolution. Information technology general controls, including controls to mitigate cybersecurity risks, are considered by management during their assessment of the Company’s design and effectiveness of internal controls over financial reporting. Findings from these control procedures are considered by management and, as deemed appropriate to reduce cybersecurity risks to an appropriately low level, are implemented. This may include modification of internal control procedures, adoption of technology solutions, and testing of specific elements of the system of controls.

Cybersecurity Risk Management Positions or Committees Responsible [Flag]

true

Cybersecurity Risk Management Positions or Committees Responsible [Text Block]

chief executive officer (“CEO”) and chief financial officer (“CFO”)

Cybersecurity Risk Management Expertise of Management Responsible [Text Block]

This group of officers has experience managing public companies and overseeing internal controls associated with cybersecurity.

Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]

Officers of the Company and its Australian subsidiary review, at least quarterly, developments relevant to the Company’s cybersecurity control environment. This group of officers has experience managing public companies and overseeing internal controls associated with cybersecurity. Additional support for information technology (“IT”) general controls and specific cybersecurity matters is provided to the Company through third-party IT specialists. In accordance with the Company’s policies, including its Disclosure Policy and Code of Business Conduct and Ethics, cybersecurity incidents are to be immediately reported to the Vista management team for resolution. Information technology general controls, including controls to mitigate cybersecurity risks, are considered by management during their assessment of the Company’s design and effectiveness of internal controls over financial reporting.

Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]

true