|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Sep. 30, 2025
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Cybersecurity Risk Management and Strategy
Cybersecurity represents an important component of our overall approach to enterprise risk management. Our cybersecurity policies and processes are fully integrated into our Enterprise Risk Management program and are based on the National Institute of Standards and Technology Framework for Improving Critical Infrastructure Cybersecurity (the NIST Cybersecurity Framework), a toolkit for organizations to manage cybersecurity risk in its assessment of cybersecurity capabilities and in developing cybersecurity priorities. In addition to internal assessments, our cybersecurity strategy and capabilities are evaluated and audited against the NIST Cybersecurity Framework and industry best practices by independent, third-party, leading specialists in cybersecurity. We strive to create a culture of cybersecurity resilience and awareness. This tone is set from the top and continuously reinforced with our employees through education and regular testing. We continue to improve our programs and invest in the security of our systems, operations, people, infrastructure, and cloud environments. Our cybersecurity strategy seeks to follow industry best practices designed to ensure compliance with applicable global privacy and regulatory requirements. To protect our customers, we administer physical, technological and administrative controls on data privacy and security. We regularly validate our security controls by performing penetration testing, compliance audits, as well as proactive security testing to ensure our systems and controls are secure. The Board of Directors is briefed on our strategy and roadmap in alignment with the NIST Cybersecurity Framework. The Board receives annual updates on program maturity, cybersecurity risks, threat landscape and overall program progress.
Our cybersecurity risk management program is focused on the following key areas:
Education and Awareness
We provide required security awareness education and training to our employees and contractors with system access that focuses on various aspects of the cybersecurity world. Users of Powell’s internal systems are required to complete an annual cybersecurity awareness training and are tested for awareness on a regular basis. We also provide tailored training courses to functional technology employees and employees who process personal or sensitive information.
Threat Management, Incident Response, and Recovery Planning
We have established and maintain a comprehensive incident response and recovery plan designed to identify, contain and eradicate cybersecurity threats, with recovery from an incident as rapidly as possible. Our information security team utilizes threat technologies and vendors to monitor and respond to security threats via a 24/7/365 Security Operations Center. In the event of a security incident, a defined procedure outlines containment, response and immediate recovery actions. The incident response plan is tested, evaluated and updated no less than on an annual basis.
Data and Consumer Privacy
Our data and consumer privacy program monitors, adapts to and works diligently to comply with changes in global privacy legislation. We have implemented technical, procedural and organizational measures designed to comply with applicable data protection and consumer privacy laws. We conduct external benchmarking, as well as privacy compliance audits, to stay abreast of developing privacy laws and understand developing risks, best practices and industry trends.
Third-Party Risk Management
We recognize the risks associated with the use of vendors, service providers, and other third parties that provide information system services to us, process information on our behalf, or have access to our information systems. The Company has processes in place to oversee and manage these risks. We have an information risk management program that includes a vendor risk assessment process, whereby we systematically oversee and identify risks from cybersecurity threats related to our use of key third-party service providers.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|Our cybersecurity policies and processes are fully integrated into our Enterprise Risk Management program and are based on the National Institute of Standards and Technology Framework for Improving Critical Infrastructure Cybersecurity (the NIST Cybersecurity Framework), a toolkit for organizations to manage cybersecurity risk in its assessment of cybersecurity capabilities and in developing cybersecurity priorities.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Our executive management team and Board of Directors oversee our policies with respect to risk assessment and the management of those risks that may be material to us, including cybersecurity risks. Our Board of Directors has delegated responsibility to the Audit Committee for the oversight of cybersecurity risks. While cybersecurity resilience is the responsibility of every employee and contractor, the cybersecurity program is led by the Chief Information Security Officer who reports to the Chief Financial Officer. Our Chief Information Security Officer has extensive experience in network engineering and cybersecurity operations from both a practical and management standpoint. He leads global teams in cybersecurity and infrastructure operations and regularly attends training in cybersecurity and risk mitigation. The Information Technology (IT) Cybersecurity Risk Management Committee, comprising senior IT leaders, meets quarterly and reviews trending risks and remediation efforts, and reports to the Audit Committee. When necessary, we assign resources to mitigate and evaluate risks to the enterprise level as part of our Enterprise Risk Management program.The Audit Committee receives a comprehensive annual report of cybersecurity risks, threat landscape, and overall program status. On an annual basis, the Chief Information Security Officer reports to the Audit Committee on various metrics on threat management, incident response and recovery planning, along with industry benchmarks. The Audit Committee reports on these matters to our Board of Directors as needed. In addition, the Chief Information Security Officer periodically presents directly to our Board of Directors on our cybersecurity program.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Our Board of Directors has delegated responsibility to the Audit Committee for the oversight of cybersecurity risks.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Audit Committee receives a comprehensive annual report of cybersecurity risks, threat landscape, and overall program status. On an annual basis, the Chief Information Security Officer reports to the Audit Committee on various metrics on threat management, incident response and recovery planning, along with industry benchmarks. The Audit Committee reports on these matters to our Board of Directors as needed. In addition, the Chief Information Security Officer periodically presents directly to our Board of Directors on our cybersecurity program.
|Cybersecurity Risk Role of Management [Text Block]
|
Our executive management team and Board of Directors oversee our policies with respect to risk assessment and the management of those risks that may be material to us, including cybersecurity risks. Our Board of Directors has delegated responsibility to the Audit Committee for the oversight of cybersecurity risks. While cybersecurity resilience is the responsibility of every employee and contractor, the cybersecurity program is led by the Chief Information Security Officer who reports to the Chief Financial Officer. Our Chief Information Security Officer has extensive experience in network engineering and cybersecurity operations from both a practical and management standpoint. He leads global teams in cybersecurity and infrastructure operations and regularly attends training in cybersecurity and risk mitigation. The Information Technology (IT) Cybersecurity Risk Management Committee, comprising senior IT leaders, meets quarterly and reviews trending risks and remediation efforts, and reports to the Audit Committee. When necessary, we assign resources to mitigate and evaluate risks to the enterprise level as part of our Enterprise Risk Management program.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|While cybersecurity resilience is the responsibility of every employee and contractor, the cybersecurity program is led by the Chief Information Security Officer who reports to the Chief Financial Officer. Our Chief Information Security Officer has extensive experience in network engineering and cybersecurity operations from both a practical and management standpoint.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Our Chief Information Security Officer has extensive experience in network engineering and cybersecurity operations from both a practical and management standpoint.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|The Information Technology (IT) Cybersecurity Risk Management Committee, comprising senior IT leaders, meets quarterly and reviews trending risks and remediation efforts, and reports to the Audit Committee. When necessary, we assign resources to mitigate and evaluate risks to the enterprise level as part of our Enterprise Risk Management program.The Audit Committee receives a comprehensive annual report of cybersecurity risks, threat landscape, and overall program status. On an annual basis, the Chief Information Security Officer reports to the Audit Committee on various metrics on threat management, incident response and recovery planning, along with industry benchmarks.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef