Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

The Company has developed and implemented a cybersecurity risk management program intended to protect the confidentiality, integrity, and availability of its critical systems and information.

The Company assesses its program based on guidance from the National Institute of Standards and Technology (“NIST”). This does not imply that the Company meets any particular technical standards, specifications, or requirements, only that the Company uses the NIST as a guide to help it identify, assess, and manage cybersecurity risks relevant to its business.

The Company’s cybersecurity risk management program is integrated into its overall enterprise risk management program and shares common methodologies, reporting channels and governance processes that apply across the enterprise risk management program to other legal, compliance, strategic, operational, and financial risk areas.

The Company’s cybersecurity risk management program includes the following, among other things:

●

risk assessments designed to help identify material cybersecurity risks to the Company’s critical systems and information;

●

cross-functional teams responsible for managing the Company's (1) cybersecurity risk assessment processes, (2) security controls, and (3) response to cybersecurity incidents;

●

the use of external service providers, where appropriate, to assess, test or otherwise assist with aspects of the Company’s security processes and controls;

●

cybersecurity awareness training of the Company’s employees, incident response personnel, and senior management;

●

a cybersecurity incident response plan that includes procedures for responding to cybersecurity incidents; and

●

a third-party risk management process for certain service providers based on the Company’s assessment of the providers’ criticality to its business and the providers’ cybersecurity risk profile.

The Company has not identified risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents, that have materially affected the Company, including its operations, business strategy, results of operations, or financial condition. The Company faces certain ongoing risks from cybersecurity threats that, if realized, are reasonably likely to materially affect the Company, including its operations, business strategy, results of operations, or financial condition. See “Risk Factors – Risks Related to Information Technology, Cybersecurity and Data Privacy.”

Cybersecurity Risk Management Processes Integrated [Text Block]

The Company has developed and implemented a cybersecurity risk management program intended to protect the confidentiality, integrity, and availability of its critical systems and information.

The Company assesses its program based on guidance from the National Institute of Standards and Technology (“NIST”). This does not imply that the Company meets any particular technical standards, specifications, or requirements, only that the Company uses the NIST as a guide to help it identify, assess, and manage cybersecurity risks relevant to its business.

The Company’s cybersecurity risk management program is integrated into its overall enterprise risk management program and shares common methodologies, reporting channels and governance processes that apply across the enterprise risk management program to other legal, compliance, strategic, operational, and financial risk areas.

The Company’s cybersecurity risk management program includes the following, among other things:

●

risk assessments designed to help identify material cybersecurity risks to the Company’s critical systems and information;

●

cross-functional teams responsible for managing the Company's (1) cybersecurity risk assessment processes, (2) security controls, and (3) response to cybersecurity incidents;

●

the use of external service providers, where appropriate, to assess, test or otherwise assist with aspects of the Company’s security processes and controls;

●

cybersecurity awareness training of the Company’s employees, incident response personnel, and senior management;

●

a cybersecurity incident response plan that includes procedures for responding to cybersecurity incidents; and

●

a third-party risk management process for certain service providers based on the Company’s assessment of the providers’ criticality to its business and the providers’ cybersecurity risk profile.

Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]

true

Cybersecurity Risk Board of Directors Oversight [Text Block]

The Company’s Board of Directors considers cybersecurity risk as part of its risk oversight function and has delegated to its Audit Committee (the “Committee”) oversight of cybersecurity and other information technology risks. The Committee oversees management’s implementation of the Company’s cybersecurity risk management program.

The Committee receives quarterly reports from management on the Company’s cybersecurity risks. In addition, management updates the Committee, as necessary, regarding cybersecurity incidents as determined by its Chief Human Resources and Technology Officer (the “CHRTO”).

The Committee reports to the full Board of Directors regarding its activities, including those related to cybersecurity. The full Board of Directors also receives briefings from management on the Company’s cybersecurity risk management program. Members of the Board of Directors receive presentations on cybersecurity topics from the CHRTO or external experts as part of the Board’s continuing education on topics that impact public companies.

Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]

The Committee reports to the full Board of Directors regarding its activities, including those related to cybersecurity. The full Board of Directors also receives briefings from management on the Company’s cybersecurity risk management program. Members of the Board of Directors receive presentations on cybersecurity topics from the CHRTO or external experts as part of the Board’s continuing education on topics that impact public companies.

Cybersecurity Risk Management Positions or Committees Responsible [Flag]

true

Cybersecurity Risk Management Expertise of Management Responsible [Text Block]

The experience of the members of the Cybersecurity Steering Committee includes the Company’s CHRTO, who has more than 20 years of experience across various industries, and the Company’s Director of Cybersecurity, who has 29 years of IT experience, including eight years leading the Company’s Cybersecurity Team of IT security professionals, and who is a member of the Information Systems Audit and Control Association and the International Information System Security Certification Consortium.

Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]

true