XML 44 R26.htm IDEA: XBRL DOCUMENT v3.25.1
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

We recognize the importance of safeguarding our business operations, sensitive data, and intellectual property from cyber threats and other technological risks. Our operations involve the use of various information technology systems, including those for production management, customer order management, and financial reporting. As such, we are exposed to a range of cyber risks, including but not limited to data breaches, ransomware attacks, unauthorized access to proprietary data, and disruptions to our operations due to system failures. We are committed to maintaining an appropriate level of cybersecurity to mitigate these risks. Lendway’s cyber environment at December 31, 2024 consisted primarily of outsourced information technology (“IT”) operations. The outsourced providers have a cybersecurity framework which includes multiple products implemented to ensure the security of Lendway’s and Bloomia’s environments. Our third-party service providers alert management, specifically the CFO and CEO of Bloomia, to incidents or other concerns. Management reports significant incidents or concerns to the Audit Committee.

Annual internal and external vulnerability scans are completed to ensure we mitigate any risks proactively. The Company’s internal operations are PC based and the PCs have up to date security software. Regular phishing exercises are conducted, and employee awareness training is conducted annually by our outsourced provider.

The Company relies on third-party service providers for services such as IT management and payroll. These third-parties are also vulnerable to cybersecurity threats. Management actively assesses its third-parties policies related to cyber risks, including obtaining System and Organization Controls (SOC) reports, when available.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block] Annual internal and external vulnerability scans are completed to ensure we mitigate any risks proactively. The Company’s internal operations are PC based and the PCs have up to date security software. Regular phishing exercises are conducted, and employee awareness training is conducted annually by our outsourced provider
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block]

Our full Board of Directors and our Audit Committee provide oversight of our risk management program, which includes cybersecurity and monitoring the performance of our third-party IT providers. The Audit Committee, as part of its charter to review the Company’s practices with respect to risk assessment and risk management, receives updates on internal control, including those relating to IT general controls and cybersecurity.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] Audit Committee
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]

Our full Board of Directors and our Audit Committee provide oversight of our risk management program, which includes cybersecurity and monitoring the performance of our third-party IT providers. The Audit Committee, as part of its charter to review the Company’s practices with respect to risk assessment and risk management, receives updates on internal control, including those relating to IT general controls and cybersecurity.
Cybersecurity Risk Role of Management [Text Block] The outsourced providers have a cybersecurity framework which includes multiple products implemented to ensure the security of Lendway’s and Bloomia’s environments. Our third-party service providers alert management, specifically the CFO and CEO of Bloomia, to incidents or other concerns. Management reports significant incidents or concerns to the Audit Committee.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] CFO and CEO of Bloomia
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] Management reports significant incidents or concerns to the Audit Committee.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true