Cybersecurity Risk Management and Strategy Disclosure

12 Months Ended

Aug. 31, 2025

Cybersecurity Risk Management, Strategy, and Governance [Line Items]

Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Item 1C.          CYBERSECURITY

Background

Cybersecurity, data privacy, and data protection are critical to NTIC’s business. In the ordinary course of business, NTIC collects and stores certain confidential information, such as information about employees, contractors, vendors, customers, and suppliers. NTIC has processes in place for assessing, identifying, and managing material risks from cybersecurity threats, and NTIC regularly assesses its performance and identifies areas for improvement. NTIC also has implemented measures to safeguard its entire cyber network. Management continually re-assesses NTIC’s cybersecurity risk environment based on changing circumstances and new information identified by monitoring, scanning and testing its systems, as well as utilizing third party resources for testing.

Risk Management and Strategy

NTIC’s processes for assessing, identifying, and managing cybersecurity threats have been integrated into its overall risk management processes. The information provided by these processes facilitates management’s ongoing assessment of NTIC’s cybersecurity risk environment and provides current and accurate information regarding cybersecurity risks to management, the Audit Committee and Board of Directors to allow appropriate management of such risks through remediation or other risk mitigation activities.

NTIC maintains a cybersecurity program that is designed to identify, protect from, detect, respond to, and recover from cybersecurity threats and risks, and protect the confidentiality, integrity, and availability of its information systems, including the information residing on such systems. NTIC takes a risk-based approach to cybersecurity, which begins with the identification and evaluation of cybersecurity risks or threats that could affect its operations, finances, legal or regulatory compliance, or reputation. The scope of NTIC’s evaluation encompasses risks that may be associated with both its internally managed IT systems and key business functions and sensitive data operated or managed by third-party service providers. Once identified, cybersecurity risks and related mitigation efforts are prioritized based on their potential impact, likelihood, velocity, and vulnerability, considering both quantitative and qualitative factors. Risk mitigation strategies are developed and implemented based on the specific nature of each cybersecurity risk. These strategies include, among others, the application of cybersecurity policies and procedures, implementation of administrative, technical, and physical controls, and employee training, education, and awareness initiatives.

Cybersecurity Risk Management Processes Integrated [Flag]

true

Cybersecurity Risk Management Processes Integrated [Text Block]

NTIC’s processes for assessing, identifying, and managing cybersecurity threats have been integrated into its overall risk management processes. The information provided by these processes facilitates management’s ongoing assessment of NTIC’s cybersecurity risk environment and provides current and accurate information regarding cybersecurity risks to management, the Audit Committee and Board of Directors to allow appropriate management of such risks through remediation or other risk mitigation activities.

Cybersecurity Risk Management Third Party Engaged [Flag]

true

Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]

true

Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]

true

Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block]

As of the date of this filing, NTIC has not identified any cybersecurity threats that have materially affected or are reasonably anticipated to have a material effect on NTIC’s business strategy, results of operations or financial condition.

Cybersecurity Risk Board of Directors Oversight [Text Block]

Role of Management

Management has implemented risk management structures, policies, and procedures and is responsible for NTIC’s day-to-day cybersecurity risk management. NTIC’s Information Technology Director, who possesses a strong foundation in cybersecurity through prior managerial experience and specialized training, oversees the daily assessment and management of cybersecurity risks. NTIC employs best practices, including real-time monitoring, anti-virus protection, and ongoing patch management across all systems. System maintenance is performed in accordance with industry standards and aligned with recognized best practices. Because cybersecurity threats continue to evolve, NTIC’s implemented measures are designed to be flexible and adaptable to respond to changes in the security landscape. The following security measures give some insight as to what has been implemented:

● Multifactor authentication

● Phishing simulations

● User permissions auditing and tightening

● Proactive blocking of high-risk email

● Active monitoring of user sign-in

● On-premises endpoint reduction

● Endpoint detection and response

● Licensing, network, and hardware compliance management

Use of Consultants and Advisors

NTIC engages various third-party cybersecurity service providers to assess and enhance its cybersecurity practices and assist with protection and monitoring of its systems and information, including with respect to protection of its e-mail, system access, network monitoring, endpoint protection, vulnerability assessments, and penetration testing. NTIC engages cybersecurity consultants, auditors, and other third parties to assess and enhance its cybersecurity practices, such as a third party consulting firm to perform tabletop exercises and evaluate NTIC’s cyber processes, including an assessment of its incident response procedures.

Board Oversight

The Board of Directors, both directly and through the delegation of responsibilities to the Audit Committee, oversees the proper functioning of NTIC’s cybersecurity risk management program. In particular, the Audit Committee, which is comprised entirely of independent directors, is responsible for reviewing and discussing guidelines and policies governing the process by which senior management of NTIC assesses and manages NTIC’s exposure to risk and reviewing and discussing NTIC’s major financial risk exposures, including cybersecurity risk, and the steps management has taken to monitor and control such exposures; it being understood that it is the job of management to assess and management NTIC’s exposure to risk and that the Audit Committee’s responsibility is to discuss guidelines and policies by which risk assessment and management are undertaken. The Audit Committee additionally receives periodic updates from senior management on NTIC’s policies, processes, procedures and any significant developments related to the identification, mitigation and remediation of cybersecurity risks and is responsible for reviewing the cybersecurity disclosures required to be included in NTIC’s SEC filings.

Although none of the members of the Audit Committee has any work experience, degree, or certifications related to information security or cybersecurity, the Audit Committee works closely with members of management and NTIC has engaged third-party service providers to further enhance its cybersecurity efforts and the oversight thereof by the Audit Committee.

Risks from Material Cybersecurity Threats

Although NTIC has taken steps to prevent and mitigate data security threats, there can be no assurance that its protective measures and those of its third party service providers will prevent or detect security breaches that could have a significant impact on NTIC’s business, reputation, operating results and financial condition. NTIC maintains cyber liability insurance; however, this insurance may not be sufficient to cover the financial, legal, business or reputational losses that may result from an interruption or breach of NTIC’s systems.As of the date of this filing, NTIC has not identified any cybersecurity threats that have materially affected or are reasonably anticipated to have a material effect on NTIC’s business strategy, results of operations or financial condition. Although NTIC has not experienced cybersecurity incidents that are individually, or in the aggregate, material, NTIC has experienced cyberattacks in the past, which NTIC believes have thus far been mitigated by preventative, detective, and responsive measures it has put in place. See the factors described in the “Part I. Item 1.A. Risk Factors” section of this Form 10-K for further detail about the cybersecurity risks NTIC faces. Maintaining a robust information security system is an ongoing priority for NTIC, and NTIC plans to continue to identify and evaluate new, emerging risks to data protection and cybersecurity both within NTIC and through its engagement of third-party service providers.

Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]

The Board of Directors, both directly and through the delegation of responsibilities to the Audit Committee, oversees the proper functioning of NTIC’s cybersecurity risk management program. In particular, the Audit Committee, which is comprised entirely of independent directors, is responsible for reviewing and discussing guidelines and policies governing the process by which senior management of NTIC assesses and manages NTIC’s exposure to risk and reviewing and discussing NTIC’s major financial risk exposures, including cybersecurity risk, and the steps management has taken to monitor and control such exposures; it being understood that it is the job of management to assess and management NTIC’s exposure to risk and that the Audit Committee’s responsibility is to discuss guidelines and policies by which risk assessment and management are undertaken. The Audit Committee additionally receives periodic updates from senior management on NTIC’s policies, processes, procedures and any significant developments related to the identification, mitigation and remediation of cybersecurity risks and is responsible for reviewing the cybersecurity disclosures required to be included in NTIC’s SEC filings.

Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]

The Board of Directors, both directly and through the delegation of responsibilities to the Audit Committee, oversees the proper functioning of NTIC’s cybersecurity risk management program. In particular, the Audit Committee, which is comprised entirely of independent directors, is responsible for reviewing and discussing guidelines and policies governing the process by which senior management of NTIC assesses and manages NTIC’s exposure to risk and reviewing and discussing NTIC’s major financial risk exposures, including cybersecurity risk, and the steps management has taken to monitor and control such exposures; it being understood that it is the job of management to assess and management NTIC’s exposure to risk and that the Audit Committee’s responsibility is to discuss guidelines and policies by which risk assessment and management are undertaken. The Audit Committee additionally receives periodic updates from senior management on NTIC’s policies, processes, procedures and any significant developments related to the identification, mitigation and remediation of cybersecurity risks and is responsible for reviewing the cybersecurity disclosures required to be included in NTIC’s SEC filings.

Cybersecurity Risk Role of Management [Text Block]

Management has implemented risk management structures, policies, and procedures and is responsible for NTIC’s day-to-day cybersecurity risk management. NTIC’s Information Technology Director, who possesses a strong foundation in cybersecurity through prior managerial experience and specialized training, oversees the daily assessment and management of cybersecurity risks. NTIC employs best practices, including real-time monitoring, anti-virus protection, and ongoing patch management across all systems. System maintenance is performed in accordance with industry standards and aligned with recognized best practices. Because cybersecurity threats continue to evolve, NTIC’s implemented measures are designed to be flexible and adaptable to respond to changes in the security landscape. The following security measures give some insight as to what has been implemented:

Cybersecurity Risk Management Positions or Committees Responsible [Flag]

true

Cybersecurity Risk Management Positions or Committees Responsible [Text Block]

Management has implemented risk management structures, policies, and procedures and is responsible for NTIC’s day-to-day cybersecurity risk management. NTIC’s Information Technology Director, who possesses a strong foundation in cybersecurity through prior managerial experience and specialized training, oversees the daily assessment and management of cybersecurity risks. NTIC employs best practices, including real-time monitoring, anti-virus protection, and ongoing patch management across all systems. System maintenance is performed in accordance with industry standards and aligned with recognized best practices. Because cybersecurity threats continue to evolve, NTIC’s implemented measures are designed to be flexible and adaptable to respond to changes in the security landscape. The following security measures give some insight as to what has been implemented:

Cybersecurity Risk Management Expertise of Management Responsible [Text Block]

Although none of the members of the Audit Committee has any work experience, degree, or certifications related to information security or cybersecurity, the Audit Committee works closely with members of management and NTIC has engaged third-party service providers to further enhance its cybersecurity efforts and the oversight thereof by the Audit Committee.

Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]

The Board of Directors, both directly and through the delegation of responsibilities to the Audit Committee, oversees the proper functioning of NTIC’s cybersecurity risk management program. In particular, the Audit Committee, which is comprised entirely of independent directors, is responsible for reviewing and discussing guidelines and policies governing the process by which senior management of NTIC assesses and manages NTIC’s exposure to risk and reviewing and discussing NTIC’s major financial risk exposures, including cybersecurity risk, and the steps management has taken to monitor and control such exposures; it being understood that it is the job of management to assess and management NTIC’s exposure to risk and that the Audit Committee’s responsibility is to discuss guidelines and policies by which risk assessment and management are undertaken. The Audit Committee additionally receives periodic updates from senior management on NTIC’s policies, processes, procedures and any significant developments related to the identification, mitigation and remediation of cybersecurity risks and is responsible for reviewing the cybersecurity disclosures required to be included in NTIC’s SEC filings.

Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]

true