|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Cybersecurity Risk Management and Strategy
We recognize the importance of developing, implementing and maintaining a firm cybersecurity posture to safeguard our information systems, protect the confidentiality, integrity and availability of our data and mitigate risks associated with cyber threats and attacks.
We are ISO/IEC 27001:2022 certified and the ISO Information Security Risk Management Standard is used as a reference guide for our risk management approach. We have a designated Chief Information Security Officer (CISO) who has primary responsibility for managing our cybersecurity risks. Our CISO has more than 28 years of experience in Information Security and holds a master’s degree in Information Technology. His in-depth knowledge and experience are instrumental in developing and executing our cybersecurity strategies. Our CISO is assisted by a team of Information Security Officers (ISOs) and a third-party consultant who has expertise in cybersecurity, information security risk management, and information systems audit and holds various certifications including, CISA, CISM, HITRUST Certified Common Security Framework Practitioner, QSA, and CSP.
Recognizing the inherent cybersecurity risks common to any organization, encompassing concerns such as unauthorized access to sensitive data, potential disruptions to business operations from cyber incidents, and the associated financial and reputational impacts arising from a cybersecurity breach, we have implemented comprehensive policies covering various aspects of cybersecurity and information management, including, without limitation, cyber risk management, information security practices, roles and responsibilities, access controls, cryptography, information classification, asset disposal, and vendor management. We periodically review and modify these policies to align with industry practice, trends and evolving threat landscapes. Compliance with these policies is expected from all employees and contractors.
We perform periodic assessments for identifying threats and vulnerabilities, covering relevant operational facets, and focusing on identifying, analyzing, evaluating, and treating cyber risks across business functions. Our risk assessment guidelines define risk measurement and prioritization, and consider factors such as likelihood, impact, and potential harm. Mitigation strategies are planned, covering technical and procedural measures, including incident response plans.
Incident Response
We maintain a comprehensive incident response plan. Key components include regular updates to ensure effectiveness, employee training programs, and establishing communication channels and relevant systems for proper incident reporting and logging procedures. Communication and notification protocols are defined for notifying third parties such as regulatory bodies, customers, and partners. Recovery strategies are developed for restoring normal operations, and post-incident analysis is conducted to identify lessons learned and improvements for future incident response efforts. The incident response plan also outlines procedures for prompt detection, response, and remediation efforts to minimize the impact of incidents.
Incident materiality is assessed through a collaborative process involving key personnel within our organization. Responsibility for conducting a materiality assessment lies with our management team, in consultation with advice from our third-party cybersecurity consultant, as appropriate. The materiality assessment considers various factors, including financial impact, reputational risk, regulatory implications, and potential harm to third parties. Upon completion of the materiality assessment, the disclosure of incidents, including those related to contractual, regulatory, or technology/security aspects, is handled by designated members of our senior management team. We consult with outside counsel or experts as appropriate, including on materiality analysis and disclosure matters.
As of the fiscal year ending December 31, 2024, there have been no identified cybersecurity incidents that have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations or financial condition.
Engagement of Third Parties
Recognizing the complexity and evolving nature of cybersecurity threats, we have engaged a third-party consultant to assist with evaluating and testing our risk management approach. This enables us to leverage specialized knowledge and insights in connection with our cybersecurity strategies and processes.
Strategy
To enhance our current cybersecurity posture, we continue to invest in advanced threat detection technologies, provide cybersecurity training based on the latest trends and guidance to the employees, collaborate with industry partners and regulatory bodies to stay informed about emerging threats, reinforce our cybersecurity incident response plan to align with industry-specific regulations and legal obligations, integrate threat intelligence feeds for automatic detection of any misconfigurations, security threats, and foster a collaborative, cross-functional, and accelerated approach to incident response.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
The governance framework is closely integrated via a structured compliance reporting framework operating across various governance levels. This framework also operates across geographic locations, with location specific compliance meetings conducted at a local management level and led by the CISO with assistance from the ISO team. This structured compliance reporting is intended to ensure that the highest levels of management are kept abreast of potential cybersecurity risks facing the Company, with the escalation of significant cybersecurity matters to the Audit Committee and ultimately to the Board of Directors, as appropriate.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Our Board of Directors is aware of the critical nature of managing the risks associated with cybersecurity threats. The Board of Directors has established oversight mechanisms to ensure effective governance in managing these risks.
Board of Director Oversight
Our Audit Committee has primary responsibility for overseeing risk management, including with respect to cybersecurity. The Audit Committee monitors management’s compliance, and reports to the Board of Directors. The CISO, who is responsible for developing our cybersecurity strategy and managing our cybersecurity risks, reports directly to the Audit Committee on these matters.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Audit Committee
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Our Audit Committee has primary responsibility for overseeing risk management, including with respect to cybersecurity. The Audit Committee monitors management’s compliance, and reports to the Board of Directors.
|Cybersecurity Risk Role of Management [Text Block]
|
Management’s Role
Our cybersecurity governance framework incorporates policies, procedures, regular meetings, and controls to manage and mitigate cybersecurity risks. Aligned with industry standards and regulatory requirements, the framework is overseen and regularly evaluated by our leadership team responsible for implementation. Regular risk assessments are conducted to identify and assess potential cybersecurity risks, informing the development of proactive risk mitigation strategies within the governance framework.
The governance framework is closely integrated via a structured compliance reporting framework operating across various governance levels. This framework also operates across geographic locations, with location specific compliance meetings conducted at a local management level and led by the CISO with assistance from the ISO team. This structured compliance reporting is intended to ensure that the highest levels of management are kept abreast of potential cybersecurity risks facing the Company, with the escalation of significant cybersecurity matters to the Audit Committee and ultimately to the Board of Directors, as appropriate.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|Chief Information Security Officer (CISO)
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Our CISO has more than 28 years of experience in Information Security and holds a master’s degree in Information Technology. His in-depth knowledge and experience are instrumental in developing and executing our cybersecurity strategies.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|We have a designated Chief Information Security Officer (CISO) who has primary responsibility for managing our cybersecurity risks. Our CISO has more than 28 years of experience in Information Security and holds a master’s degree in Information Technology. His in-depth knowledge and experience are instrumental in developing and executing our cybersecurity strategies. Our CISO is assisted by a team of Information Security Officers (ISOs) and a third-party consultant who has expertise in cybersecurity, information security risk management, and information systems audit and holds various certifications including, CISA, CISM, HITRUST Certified Common Security Framework Practitioner, QSA, and CSP.The CISO, who is responsible for developing our cybersecurity strategy and managing our cybersecurity risks, reports directly to the Audit Committee on these matters.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef