XML 50 R32.htm IDEA: XBRL DOCUMENT v3.25.3
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Sep. 30, 2025
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
We have established a risk-based cybersecurity and information security program (“program”) designed to assess, identify, and manage material risks from cybersecurity threats. Our cybersecurity risk management process includes policies that specify the requirements for technical security controls, monitoring systems, tools and services from third-party providers, and employee training and awareness. Our cybersecurity risk management process also includes regular independent audits across our operating units. Management oversees our cybersecurity risk management process in order to assess and manage material risks from cybersecurity threats identified by both internal and external threat intelligence. Our program monitors and evaluates risks from cybersecurity threats, and we aim to adapt our program and related processes accordingly.
The multi-layered framework on which our cybersecurity and information security program is built incorporates cybersecurity standards and certain requirements of the National Institute of Standards and Technology (“NIST”) Special Publication 800-171—Protecting Controlled Unclassified Information in Non-Federal Systems and Organizations—along with other legal and regulatory requirements. However, this does not mean that we meet any particular technical standards, specifications, or requirements, but rather that we use NIST and other cybersecurity standards as a guide to help us identify, assess, and manage cybersecurity risks relevant to our business.
Our cybersecurity and information security program is led by the Company’s Vice President of Cybersecurity (“VPoC”) who reports to our Chief Financial Officer. Our VPoC has served as a technology leader of cybersecurity, information security, infrastructure, and operational functions for over 35 years. The VPoC is supported by the Incident Response Team (“IRT”), a management committee made up of the Co-Chief Operating Officers, Chief Financial Officer, and executives in legal, finance, IT, and audit. The IRT supports the VPoC in assessing and managing risks from cybersecurity threats and in the event of a cybersecurity incident, provides oversight and leadership with respect to incident response.
As adopted by our businesses, which has been overseen by our corporate executive team, we have a cybersecurity incident response plan that outlines our policies and procedures to identify, respond to, and recover from cybersecurity threats and cybersecurity incidents. Our businesses are required to conduct regular exercises of their incident response plan as part of our program.
In the event of a potentially material cybersecurity incident, as determined by the VPoC with support from legal, as needed, the IRT is notified through an established escalation protocol. The Chair of the Audit Committee is also notified and briefed, and meetings of the Audit Committee and/or full Board of Directors would be held as appropriate. We maintain a relationship with third-party forensic vendor(s) available for incident response and investigation. Additionally, we maintain cybersecurity insurance.
The Company’s Board of Directors oversees our enterprise risk management (“ERM”) program and has delegated the primary responsibility for its oversight, which includes oversight of cybersecurity risk, to the Audit Committee. The Audit Committee is informed of material risks from cybersecurity threats through regular discussion with management regarding cybersecurity risk mitigation and cybersecurity incident management. Executive management, including our VPoC, regularly presents to the Audit Committee regarding cybersecurity matters, including program updates, key metrics, and developments.
The ERM program inventories and classifies key risk areas. We employ a methodology for scoring the risks based on the probability and impact of individual risks and discuss and implement countermeasures to address the risks.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block]
The multi-layered framework on which our cybersecurity and information security program is built incorporates cybersecurity standards and certain requirements of the National Institute of Standards and Technology (“NIST”) Special Publication 800-171—Protecting Controlled Unclassified Information in Non-Federal Systems and Organizations—along with other legal and regulatory requirements. However, this does not mean that we meet any particular technical standards, specifications, or requirements, but rather that we use NIST and other cybersecurity standards as a guide to help us identify, assess, and manage cybersecurity risks relevant to our business.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block]
Our cybersecurity and information security program is led by the Company’s Vice President of Cybersecurity (“VPoC”) who reports to our Chief Financial Officer. Our VPoC has served as a technology leader of cybersecurity, information security, infrastructure, and operational functions for over 35 years. The VPoC is supported by the Incident Response Team (“IRT”), a management committee made up of the Co-Chief Operating Officers, Chief Financial Officer, and executives in legal, finance, IT, and audit. The IRT supports the VPoC in assessing and managing risks from cybersecurity threats and in the event of a cybersecurity incident, provides oversight and leadership with respect to incident response.
As adopted by our businesses, which has been overseen by our corporate executive team, we have a cybersecurity incident response plan that outlines our policies and procedures to identify, respond to, and recover from cybersecurity threats and cybersecurity incidents. Our businesses are required to conduct regular exercises of their incident response plan as part of our program.
In the event of a potentially material cybersecurity incident, as determined by the VPoC with support from legal, as needed, the IRT is notified through an established escalation protocol. The Chair of the Audit Committee is also notified and briefed, and meetings of the Audit Committee and/or full Board of Directors would be held as appropriate. We maintain a relationship with third-party forensic vendor(s) available for incident response and investigation. Additionally, we maintain cybersecurity insurance.
The Company’s Board of Directors oversees our enterprise risk management (“ERM”) program and has delegated the primary responsibility for its oversight, which includes oversight of cybersecurity risk, to the Audit Committee. The Audit Committee is informed of material risks from cybersecurity threats through regular discussion with management regarding cybersecurity risk mitigation and cybersecurity incident management. Executive management, including our VPoC, regularly presents to the Audit Committee regarding cybersecurity matters, including program updates, key metrics, and developments.
The ERM program inventories and classifies key risk areas. We employ a methodology for scoring the risks based on the probability and impact of individual risks and discuss and implement countermeasures to address the risks.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
As adopted by our businesses, which has been overseen by our corporate executive team, we have a cybersecurity incident response plan that outlines our policies and procedures to identify, respond to, and recover from cybersecurity threats and cybersecurity incidents. Our businesses are required to conduct regular exercises of their incident response plan as part of our program.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
In the event of a potentially material cybersecurity incident, as determined by the VPoC with support from legal, as needed, the IRT is notified through an established escalation protocol. The Chair of the Audit Committee is also notified and briefed, and meetings of the Audit Committee and/or full Board of Directors would be held as appropriate. We maintain a relationship with third-party forensic vendor(s) available for incident response and investigation. Additionally, we maintain cybersecurity insurance.
Cybersecurity Risk Role of Management [Text Block]
The Company’s Board of Directors oversees our enterprise risk management (“ERM”) program and has delegated the primary responsibility for its oversight, which includes oversight of cybersecurity risk, to the Audit Committee. The Audit Committee is informed of material risks from cybersecurity threats through regular discussion with management regarding cybersecurity risk mitigation and cybersecurity incident management. Executive management, including our VPoC, regularly presents to the Audit Committee regarding cybersecurity matters, including program updates, key metrics, and developments.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
Our cybersecurity and information security program is led by the Company’s Vice President of Cybersecurity (“VPoC”) who reports to our Chief Financial Officer. Our VPoC has served as a technology leader of cybersecurity, information security, infrastructure, and operational functions for over 35 years. The VPoC is supported by the Incident Response Team (“IRT”), a management committee made up of the Co-Chief Operating Officers, Chief Financial Officer, and executives in legal, finance, IT, and audit. The IRT supports the VPoC in assessing and managing risks from cybersecurity threats and in the event of a cybersecurity incident, provides oversight and leadership with respect to incident response.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] Our VPoC has served as a technology leader of cybersecurity, information security, infrastructure, and operational functions for over 35 years.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
In the event of a potentially material cybersecurity incident, as determined by the VPoC with support from legal, as needed, the IRT is notified through an established escalation protocol. The Chair of the Audit Committee is also notified and briefed, and meetings of the Audit Committee and/or full Board of Directors would be held as appropriate. We maintain a relationship with third-party forensic vendor(s) available for incident response and investigation. Additionally, we maintain cybersecurity insurance.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true