XML 61 R42.htm IDEA: XBRL DOCUMENT v3.25.0.1
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Our cybersecurity risk management program is designed to monitor, detect, prevent and respond to cybersecurity threats to our critical systems, information, services and IT environment. Our internal IT team has committed resources to review and enhance our cybersecurity risk management program, work with internal and third-party experts to determine and implement appropriate controls, partner with our compliance team to provide employee training and awareness, stay abreast of emerging potential threats and best practices, and to respond to cybersecurity incidents. There can be no assurance that our cybersecurity risk management program and processes, including our policies, controls or procedures, will be fully implemented, complied with or effective in protecting our systems and information.

We utilize the CIS CSC to promote best practices and reduce the risk of a successful cybersecurity attack. This does not imply that we meet any particular technical standards, specifications, or requirements, only that we use the CIS CSC as a guide to help us identify, assess, and manage cybersecurity risks relevant to our business.

Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block]

Our cybersecurity risk management program is integrated into our overall enterprise risk management program, and shares common methodologies, reporting channels and governance processes that apply to other legal, compliance, strategic, operational, and financial risk areas. This provides cross-functional visibility, as well as executive leadership oversight, to address and mitigate associated risks.

Our IT policy communicates internal guidelines for our IT infrastructure and services, baseline controls that help safeguard the security of our operating environment, and reporting and escalation protocols. Our IT security training program is designed to help our employees recognize and report suspicious activity. The program includes annual cybersecurity training for employees and executive leadership, phishing simulations, and other security exercises for employees. Cybersecurity awareness and education is further emphasized through a company-wide education campaign during National Cybersecurity Awareness Month.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block] Our Board of Directors has an active role, as a whole and through its subcommittees, in oversight of our risks and is assisted by management in the exercise of these responsibilities. Our Board of Directors delegates oversight to specific subcommittees and is informed quarterly through committee reports. The Audit Committee is responsible for overseeing our cybersecurity risk management program. Various Audit Committee members have first-hand or supervisory experience over cybersecurity, and our Audit Committee chair is certified in the National Association of Corporate Directors Cyber Risk Oversight Program.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] Audit Committee
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] The Vice President of IT reports to our executive leadership team and along with our senior manager in charge of IT security, provides cybersecurity risk assessment and response updates to the Audit Committee on a regular basis, or as often as deemed necessary.
Cybersecurity Risk Role of Management [Text Block]

Our Vice President of IT is a member of our senior IT management team and is primarily responsible for assessing and managing our material risks from cybersecurity threats. Our Vice President of IT has primary responsibility for our overall cybersecurity risk management program, including supervising both our internal cybersecurity personnel and external cybersecurity consultants. Our Vice President of IT has over 25 years of experience primarily focused on managing large scale, complex programs and projects as well as managing application development teams in a global environment. Our senior manager in charge of IT security has more than a decade of experience in cybersecurity risk management, including CISSP certification.

Our IT management team utilizes various processes and technologies to identify, protect, detect, respond, and recover from cybersecurity events and incidents. During 2024, our IT management team initiated an independent evaluation of our cybersecurity framework and implemented certain company-wide security enhancements. In addition, the IT management team is subject to specific key performance indicators and performance against such key performance indicators is reviewed by our Audit Committee. To create awareness in our first line of defense, training is also provided to employees to help them identify security risks, which includes routine phishing exercises and appraisal of and assistance with security-related performance.

Cybersecurity events and incidents can be reported to our IT management team in several ways, including through our externally managed detection and response provider, system alerts, or employees reporting suspicious activity. The Vice President of IT reports to our executive leadership team and along with our senior manager in charge of IT security, provides cybersecurity risk assessment and response updates to the Audit Committee on a regular basis, or as often as deemed necessary.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] Vice President of IT
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] Our Vice President of IT has over 25 years of experience primarily focused on managing large scale, complex programs and projects as well as managing application development teams in a global environment. Our senior manager in charge of IT security has more than a decade of experience in cybersecurity risk management, including CISSP certification.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]

Our IT management team utilizes various processes and technologies to identify, protect, detect, respond, and recover from cybersecurity events and incidents. During 2024, our IT management team initiated an independent evaluation of our cybersecurity framework and implemented certain company-wide security enhancements. In addition, the IT management team is subject to specific key performance indicators and performance against such key performance indicators is reviewed by our Audit Committee. To create awareness in our first line of defense, training is also provided to employees to help them identify security risks, which includes routine phishing exercises and appraisal of and assistance with security-related performance.

Cybersecurity events and incidents can be reported to our IT management team in several ways, including through our externally managed detection and response provider, system alerts, or employees reporting suspicious activity. The Vice President of IT reports to our executive leadership team and along with our senior manager in charge of IT security, provides cybersecurity risk assessment and response updates to the Audit Committee on a regular basis, or as often as deemed necessary.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true