XML 40 R25.htm IDEA: XBRL DOCUMENT v3.25.0.1
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
Our cybersecurity strategy leverages administrative safeguards that include policies, procedures and processes to assess, identify and manage risks from cybersecurity threats. We have adopted a Cybersecurity Incident Response Policy (the “CIRP”), which provides a framework and procedures for investigating, containing, documenting and mitigating incidents, including reporting findings and keeping senior management and other key stakeholders informed and involved as appropriate.

Additionally, all of the Company’s employees are required to undertake an annual cybersecurity training program on how to identify characteristics of various cybersecurity threats and ways to report such threats, which is augmented by additional training and communications on IT and cybersecurity matters throughout the year. Periodically during the year, the Company’s IT department leads simulations of cybersecurity incidents with employees, including annual tabletop exercises for offshore employees, to test the organization’s ability to respond to a variety of cybersecurity-related scenarios.

Our policies, procedures and processes are aligned with our technical tools, which include security monitoring and alerting, cybersecurity incident identification and remediation, and other technologies to ensure the security of our systems and information. We also have implemented certain physical safeguards, such as restricted access to areas containing critical IT and operational technology equipment, to mitigate risks to our physical environment.

Cybersecurity is integrated into our enterprise risk management ("ERM") process. Cybersecurity-related risks are included in our ERM risk register, which are reviewed by internal stakeholders who designate the relative level of severity of identified risks. The ERM risk register, which includes any identified cybersecurity-related risks, is reviewed by our Executive Management Committee and is reported quarterly to the board of directors, who then reviews the risk register, including any changes in key risks, and provides oversight as appropriate.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block]
Cybersecurity is integrated into our enterprise risk management ("ERM") process. Cybersecurity-related risks are included in our ERM risk register, which are reviewed by internal stakeholders who designate the relative level of severity of identified risks. The ERM risk register, which includes any identified cybersecurity-related risks, is reviewed by our Executive Management Committee and is reported quarterly to the board of directors, who then reviews the risk register, including any changes in key risks, and provides oversight as appropriate.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block]
The Audit Committee is responsible for, and actively engaged in, the oversight of our IT and cybersecurity program, including the oversight of risks from cybersecurity threats. Two of the members of the Audit Committee have obtained a certification or completed coursework in cybersecurity. The Audit Committee, at least quarterly, receives reports from the Company’s Senior Director – Information Technology (“SDIT”) on, among other things, the Company’s cybersecurity incidents, risks, threats and measures, training and organizational readiness. The board of directors is kept apprised of cybersecurity risk matters, including through participation in the quarterly cybersecurity briefings to the Audit Committee that are described above. We have protocols by which certain cybersecurity incidents are escalated within the Company and, where appropriate, reported in a timely manner to the board of directors and Audit Committee.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] The Audit Committee, at least quarterly, receives reports from the Company’s Senior Director – Information Technology (“SDIT”) on, among other things, the Company’s cybersecurity incidents, risks, threats and measures, training and organizational readiness. The board of directors is kept apprised of cybersecurity risk matters, including through participation in the quarterly cybersecurity briefings to the Audit Committee that are described above. We have protocols by which certain cybersecurity incidents are escalated within the Company and, where appropriate, reported in a timely manner to the board of directors and Audit Committee
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] The Audit Committee is responsible for, and actively engaged in, the oversight of our IT and cybersecurity program, including the oversight of risks from cybersecurity threats.
Cybersecurity Risk Role of Management [Text Block]
At the management level, the SDIT and his team are responsible for leading enterprise-wide information security strategy, policy, standards, architecture and processes, including the assessment and management of material risks from cybersecurity threats. The Company’s SDIT reports to the Chief Financial Officer. The SDIT has extensive cybersecurity knowledge and skills, gained from over 25 years of relevant work experience. The SDIT is informed about and monitors the prevention, detection, mitigation and remediation of cybersecurity incidents in accordance with the CIRP, which may include reports from the IT team. The SDIT also regularly reviews risk management measures implemented by the Company to identify and mitigate cybersecurity risks.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] At the management level, the SDIT and his team are responsible for leading enterprise-wide information security strategy, policy, standards, architecture and processes, including the assessment and management of material risks from cybersecurity threats. The Company’s SDIT reports to the Chief Financial Officer.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] The SDIT has extensive cybersecurity knowledge and skills, gained from over 25 years of relevant work experience.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] The Audit Committee, at least quarterly, receives reports from the Company’s Senior Director – Information Technology (“SDIT”) on, among other things, the Company’s cybersecurity incidents, risks, threats and measures, training and organizational readiness. The board of directors is kept apprised of cybersecurity risk matters, including through participation in the quarterly cybersecurity briefings to the Audit Committee that are described above. We have protocols by which certain cybersecurity incidents are escalated within the Company and, where appropriate, reported in a timely manner to the board of directors and Audit Committee.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true