XML 90 R39.htm IDEA: XBRL DOCUMENT v3.25.0.1
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Risk Assessment:

Regular assessments are conducted across our systems, networks, and data infrastructure to identify potential cybersecurity threats and vulnerabilities. These assessments include penetration testing, vulnerability scanning, and red teaming exercises conducted by third-party service providers, which help us to evaluate the likelihood and potential impact of cybersecurity incidents. Feedback from these assessments is incorporated into our systems and procedures through upgrades intended to further improve our security posture.

Incident Identification and Response:

A monitoring and detection system has been implemented to help identify cybersecurity incidents. The IT Security Department is tasked with monitoring certain network activities, logs, and system behavior, leveraging threat detection technologies. In the event of any breach or cybersecurity incident, we have an incident response plan that is designed to follow industry best practices and aligns with legal and regulatory requirements. This plan is designed to provide for immediate action to contain the incident, mitigate the impact, and restore normal operations efficiently.

Cybersecurity Training and Awareness:

Cybersecurity awareness among our employees is promoted with regular training and awareness programs. Employees receive training on recognizing and reporting potential cybersecurity threats, best practices for data protection, and adhering to cybersecurity policies and procedures. Additionally, periodic simulated phishing exercises are conducted to enhance employee readiness in identifying and mitigating phishing attacks.

Access Controls:

Access control policies have been implemented to limit unauthorized access to sensitive information and we seek to maintain and monitor critical systems. Multi-factor authentication is used for remote access, use of privileged accounts and access to critical systems.

Encryption and Data Protection:

Encryption methods are used to protect sensitive data in transit and at rest. This includes the encryption of customer data, financial information, and other confidential data.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block] cybersecurity risk management processes are integrated into the Partnership’s overall risk management program. Cybersecurity threats are understood to be dynamic and intersect with various other enterprise risks. As such, cybersecurity is considered an important component of our enterprise-wide risk management approach
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block]

The Board of Directors oversees risks from cybersecurity threats. Recognizing the importance of cybersecurity to the success and resilience of our business, the Board considers cybersecurity to be an important aspect of corporate governance. To facilitate effective oversight, the Audit Committee and the Board of Directors hold discussions with management, including the CTO on cybersecurity risks, incident trends, and the effectiveness of cybersecurity measures annually and as needed during both scheduled and special meetings. If new material cybersecurity risks arise, the Board of Directors and the Audit Committee are informed through regular discussions between the CFO and both the Chairman of the Board and the Audit Committee Chair. These discussions are then brought to the attention of the Board of Directors and Audit Committee at the next meeting.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] The Cybersecurity Steering Committee reviews information security policies and cybersecurity risks in conjunction with other operational, financial, and strategic risks to ensure alignment with our business objectives. The Cybersecurity Steering Committee convenes regularly to review and monitor the Partnership’s programs for the prevention, detection, mitigation, and remediation of cybersecurity incidents. The Cybersecurity Steering Committee receives reports on security incidents, threat intelligence, and vulnerability assessments from our IT Security Department.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] To facilitate effective oversight, the Audit Committee and the Board of Directors hold discussions with management, including the CTO on cybersecurity risks, incident trends, and the effectiveness of cybersecurity measures annually and as needed during both scheduled and special meetings. If new material cybersecurity risks arise, the Board of Directors and the Audit Committee are informed through regular discussions between the CFO and both the Chairman of the Board and the Audit Committee Chair. These discussions are then brought to the attention of the Board of Directors and Audit Committee at the next meeting.
Cybersecurity Risk Role of Management [Text Block]

The CTO and the Cybersecurity Steering Committee are responsible for overseeing and executing our cybersecurity strategy, including the assessment and management of cybersecurity risks. The CTO reports directly to the CFO and maintains communication with the Audit Committee, the Board of Directors and the Cybersecurity Steering Committee with respect to information security and cybersecurity matters.

The CTO holds a Master of Business Administration from the University of Kentucky/University of Louisville’s joint executive program and has an extensive background in information security, risk management, and incident response with over twenty years of varying information technology roles with increasing responsibility at both private and public companies. The CTO is supported by a dedicated team of cybersecurity professionals, each bringing diverse expertise in areas such as network security, data protection, and threat intelligence.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] The CTO and the Cybersecurity Steering Committee are responsible for overseeing and executing our cybersecurity strategy, including the assessment and management of cybersecurity risks
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] The CTO holds a Master of Business Administration from the University of Kentucky/University of Louisville’s joint executive program and has an extensive background in information security, risk management, and incident response with over twenty years of varying information technology roles with increasing responsibility at both private and public companies
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true