XML 24 R9.htm IDEA: XBRL DOCUMENT v3.25.1
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Mar. 31, 2025
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Item 1C.

CYBERSECURITY

 

Overview

 

Our technologies, systems and networks may be subject to cybersecurity threats. Our business, like others within the energy technologies industry, is faced with growing cybersecurity threats as we increasingly rely on digital technologies across our business, some of which are managed by third-party service providers on whom we rely to help us collect, host or process information.

 

We recognize the significance of these threats, sometimes referred to as hacking, cybersecurity fraud, and cyberattacks, and maintains processes and procedures designed to protect our critical systems and sensitive information from unauthorized access. However, there can be no assurance that a cyber-attack would timely be detected or thwarted. To date, we are not aware of any material cybersecurity incidents that have materially affected or are reasonably likely to materially affect us, and we have not incurred significant operating expenses related to cybersecurity incidents. For more information on risks related to cybersecurity, please see the section titled “Risk Factors” included under Item 1A of this Annual Report on Form 10-K.

 

Risk Management and Strategy

 

Our cybersecurity risk management program includes operational, technical and physical controls to protect against and respond timely to cybersecurity threats. To address evolving cybersecurity risks and corresponding regulations, our policies and procedures are benchmarked to industry, regulatory and cybersecurity frameworks (including the National Institute of Standards and Technology). This does not imply that we meet any particular technical standards, specifications, or requirements, only that we may use industry, regulatory, and cybersecurity frameworks as a guide to help us identify, assess, and manage cybersecurity risks relevant to our business.

 

Our cybersecurity risk management program is integrated into our overall risk management program, and shares common methodologies, reporting channels and governance processes that apply across the risk management program to other legal, compliance, strategic, operational, and financial risk areas.

 

Management has engaged third-party vendors to assist in monitoring our cybersecurity risk management programs and identifying and responding to any incidents. Additionally, third-party vendors are routinely engaged to evaluate how effectively management as a whole manages cybersecurity risk. This includes annual testing of our incident response plan through tabletop exercises and simulations to ensure readiness as well as penetration testing and security assessments. We also utilize third-party cybersecurity vendors to assess our protections against identified vulnerabilities, and we have implemented a third-party risk management process for key service providers, based on our assessment of their criticality to our operations.

 

We have developed cybersecurity training for employees concerning cybersecurity risk.  This training provides information on security awareness and phishing simulations.  All employees are required to attend periodic cybersecurity training. On a regular basis, our IT team shares news and articles related to cybersecurity awareness with all employees.

 

Our cybersecurity risk assessment is performed annually and includes external and internal penetration testing performed by third party vendors to test for vulnerabilities in the Company’s environment.

 

We have not identified risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents, that have materially affected us, including our operations, business strategy, results of operations, or financial condition. We face risks from cybersecurity threats that, if realized, are reasonably likely to materially affect us, including our operations, business strategy, results of operations, or financial condition. See "Risk Factors – Our business and operations may be materially adversely impacted in the event of a failure or security breach of our or any critical third parties' IT Systems or Confidential Information."
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block] We recognize the significance of these threats, sometimes referred to as hacking, cybersecurity fraud, and cyberattacks, and maintains processes and procedures designed to protect our critical systems and sensitive information from unauthorized access. However, there can be no assurance that a cyber-attack would timely be detected or thwarted. To date, we are not aware of any material cybersecurity incidents that have materially affected or are reasonably likely to materially affect us, and we have not incurred significant operating expenses related to cybersecurity incidents. For more information on risks related to cybersecurity, please see the section titled “Risk Factors” included under Item 1A of this Annual Report on Form 10-K.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block] We have not identified risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents, that have materially affected us, including our operations, business strategy, results of operations, or financial condition. We face risks from cybersecurity threats that, if realized, are reasonably likely to materially affect us, including our operations, business strategy, results of operations, or financial condition. See "Risk Factors – Our business and operations may be materially adversely impacted in the event of a failure or security breach of our or any critical third parties' IT Systems or Confidential Information."
Cybersecurity Risk Board of Directors Oversight [Text Block]

Governance

 

The Board of Directors has delegated the oversight of risks from cybersecurity threats to the Audit Committee, which has delegated authority to the Chief Financial Officer to oversee the Company’s day-to-day cybersecurity risk management, including prevention, detection and responding to any suspected cybersecurity incident.

 

The Audit Committee is updated at least annually by the CFO on the status of cybersecurity matters. Contemporaneous reporting is provided on an as needed basis to the Audit Committee and to the full Board of Directors on significant cyber events including response, legal obligations, and outreach and notification to regulators, and third parties when needed.

 

The Director, Global Information Technology and Financial Systems (the “IT Director”), leads an internal team who work directly with our third-party vendors to manage our cybersecurity risk management program and activities. The internal team monitors our information systems for cybersecurity threats, reviews cybersecurity incidents, analyzes emerging threats, and develops and implements risk mitigation strategies. Under our CFO’s authority, the IT Director periodically reports on the cybersecurity program to our executive leadership team, including by providing the team with updates on cybersecurity threats and incidents, the status of ongoing projects and initiatives, performance metrics, and additional cybersecurity topics. On an annual basis, the IT Director reviews the results of the current state of cybersecurity risk management, including the results of our cybersecurity risk assessment and any action plan to address any identified vulnerabilities.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] The Board of Directors has delegated the oversight of risks from cybersecurity threats to the Audit Committee, which has delegated authority to the Chief Financial Officer to oversee the Company’s day-to-day cybersecurity risk management, including prevention, detection and responding to any suspected cybersecurity incident.
Cybersecurity Risk Role of Management [Text Block] The Director, Global Information Technology and Financial Systems (the “IT Director”), leads an internal team who work directly with our third-party vendors to manage our cybersecurity risk management program and activities. The internal team monitors our information systems for cybersecurity threats, reviews cybersecurity incidents, analyzes emerging threats, and develops and implements risk mitigation strategies. Under our CFO’s authority, the IT Director periodically reports on the cybersecurity program to our executive leadership team, including by providing the team with updates on cybersecurity threats and incidents, the status of ongoing projects and initiatives, performance metrics, and additional cybersecurity topics. On an annual basis, the IT Director reviews the results of the current state of cybersecurity risk management, including the results of our cybersecurity risk assessment and any action plan to address any identified vulnerabilities.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] The Audit Committee is updated at least annually by the CFO on the status of cybersecurity matters. Contemporaneous reporting is provided on an as needed basis to the Audit Committee and to the full Board of Directors on significant cyber events including response, legal obligations, and outreach and notification to regulators, and third parties when needed.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true