XML 28 R12.htm IDEA: XBRL DOCUMENT v3.25.3
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Sep. 30, 2025
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Item 1C.    Cybersecurity

 

Risk Management

 

We have implemented a cybersecurity risk management program intended to protect the confidentiality, integrity, and availability of our critical systems and information. Our cybersecurity risk management program is an element of and is integrated into our overall enterprise risk management program, and is a key component of our annual organizational risk assessment. Our cybersecurity risk management program is based in part on, and incorporates elements of, the National Institute of Standards and Technology (NIST) Cybersecurity Framework and International Organization for Standardization 27001 (ISO 27001) Framework. In general, we seek to address cybersecurity risks through a comprehensive, cross-functional approach that is focused on preserving the confidentiality, security and availability of the information that we collect and store by identifying, preventing and mitigating cybersecurity threats and effectively responding to cybersecurity incidents when they occur.

 

Our cybersecurity risk management program utilizes a variety of technical and process controls that are designed to identify, protect against, detect, respond to, and recover from cybersecurity threats, including:

 

 

risk assessments designed to help identify material cybersecurity risks to our critical systems, information, products, services, and our broader enterprise information technology (“IT”) environment;
 

a security team that is principally responsible for managing (1) our cybersecurity risk assessment processes, (2) our security controls and policies, and (3) our response to cybersecurity incidents;

 

the use of external service providers, where appropriate, to assess, test, or otherwise assist with aspects of our security controls;

 

cybersecurity awareness training for our employees, incident response personnel, and senior management;

 

assessment of material cybersecurity risks posed by third-party service providers, including risks to employee, customer and financial information; 

 

a cybersecurity incident response protocol that includes procedures for responding to cybersecurity incidents; and

 

business continuity plans.

 

As part of the above processes, we engage, as necessary, consultants and other third parties, to review our cybersecurity incidents if material to help quantify the impact and identify areas for continued focus, improvement, and compliance.

 

Our processes also address cybersecurity threat risks associated with our use of third-party service providers, including our suppliers and manufacturers or who have access to confidential, proprietary, personal, or employee data, or to our systems. In addition, cybersecurity considerations affect the selection and oversight of our third-party service providers. We perform diligence on third parties that have access to our systems, data or facilities that house such systems or data, and continually monitor cybersecurity threat risks identified through such diligence. Additionally, we generally require those third parties that could introduce significant cybersecurity risk to us to agree by contract to manage their cybersecurity risks in specified ways, and to agree to be subject to cybersecurity audits or audits for System and Organization Controls (SOC) compliance.

 

We have been, and expect to continue to be, subject to cybersecurity risks and incidents related to our business. We have not experienced any material cybersecurity incidents during the last fiscal year. For more information about the cybersecurity risks we face, see Part I, Item 1A, "Risk Factorsof this Annual Report on Form 10-K.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block] Our cybersecurity risk management program is an element of and is integrated into our overall enterprise risk management program, and is a key component of our annual organizational risk assessment.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block] We have not experienced any material cybersecurity incidents during the last fiscal year.
Cybersecurity Risk Board of Directors Oversight [Text Block]

Governance

 

Our Board of Directors considers cybersecurity risk as part of its enterprise risk management oversight function. The Board of Directors delegates oversight of the cybersecurity risk management program to the Audit Committee. This oversight includes periodic reports from  management concerning cybersecurity related risks. The management of the program is the responsibility of our Risk Management Committee, comprised of our Chief Financial Officer, Chief Digital & Information Officer, Chief Accounting Officer and General Counsel. Our Chief Digital & Information Officer, who has over 30 years of extensive work experience in the field of technology and cybersecurity, leads our team of cybersecurity professionals and provides the Risk Management Committee with periodic reports on our cybersecurity risks and any material cybersecurity incidents. Our team of cybersecurity professionals monitors the prevention, mitigation, detection, and remediation of cybersecurity incidents through the cybersecurity risk management and processes described above, including the operation of our incident response plan. The Risk Management Committee provides updates to the Audit Committee on our cybersecurity risk management program as appropriate, including updates on (1) any critical cybersecurity risks; (2) ongoing cybersecurity initiatives and strategies; (3) applicable regulatory requirements; and (4) industry standards. The Risk Management Committee also notifies the Board of Directors of any significant and/or material cybersecurity incidents (suspected or actual) and provides updates on the incidents as well as cybersecurity risk mitigation activities as appropriate.

 
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] periodic
Cybersecurity Risk Role of Management [Text Block] Chief Financial Officer, Chief Digital & Information Officer, Chief Accounting Officer and General Counsel
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] 30
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] as appropriate
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true