Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

We recognize the importance of assessing, identifying, and managing material risks associated with cybersecurity threats, as such term is defined in Item 106(a) of Regulation S-K. These risks include, among other things: operational risks, intellectual property theft, fraud, extortion, harm to employees or customers and violation of data privacy or security laws. To mitigate the threat to our business, we take a comprehensive approach to cybersecurity risk management. The Company’s Board of Directors as well as its Director of Information Technology and Chief Financial Officer are actively involved in the oversight of our risk management program, of which cybersecurity represents an important component. We have established policies, standards, processes, and practices for assessing, identifying, managing and mitigating material risks from cybersecurity threats.

Risk Assessment and Management

We rely on a multidisciplinary team, including our information security function, management, and third-party service providers to identify, assess, remediate and manage cybersecurity threats and risks. We identify and assess risks from cybersecurity threats by monitoring and evaluating our threat environment and our risk profile using various methods including, for example, manual and automated tools, subscribing to reports and services that identify cybersecurity threats, analyzing reports of threats and threat actors, conducting scans of the threat environment, utilizing internal and external audits, and conducting threat and vulnerability assessments.

26

At least annually, we review our security controls and address information security vulnerabilities, conduct security testing, and assess our external sources for their security risk (e.g., security incidents, data security, security controls, third parties, etc.). The results of the assessment are used to drive alignment and prioritization of initiatives to enhance our security posture, improve security processes, and to manage a broader enterprise-level risk program that is presented to the Board of Directors, the Audit Committee, and members of management.

The Company maintains various technical, physical, and organizational measures, processes, standards, and policies designed to manage and mitigate material risks from cybersecurity threats against our information systems and data. These include:

●

incident detection and response

●

vulnerability management

●

disaster recovery plans

●

internal controls within our accounting and financial reporting functions

●

encryption of data

●

network security controls

●

access controls

●

physical security

●

asset management

●

systems monitoring

●

vendor risk management program

●

employee training.

Notwithstanding the approach we take to cybersecurity, we may not be successful in preventing or mitigating a cybersecurity incident that could have a material adverse effect on the Company. Refer to Item 1A for a discussion of cybersecurity risks.

Cybersecurity Risk Management Third Party Engaged [Flag]

true

Cybersecurity Risk Board of Directors Oversight [Text Block]

Governance

Our Board of Directors is responsible for overseeing our enterprise risk management activities, and each of our Board committees assists the Board in the role of risk oversight. The full Board receives an update on the Company’s risk management process and the risk trends related to cybersecurity at least annually. The Audit Committee specifically assists the Board of Directors in its oversight of risks related to cybersecurity.

Cybersecurity Risk Management Positions or Committees Responsible [Flag]

true