XML 45 R29.htm IDEA: XBRL DOCUMENT v3.25.0.1
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
We strive to follow the guidelines set by the National Institute of Standards and Technology Cybersecurity Framework to manage information assets, protect sensitive data and mitigate security risks. To address risks from cybersecurity threats, we
maintain an information security team, automated monitoring and detection services, and policies and procedures for managing risks to our information systems. As part of our information security program, our operations strive to assess, identify and manage cybersecurity threat risks by:
identifying cybersecurity threats and critical information assets;
implementing cybersecurity prevention, detection and response controls;
incorporating cyber risk assessment practices into program activities; and
integrating cyber risk management into our business risk governance practices.
Additionally, we periodically review and update our cybersecurity policies, procedures, practices, and response plans considering evolving threats, changes in federal government compliance standards, and emerging commercial best practices, as applicable. We conduct employee training programs on cybersecurity as part of our efforts to mitigate persistent and continuously evolving cybersecurity threats. We have implemented processes requiring that material cybersecurity events, or losses of customer or personal data, are reported to affected parties, applicable regulatory authorities and management, as appropriate.
The above cybersecurity risk management processes are integrated into our overall enterprise risk management process.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block] integrating cyber risk management into our business risk governance practices.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block] Our Board is responsible for risk oversight and monitors an enterprise risk management process prepared by management to assist in fulfilling its oversight responsibilities. The Board has delegated responsibility for overseeing the monitoring and assessment of risks related to cybersecurity to the Audit Committee.
We monitor the effectiveness of our information security program in protecting information assets and sensitive data, and mitigating security risks by periodically performing both internal and external audits, leveraging third-party commercial tools for assessing cybersecurity health, monitoring and addressing newly defined security vulnerabilities, and conducting annual third-party cyber penetration testing. Such tests are designed to emulate techniques used by advanced cyber threat adversaries. We also recognize that third-party service providers may introduce cybersecurity risks and, in an effort to mitigate these risks, we have sought to implement a process to assess and oversee the cybersecurity practices of third-party service providers. Before engaging with a third-party service provider, we conduct due diligence to evaluate their cybersecurity capabilities. Additionally, we endeavor to include cybersecurity requirements in our contracts with third-party service providers and endeavor to require them to adhere to specific security standards and protocols.
Our Chief Information Officer is responsible for timely informing management regarding cybersecurity incidents, including prevention, detection, mitigation, and remediation activities. Our Chief Information Officer and Director of Cybersecurity communicate at least annually with the Audit Committee and the Board on matters such as data protection and cybersecurity. These individuals have extensive cybersecurity knowledge and skills, with over 15 years of collective experience in the management of cybersecurity threats. We maintain cybersecurity incident response plans, which address defined actions to be taken in response to risks from cyber incidents. In the event of a material cybersecurity incident, the Chief Information Officer must notify management, the Audit Committee and the Board.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] Our Chief Information Officer is responsible for timely informing management regarding cybersecurity incidents, including prevention, detection, mitigation, and remediation activities. Our Chief Information Officer and Director of Cybersecurity communicate at least annually with the Audit Committee and the Board on matters such as data protection and cybersecurity.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
Our Chief Information Officer is responsible for timely informing management regarding cybersecurity incidents, including prevention, detection, mitigation, and remediation activities. Our Chief Information Officer and Director of Cybersecurity communicate at least annually with the Audit Committee and the Board on matters such as data protection and cybersecurity. These individuals have extensive cybersecurity knowledge and skills, with over 15 years of collective experience in the management of cybersecurity threats. We maintain cybersecurity incident response plans, which address defined actions to be taken in response to risks from cyber incidents. In the event of a material cybersecurity incident, the Chief Information Officer must notify management, the Audit Committee and the Board.
Cybersecurity Risk Role of Management [Text Block]
Management is responsible for assessing, identifying, and managing risks from cybersecurity threats. Our Board is responsible for risk oversight and monitors an enterprise risk management process prepared by management to assist in fulfilling its oversight responsibilities. The Board has delegated responsibility for overseeing the monitoring and assessment of risks related to cybersecurity to the Audit Committee.
We monitor the effectiveness of our information security program in protecting information assets and sensitive data, and mitigating security risks by periodically performing both internal and external audits, leveraging third-party commercial tools for assessing cybersecurity health, monitoring and addressing newly defined security vulnerabilities, and conducting annual third-party cyber penetration testing. Such tests are designed to emulate techniques used by advanced cyber threat adversaries. We also recognize that third-party service providers may introduce cybersecurity risks and, in an effort to mitigate these risks, we have sought to implement a process to assess and oversee the cybersecurity practices of third-party service providers. Before engaging with a third-party service provider, we conduct due diligence to evaluate their cybersecurity capabilities. Additionally, we endeavor to include cybersecurity requirements in our contracts with third-party service providers and endeavor to require them to adhere to specific security standards and protocols.
Our Chief Information Officer is responsible for timely informing management regarding cybersecurity incidents, including prevention, detection, mitigation, and remediation activities. Our Chief Information Officer and Director of Cybersecurity communicate at least annually with the Audit Committee and the Board on matters such as data protection and cybersecurity. These individuals have extensive cybersecurity knowledge and skills, with over 15 years of collective experience in the management of cybersecurity threats. We maintain cybersecurity incident response plans, which address defined actions to be taken in response to risks from cyber incidents. In the event of a material cybersecurity incident, the Chief Information Officer must notify management, the Audit Committee and the Board.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] Our Chief Information Officer is responsible for timely informing management regarding cybersecurity incidents, including prevention, detection, mitigation, and remediation activities. Our Chief Information Officer and Director of Cybersecurity communicate at least annually with the Audit Committee and the Board on matters such as data protection and cybersecurity.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] These individuals have extensive cybersecurity knowledge and skills, with over 15 years of collective experience in the management of cybersecurity threats.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
Our Chief Information Officer is responsible for timely informing management regarding cybersecurity incidents, including prevention, detection, mitigation, and remediation activities. Our Chief Information Officer and Director of Cybersecurity communicate at least annually with the Audit Committee and the Board on matters such as data protection and cybersecurity. These individuals have extensive cybersecurity knowledge and skills, with over 15 years of collective experience in the management of cybersecurity threats. We maintain cybersecurity incident response plans, which address defined actions to be taken in response to risks from cyber incidents. In the event of a material cybersecurity incident, the Chief Information Officer must notify management, the Audit Committee and the Board.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true