XML 40 R25.htm IDEA: XBRL DOCUMENT v3.25.0.1
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
The Company has an Information Security Committee (the “Committee”) to identify, assess, and manage cybersecurity risks and to implement necessary policies and procedures to mitigate those risks. The Committee also coordinates employee education efforts throughout the year. The Technology Risk & Information Security Officer serves as the Committee chair and the day-to-day manager of the Company’s information security management systems. The Committee is comprised of members having expertise in information technology infrastructure, data security, risk management, compliance, legal, and business continuity and recovery efforts. The Committee identifies and assesses risks by understanding and evaluating the Company’s systems, processes, data, and controls. This information is then augmented through participation by certain
Committee members in industry threat intelligence groups designed to share best practices and emerging threats related to cybersecurity. The Committee also completes a full cybersecurity risk assessment annually, which drives the implementation of policies and procedures as well as the scope of third-party testing. The Committee has implemented an information security program that includes a comprehensive set of cybersecurity policies and procedures that follows standards established by the International Organization for Standardization (“ISO 27001”). The policies and procedures within the program, among other things, are to oversee, identify, and mitigate the Company’s cybersecurity risks as well as cybersecurity risks to the Company associated with its significant service providers and vendors. The Company’s cybersecurity policies and procedures have been independently certified by a third party as compliant with the ISO 27001 standard. The Committee engages third-party experts to perform penetration tests on a periodic basis and to assess whether these policies and procedures are designed appropriately and operating effectively.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block] The Company has an Information Security Committee (the “Committee”) to identify, assess, and manage cybersecurity risks and to implement necessary policies and procedures to mitigate those risks.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block] Cybersecurity oversight forms part of the Board’s risk oversight of the Company.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
Cybersecurity oversight forms part of the Board’s risk oversight of the Company. The Board oversees efforts by management to manage the cybersecurity risks to which the Company may be exposed. The Board receives quarterly reports and meets periodically with the Committee chair. From its review of these reports and discussions with management and the Committee chair, the Board ensures it has sufficient awareness of the material cybersecurity risks to which the Company is exposed, enabling a dialogue about how management manages and mitigates those risks. The Board currently has four members who have obtained certifications in cybersecurity oversight.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] Cybersecurity oversight forms part of the Board’s risk oversight of the Company. The Board oversees efforts by management to manage the cybersecurity risks to which the Company may be exposed. The Board receives quarterly reports and meets periodically with the Committee chair.
Cybersecurity Risk Role of Management [Text Block] The Board oversees efforts by management to manage the cybersecurity risks to which the Company may be exposed. The Board receives quarterly reports and meets periodically with the Committee chair. From its review of these reports and discussions with management and the Committee chair, the Board ensures it has sufficient awareness of the material cybersecurity risks to which the Company is exposed, enabling a dialogue about how management manages and mitigates those risks.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] The Company has an Information Security Committee (the “Committee”) to identify, assess, and manage cybersecurity risks and to implement necessary policies and procedures to mitigate those risks.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] The Board currently has four members who have obtained certifications in cybersecurity oversight.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] The Board receives quarterly reports and meets periodically with the Committee chair.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true