XML 103 R90.htm IDEA: XBRL DOCUMENT v3.25.3
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Aug. 31, 2025
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] Management’s Role in Assessing Cybersecurity Risk and Directing Strategy

At the management level, primary responsibility for assessing and managing cybersecurity threats and material risks rests with our Chief Information Officer (CIO), who reports directly to our Executive Vice-President of Operations. Our CIO has over two decades of experience in information technology and cybersecurity and is a Certified Information Systems Security Professional (CISSP). The CIO leads a team of five other information system professionals, three of whom also have CISSP credentials. Our CIO and cybersecurity team are responsible for understanding, managing, and communicating cybersecurity risk to our management and works with our legal department to oversee compliance with various legal, regulatory, and contractual cybersecurity requirements.

Our cybersecurity program is aligned with the National Institute of Standards and Technology (NIST) 800 Cybersecurity Framework and uses a layered strategy, relying on technology and human processes to safeguard our systems and client data. Our cybersecurity strategy utilizes numerous layers of security controls, processes, and procedures across our information systems and networks, including but not limited to, multi-factor authentication, identity access management, endpoint security, mobile security, application security, network security, web security, and encryption. We also use systems and processes designed to reduce the impact of a security incident at a third-party vendor or customer. Additionally, we use processes to oversee and identify material risks from cybersecurity threats associated with our use of third-party technology and systems, including technology and systems we use for encryption and authentication; employee email; content delivery to customers; back-office support and operations; and other functions. The Company

provides ongoing mandatory cybersecurity training for associates that is intended to help them understand cybersecurity risks and comply with our cybersecurity policies.

We engage third party professionals to assess our cybersecurity program and to perform audits of portions of our cybersecurity control environment based on risk or where necessary to ensure regulatory compliance. In addition, our internal audit function regularly meets with the cybersecurity team and periodically tests the control framework and operation of our cybersecurity incident response plan. The results of these tests are presented directly to the Audit Committee of the Board of Directors.

The cybersecurity team meets frequently to monitor the prevention, detection, mitigation, and remediation of cybersecurity threats and incidents. In the event of a cybersecurity incident, we have developed an incident response plan which is designed to “respond, restore, and resume” operation of our information systems and platforms. Our incident response plan also governs our immediate response to attacks, including detection, notification, escalation, assessment, and remediation efforts. The cybersecurity team routinely tests the incident response plan across the organization to validate the procedures for appropriately assessing and escalating risks and incidents. Our cybersecurity team may also coordinate its incident response efforts with external advisors and key stakeholders if necessary.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block] Our cybersecurity program is aligned with the National Institute of Standards and Technology (NIST) 800 Cybersecurity Framework and uses a layered strategy, relying on technology and human processes to safeguard our systems and client data. Our cybersecurity strategy utilizes numerous layers of security controls, processes, and procedures across our information systems and networks, including but not limited to, multi-factor authentication, identity access management, endpoint security, mobile security, application security, network security, web security, and encryption. We also use systems and processes designed to reduce the impact of a security incident at a third-party vendor or customer. Additionally, we use processes to oversee and identify material risks from cybersecurity threats associated with our use of third-party technology and systems, including technology and systems we use for encryption and authentication; employee email; content delivery to customers; back-office support and operations; and other functions. The Company

provides ongoing mandatory cybersecurity training for associates that is intended to help them understand cybersecurity risks and comply with our cybersecurity policies.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block] While we have not experienced any material cybersecurity incidents, there can be no guarantee that we, or any third parties with which we interact, will not be the subject of future successful attacks, threats, or incidents. We rely significantly on information technology for the operation of our business, including our All Access Pass and Leader in Me portals. For more information on cybersecurity risks we face, refer to Part I, Item 1A Risk Factors under the section entitled Cybersecurity and Information Technology Risks, which should be read in conjunction with the information presented in this Item 1C. 
Cybersecurity Risk Board of Directors Oversight [Text Block] The Audit Committee of the Board of Directors has the primary responsibility for cybersecurity risk oversight, including risk priorities, resource allocation, and oversight structures.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] Audit Committee
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] Our incident response plan includes documented protocols which govern established reporting thresholds for escalating cybersecurity incidents within the Company and where appropriate, to the Audit Committee or full Board of Directors.
Cybersecurity Risk Role of Management [Text Block] At the management level, primary responsibility for assessing and managing cybersecurity threats and material risks rests with our Chief Information Officer (CIO), who reports directly to our Executive Vice-President of Operations.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] At the management level, primary responsibility for assessing and managing cybersecurity threats and material risks rests with our Chief Information Officer (CIO), who reports directly to our Executive Vice-President of Operations. Our CIO has over two decades of experience in information technology and cybersecurity and is a Certified Information Systems Security Professional (CISSP). The CIO leads a team of five other information system professionals, three of whom also have CISSP credentials.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] Our CIO has over two decades of experience in information technology and cybersecurity and is a Certified Information Systems Security Professional (CISSP).
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] In the event of a cybersecurity incident, we have developed an incident response plan which is designed to “respond, restore, and resume” operation of our information systems and platforms. Our incident response plan also governs our immediate response to attacks, including detection, notification, escalation, assessment, and remediation efforts.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true