XML 26 R11.htm IDEA: XBRL DOCUMENT v3.25.3
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Sep. 30, 2025
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Item 1C. Cybersecurity

 

Cybersecurity Breaches and Other Disruptions of Our Information Technology Network and Systems Could Adversely Affect Our Business.

 

Our Senior Vice President of Information Technology manages our security program. Oversight of the program occurs via IT metrics-based updates provided to an Information Technology Steering team (consisting of the executive officers and other key employees of the Company) on a quarterly basis. Additionally, multiple elements of our cybersecurity security program are tested internally and externally on a bi-yearly basis in alignment with our Sarbanes-Oxley information security controls, and we engage independent third parties annually to assess the risks associated with our information technology assets. Our cybersecurity program is part of our enterprise risk management strategy and includes policies and procedures designed to safeguard the confidentiality, integrity, and availability of our information assets. Lastly, a cybersecurity risk assessment is provided to our Board of Directors on an annual basis which includes metrics, security incidents, key risk indicators, and risk mitigation plans as well as on the status of material risks, mitigation measures, and incidents related to such risks. Our Board of Directors has overall responsibility for risk oversight, with the Information Technology Steering team assisting the Board in performing this function based on its respective areas of expertise. As such, the Information Technology Steering team performs materiality determinations of cyber incidents and advises the Board of Directors accordingly.

 

We maintain a comprehensive cybersecurity risk management program that aligns to the National Institute of Standards and Technology (NIST) Cyber Security Framework and adopts a variety of cybersecurity best practices across the enterprise. We leverage industry-leading cybersecurity vendors that provide the following capabilities: Managed Detection and Response (MDR); a Security Operations Center (SOC) that monitors the Company’s IT assets on a 24x7x365 basis; tools to interdict emails with phishing links and malware payloads; data leak protection tools that provide real-time interdiction of data transfers outside of normal business usage; vulnerability detection and automated patching tools; firewalls and instruction detection systems; multi-factor authentication mechanisms; mobile device management systems; penetration testing; and various third-party assessments.  Our critical IP data is maintained on segmented, access-controlled data stores. We utilize a variety of backup mechanisms for its data including both warm and cold storage solutions.  Lastly, we utilize token-based technologies to support Payment Card Industry Data Security Standard (PCI DSS) compliance safe handling and protection of credit card data.

 

We have a defined security policy that is reviewed on an annual basis.  We have established response procedures for cyber-security incidents and test the procedures on a periodic basis. We provide robust computer-based cybersecurity and wire fraud / phishing awareness training to all new employees as well as training to existing employees on an annual basis. We have not experienced material information security incidents in the last three years nor have we incurred any material expenses related to penalties and/or settlements related to a material breach nor have we been materially affected or reasonably likely to have had a material adverse effect on us, our business strategy, results of operations, or financial condition. Nevertheless, we do carry a cybersecurity insurance policy.

 
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block] Our Senior Vice President of Information Technology manages our security program.  Oversight of the program occurs via IT metrics-based updates provided to an Information Technology Steering team (consisting of the executive officers and other key employees of the Company) on a quarterly basis.  Additionally, multiple elements of our cybersecurity security program are tested internally and externally on a bi-yearly basis in alignment with our Sarbanes-Oxley information security controls, and we engage independent third parties annually to assess the risks associated with our information technology assets. Our cybersecurity program is part of our enterprise risk management strategy and includes policies and procedures designed to safeguard the confidentiality, integrity, and availability of our information assets. Lastly, a cybersecurity risk assessment is provided to our Board of Directors on an annual basis which includes metrics, security incidents, key risk indicators, and risk mitigation plans as well as on the status of material risks, mitigation measures, and incidents related to such risks. Our Board of Directors has overall responsibility for risk oversight, with the Information Technology Steering team assisting the Board in performing this function based on its respective areas of expertise. As such, the Information Technology Steering team performs materiality determinations of cyber incidents and advises the Board of Directors accordingly.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block] We have a defined security policy that is reviewed on an annual basis.  We have established response procedures for cyber-security incidents and test the procedures on a periodic basis. We provide robust computer-based cybersecurity and wire fraud / phishing awareness training to all new employees as well as training to existing employees on an annual basis. We have not experienced material information security incidents in the last three years nor have we incurred any material expenses related to penalties and/or settlements related to a material breach nor have we been materially affected or reasonably likely to have had a material adverse effect on us, our business strategy, results of operations, or financial condition. Nevertheless, we do carry a cybersecurity insurance policy.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] Our Senior Vice President of Information Technology manages our security program.  Oversight of the program occurs via IT metrics-based updates provided to an Information Technology Steering team (consisting of the executive officers and other key employees of the Company) on a quarterly basis.  Additionally, multiple elements of our cybersecurity security program are tested internally and externally on a bi-yearly basis in alignment with our Sarbanes-Oxley information security controls, and we engage independent third parties annually to assess the risks associated with our information technology assets. Our cybersecurity program is part of our enterprise risk management strategy and includes policies and procedures designed to safeguard the confidentiality, integrity, and availability of our information assets. Lastly, a cybersecurity risk assessment is provided to our Board of Directors on an annual basis which includes metrics, security incidents, key risk indicators, and risk mitigation plans as well as on the status of material risks, mitigation measures, and incidents related to such risks. Our Board of Directors has overall responsibility for risk oversight, with the Information Technology Steering team assisting the Board in performing this function based on its respective areas of expertise. As such, the Information Technology Steering team performs materiality determinations of cyber incidents and advises the Board of Directors accordingly.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] Our Senior Vice President of Information Technology manages our security program.  Oversight of the program occurs via IT metrics-based updates provided to an Information Technology Steering team (consisting of the executive officers and other key employees of the Company) on a quarterly basis.  Additionally, multiple elements of our cybersecurity security program are tested internally and externally on a bi-yearly basis in alignment with our Sarbanes-Oxley information security controls, and we engage independent third parties annually to assess the risks associated with our information technology assets. Our cybersecurity program is part of our enterprise risk management strategy and includes policies and procedures designed to safeguard the confidentiality, integrity, and availability of our information assets. Lastly, a cybersecurity risk assessment is provided to our Board of Directors on an annual basis which includes metrics, security incidents, key risk indicators, and risk mitigation plans as well as on the status of material risks, mitigation measures, and incidents related to such risks. Our Board of Directors has overall responsibility for risk oversight, with the Information Technology Steering team assisting the Board in performing this function based on its respective areas of expertise. As such, the Information Technology Steering team performs materiality determinations of cyber incidents and advises the Board of Directors accordingly.
Cybersecurity Risk Role of Management [Text Block] Our Senior Vice President of Information Technology manages our security program.  Oversight of the program occurs via IT metrics-based updates provided to an Information Technology Steering team (consisting of the executive officers and other key employees of the Company) on a quarterly basis.  Additionally, multiple elements of our cybersecurity security program are tested internally and externally on a bi-yearly basis in alignment with our Sarbanes-Oxley information security controls, and we engage independent third parties annually to assess the risks associated with our information technology assets. Our cybersecurity program is part of our enterprise risk management strategy and includes policies and procedures designed to safeguard the confidentiality, integrity, and availability of our information assets. Lastly, a cybersecurity risk assessment is provided to our Board of Directors on an annual basis which includes metrics, security incidents, key risk indicators, and risk mitigation plans as well as on the status of material risks, mitigation measures, and incidents related to such risks. Our Board of Directors has overall responsibility for risk oversight, with the Information Technology Steering team assisting the Board in performing this function based on its respective areas of expertise. As such, the Information Technology Steering team performs materiality determinations of cyber incidents and advises the Board of Directors accordingly.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] Our Senior Vice President of Information Technology manages our security program. Oversight of the program occurs via IT metrics-based updates provided to an Information Technology Steering team (consisting of the executive officers and other key employees of the Company) on a quarterly basis. Additionally, multiple elements of our cybersecurity security program are tested internally and externally on a bi-yearly basis in alignment with our Sarbanes-Oxley information security controls, and we engage independent third parties annually to assess the risks associated with our information technology assets. Our cybersecurity program is part of our enterprise risk management strategy and includes policies and procedures designed to safeguard the confidentiality, integrity, and availability of our information assets. Lastly, a cybersecurity risk assessment is provided to our Board of Directors on an annual basis which includes metrics, security incidents, key risk indicators, and risk mitigation plans as well as on the status of material risks, mitigation measures, and incidents related to such risks. Our Board of Directors has overall responsibility for risk oversight, with the Information Technology Steering team assisting the Board in performing this function based on its respective areas of expertise. As such, the Information Technology Steering team performs materiality determinations of cyber incidents and advises the Board of Directors accordingly.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] Our Senior Vice President of Information Technology manages our security program.  Oversight of the program occurs via IT metrics-based updates provided to an Information Technology Steering team (consisting of the executive officers and other key employees of the Company) on a quarterly basis.  Additionally, multiple elements of our cybersecurity security program are tested internally and externally on a bi-yearly basis in alignment with our Sarbanes-Oxley information security controls, and we engage independent third parties annually to assess the risks associated with our information technology assets. Our cybersecurity program is part of our enterprise risk management strategy and includes policies and procedures designed to safeguard the confidentiality, integrity, and availability of our information assets. Lastly, a cybersecurity risk assessment is provided to our Board of Directors on an annual basis which includes metrics, security incidents, key risk indicators, and risk mitigation plans as well as on the status of material risks, mitigation measures, and incidents related to such risks. Our Board of Directors has overall responsibility for risk oversight, with the Information Technology Steering team assisting the Board in performing this function based on its respective areas of expertise. As such, the Information Technology Steering team performs materiality determinations of cyber incidents and advises the Board of Directors accordingly.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] Our Senior Vice President of Information Technology manages our security program.  Oversight of the program occurs via IT metrics-based updates provided to an Information Technology Steering team (consisting of the executive officers and other key employees of the Company) on a quarterly basis.  Additionally, multiple elements of our cybersecurity security program are tested internally and externally on a bi-yearly basis in alignment with our Sarbanes-Oxley information security controls, and we engage independent third parties annually to assess the risks associated with our information technology assets. Our cybersecurity program is part of our enterprise risk management strategy and includes policies and procedures designed to safeguard the confidentiality, integrity, and availability of our information assets. Lastly, a cybersecurity risk assessment is provided to our Board of Directors on an annual basis which includes metrics, security incidents, key risk indicators, and risk mitigation plans as well as on the status of material risks, mitigation measures, and incidents related to such risks. Our Board of Directors has overall responsibility for risk oversight, with the Information Technology Steering team assisting the Board in performing this function based on its respective areas of expertise. As such, the Information Technology Steering team performs materiality determinations of cyber incidents and advises the Board of Directors accordingly.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true