Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Risk Management and Strategy

Our information technology, communication networks, enterprise applications, and related systems are necessary for our operations. We use these systems to manage our production, engineering drawings, customer and vendor relationships, for internal communications, for payroll and accounting to operate record-keeping functions, and for many other key aspects of our business. Our business operations rely on the secure collection, storage, transmission, and other processing of proprietary, confidential, and sensitive data.

We have implemented and maintain various information security processes designed to identify, assess and manage material risks from cybersecurity threats to our critical computer networks, third-party hosted services, communications systems, hardware and software, and our critical data. Our cybersecurity risk management program is included in our overall enterprise risk management program.

Key elements of our cybersecurity risk management program include:

•

the formalization and implementation of information security policies which include encryption standards, antivirus protection, vulnerability management, multifactor authentication, granting and removing of access, confidential information, and credential standards;

•

the use of external service providers, where appropriate, to assess, test or otherwise assist with aspects of our security controls including vulnerability assessments and penetration tests;

•

cybersecurity awareness training of our employees;

•

enhancement of segregation of duties to mitigate the risk of self-review of transactions within the system; and

•

revision of user access request documentation to clearly define the roles and permissions assigned to users.

We have been, and expect to continue to be, subject to cybersecurity risks and incidents related to our business. To date, risks from cybersecurity threats have not materially affected our operations. We currently do not expect that the risks from cybersecurity threats are reasonably likely to materially affect us. However, as discussed further under “Item 1A – Risk Factors”, cyber threats continue to increase. Preventative actions we take to reduce the risk of cyber incidents and protect our systems and information may be insufficient. Accordingly, no matter how well designed or implemented our controls are, we will not be able to anticipate all security breaches of these types, including security threats that may result from third parties improperly employing artificial intelligence technologies, and we may not be able to implement effective preventive measures against such security breaches in a timely manner.

Governance

Our Board of Directors has overall oversight responsibility for our enterprise risk management program and delegates cybersecurity risk management oversight to the Audit Committee of the Board of Directors. Our Chief Financial Officer and IT Manager are responsible for identifying, considering and assessing cybersecurity risks on an ongoing basis, establishing processes to ensure that such potential cybersecurity risk exposures are monitored, putting in place appropriate mitigation measures, maintaining cybersecurity programs, and remediating any potential cybersecurity incidents. The Audit Committee receives updates from our Chief Financial Officer on, among other things, our cybersecurity risks and the status of any projects to strengthen our information security systems and assessments of our cybersecurity program. At meetings of the Board of Directors, the Chairman of our Audit Committee has the opportunity to report on cybersecurity risks and related mitigation efforts.

Cybersecurity Risk Management Processes Integrated [Text Block]

Our information technology, communication networks, enterprise applications, and related systems are necessary for our operations. We use these systems to manage our production, engineering drawings, customer and vendor relationships, for internal communications, for payroll and accounting to operate record-keeping functions, and for many other key aspects of our business. Our business operations rely on the secure collection, storage, transmission, and other processing of proprietary, confidential, and sensitive data.

We have implemented and maintain various information security processes designed to identify, assess and manage material risks from cybersecurity threats to our critical computer networks, third-party hosted services, communications systems, hardware and software, and our critical data. Our cybersecurity risk management program is included in our overall enterprise risk management program.

Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]

true

Cybersecurity Risk Board of Directors Oversight [Text Block]

Governance

Our Board of Directors has overall oversight responsibility for our enterprise risk management program and delegates cybersecurity risk management oversight to the Audit Committee of the Board of Directors. Our Chief Financial Officer and IT Manager are responsible for identifying, considering and assessing cybersecurity risks on an ongoing basis, establishing processes to ensure that such potential cybersecurity risk exposures are monitored, putting in place appropriate mitigation measures, maintaining cybersecurity programs, and remediating any potential cybersecurity incidents. The Audit Committee receives updates from our Chief Financial Officer on, among other things, our cybersecurity risks and the status of any projects to strengthen our information security systems and assessments of our cybersecurity program. At meetings of the Board of Directors, the Chairman of our Audit Committee has the opportunity to report on cybersecurity risks and related mitigation efforts.

Cybersecurity Risk Management Positions or Committees Responsible [Flag]

true