Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Risk Management and Strategy

The Board of Directors is actively involved in oversight of the Company’s risk management framework. The Company’s cybersecurity risk management practices are strategically integrated into its broader risk management framework to promote a company-wide culture of cybersecurity awareness. This integration ensures cybersecurity considerations are an integral part of decision-making processes across the organization.

The Company’s risk management team collaborates closely with its internal IT team to evaluate and address cybersecurity risks in alignment with the Company’s overall business objectives and operational needs. The Company has implemented controls and procedures to ensure the prompt escalation of cybersecurity concerns so that management, the Audit Committee, and the Board of Directors receive timely and appropriate information.

Given the complexity and evolving nature of cybersecurity threats, the Company engages external experts, such as cybersecurity assessors, third-party legal consultants, and auditors, to evaluate and test its risk management systems. These engagements include audits, threat assessments, and consultations on security enhancements. Such collaboration ensures the Company leverages specialized knowledge to maintain cybersecurity practices aligned with industry standards.

To assess, identify, and manage cybersecurity risks, the Company:

●

Utilizes advanced technology solutions, such as proactive detection tools, to safeguard its assets and identify threats within its environment.

●

Conducts cyber education and awareness training sessions to equip employees with the necessary knowledge and foster a strong security culture.

●

Analyzes internal and external cybersecurity incidents and threat intelligence to assess relevance to its environment and industry.

●

Performs recovery testing to ensure the resilience of critical systems and support business continuity.

●

Implements stringent oversight of third-party service providers, including conducting security reviews before engagement and ongoing monitoring to ensure compliance with the Company’s cybersecurity standards.

Cybersecurity Risk Management Processes Integrated [Text Block]

The Board of Directors is actively involved in oversight of the Company’s risk management framework. The Company’s cybersecurity risk management practices are strategically integrated into its broader risk management framework to promote a company-wide culture of cybersecurity awareness. This integration ensures cybersecurity considerations are an integral part of decision-making processes across the organization.

The Company’s risk management team collaborates closely with its internal IT team to evaluate and address cybersecurity risks in alignment with the Company’s overall business objectives and operational needs. The Company has implemented controls and procedures to ensure the prompt escalation of cybersecurity concerns so that management, the Audit Committee, and the Board of Directors receive timely and appropriate information.

Given the complexity and evolving nature of cybersecurity threats, the Company engages external experts, such as cybersecurity assessors, third-party legal consultants, and auditors, to evaluate and test its risk management systems. These engagements include audits, threat assessments, and consultations on security enhancements. Such collaboration ensures the Company leverages specialized knowledge to maintain cybersecurity practices aligned with industry standards.

To assess, identify, and manage cybersecurity risks, the Company:

●

Utilizes advanced technology solutions, such as proactive detection tools, to safeguard its assets and identify threats within its environment.

●

Conducts cyber education and awareness training sessions to equip employees with the necessary knowledge and foster a strong security culture.

●

Analyzes internal and external cybersecurity incidents and threat intelligence to assess relevance to its environment and industry.

●

Performs recovery testing to ensure the resilience of critical systems and support business continuity.

●

Implements stringent oversight of third-party service providers, including conducting security reviews before engagement and ongoing monitoring to ensure compliance with the Company’s cybersecurity standards.

Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]

true

Cybersecurity Risk Board of Directors Oversight [Text Block]

Governance

The Company’s Board of Directors believes it understands the significance of risks associated with cybersecurity threats to its operational integrity and stakeholder confidence and believes it has established mechanisms to effectively manage such risks based on the current understanding of the threat environment. As part of the Company’s entire Board of Directors operational risk management responsibilities, it has oversight of risks from cybersecurity threats. As discussed below, members of management advise the entire Board of Directors about cybersecurity threat risks, among other cybersecurity related matters, at least annually and management also reports to the Audit Committee with respect to cybersecurity risks with financial statement or financial statement reporting implications. The Audit Committee routinely interacts and reports to the entire Board of Directors on these matters.

The Board of Directors is composed of members with diverse expertise including risk management, technology, and finance domain expertise, equipping them to oversee cybersecurity risks effectively.

The Board of Directors and the Audit Committee receive briefings from the Company’s Chief Information Officer (“CIO”), Chief Financial Officer (“CFO”) and President and Chief Executive Officer (“CEO”) on a regular basis, with a minimum frequency of once per year. These briefings encompass a broad range of topics, including:

●

Current cybersecurity landscape and emerging threats;

●

Status of ongoing cybersecurity initiatives and strategies;

●

Incident reports and recommendations from any cybersecurity events; and

●

Compliance with regulatory requirements and industry standards.

In addition to scheduled briefings, ad hoc discussions regarding emerging or potential cybersecurity risks ensure the Board remains informed and engaged in strategic decision-making related to cybersecurity. The Board conducts an annual review of the Company’s cybersecurity posture and risk management strategies to identify areas for improvement and maintain alignment with the Company’s overall risk management framework.

Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]

The Board of Directors is composed of members with diverse expertise including risk management, technology, and finance domain expertise, equipping them to oversee cybersecurity risks effectively.

The Board of Directors and the Audit Committee receive briefings from the Company’s Chief Information Officer (“CIO”), Chief Financial Officer (“CFO”) and President and Chief Executive Officer (“CEO”) on a regular basis, with a minimum frequency of once per year. These briefings encompass a broad range of topics, including:

●

Current cybersecurity landscape and emerging threats;

●

Status of ongoing cybersecurity initiatives and strategies;

●

Incident reports and recommendations from any cybersecurity events; and

●

Compliance with regulatory requirements and industry standards.

In addition to scheduled briefings, ad hoc discussions regarding emerging or potential cybersecurity risks ensure the Board remains informed and engaged in strategic decision-making related to cybersecurity. The Board conducts an annual review of the Company’s cybersecurity posture and risk management strategies to identify areas for improvement and maintain alignment with the Company’s overall risk management framework.

Cybersecurity Risk Management Positions or Committees Responsible [Flag]

true

Cybersecurity Risk Management Expertise of Management Responsible [Text Block]

The Company’s CIO has over 20 years of experience in the field of technology and security and is instrumental in developing and designing, implementing and executing the Company’s cybersecurity strategies. The internal IT team is responsible for the day-to-day implementation of the Company’s cybersecurity risk management programs, testing compliance with standards, remediating known risks, and leading employee training programs.

Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]

true