Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Cybersecurity is an important aspect of our business operations, and we are committed to protecting our systems, data, and the information of our clients and stakeholders. We recognize that cybersecurity threats are constantly evolving and that maintaining robust security measures is an ongoing process. Below is an overview of our cybersecurity risk management and the measures we have in place:

●

Risk Assessment and Management: We conduct risk assessments to identify potential cybersecurity threats and vulnerabilities. This includes evaluating the likelihood and potential impact of various threats, such as data breaches, malware attacks, and insider threats. Based on these risk assessments, we develop and implement risk management strategies to mitigate identified risks.

●

Information Security Policies and Procedures: We have established information security policies and procedures that govern the use, protection, and handling of sensitive information. These policies cover areas such as data encryption, access controls, password management, incident response, and employee training.

●

Network and Infrastructure Security: We employ a range of technical measures to secure our network and infrastructure, including firewalls, intrusion detection and prevention systems, and vulnerability assessments. We also use encryption to protect data both in transit and at rest.

●

Employee Training and Awareness: We provide cybersecurity training to employees to raise awareness of the latest threats and best practices for protecting sensitive information. This includes training on how to recognize phishing attempts, handling secure data, and reporting security incidents.

●

Third-Party Risk Management: We assess the cybersecurity practices of our third-party vendors and service providers, including conducting due diligence on vendors before engaging their services and monitoring their compliance with our security requirements.

●

Compliance and Reporting: We comply with all applicable laws and regulations related to cybersecurity, including data protection and privacy laws.

Ransomware attacks, in particular, have become more frequent and severe, potentially resulting in the encryption or theft of critical data, operational disruptions, and financial losses. A successful ransomware attack on our systems or those of our vendors could lead to prolonged business interruptions, regulatory fines, reputational damage, and substantial remediation costs. While we employ security measures designed to detect, prevent, and respond to such threats, no system is entirely immune from cyberattacks.

While we believe that our current cybersecurity measures are robust, we recognize that the cybersecurity landscape is constantly evolving, and we remain vigilant in monitoring and adapting our practices to address emerging threats. We are committed to maintaining the confidentiality, integrity, and availability of our systems and data and to protecting the interests of our clients and stakeholders.

Cybersecurity Risk Management Processes Integrated [Text Block]

Cybersecurity is an important aspect of our business operations, and we are committed to protecting our systems, data, and the information of our clients and stakeholders. We recognize that cybersecurity threats are constantly evolving and that maintaining robust security measures is an ongoing process. Below is an overview of our cybersecurity risk management and the measures we have in place:

●

Risk Assessment and Management: We conduct risk assessments to identify potential cybersecurity threats and vulnerabilities. This includes evaluating the likelihood and potential impact of various threats, such as data breaches, malware attacks, and insider threats. Based on these risk assessments, we develop and implement risk management strategies to mitigate identified risks.

●

Information Security Policies and Procedures: We have established information security policies and procedures that govern the use, protection, and handling of sensitive information. These policies cover areas such as data encryption, access controls, password management, incident response, and employee training.

●

Network and Infrastructure Security: We employ a range of technical measures to secure our network and infrastructure, including firewalls, intrusion detection and prevention systems, and vulnerability assessments. We also use encryption to protect data both in transit and at rest.

●

Employee Training and Awareness: We provide cybersecurity training to employees to raise awareness of the latest threats and best practices for protecting sensitive information. This includes training on how to recognize phishing attempts, handling secure data, and reporting security incidents.

●

Third-Party Risk Management: We assess the cybersecurity practices of our third-party vendors and service providers, including conducting due diligence on vendors before engaging their services and monitoring their compliance with our security requirements.

●

Compliance and Reporting: We comply with all applicable laws and regulations related to cybersecurity, including data protection and privacy laws.

Ransomware attacks, in particular, have become more frequent and severe, potentially resulting in the encryption or theft of critical data, operational disruptions, and financial losses. A successful ransomware attack on our systems or those of our vendors could lead to prolonged business interruptions, regulatory fines, reputational damage, and substantial remediation costs. While we employ security measures designed to detect, prevent, and respond to such threats, no system is entirely immune from cyberattacks.

While we believe that our current cybersecurity measures are robust, we recognize that the cybersecurity landscape is constantly evolving, and we remain vigilant in monitoring and adapting our practices to address emerging threats. We are committed to maintaining the confidentiality, integrity, and availability of our systems and data and to protecting the interests of our clients and stakeholders.

Cybersecurity Risk Board of Directors Oversight [Text Block]

●

Governance and Oversight: Our Board of Directors and senior management are actively involved in overseeing our cybersecurity policies and practices and managing those responsible for coordinating and implementing cybersecurity initiatives across the organization. Our Board of Directors receives updates from senior management on cybersecurity-related news events, developments in technology-related risks, threats and vulnerabilities that could pertain to the Company, and discusses with senior management updates to the Company’s risk-management responses and strategies.

Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]

Our Board of Directors receives updates from senior management on cybersecurity-related news events, developments in technology-related risks, threats and vulnerabilities that could pertain to the Company, and discusses with senior management updates to the Company’s risk-management responses and strategies.

Cybersecurity Risk Management Positions or Committees Responsible [Flag]

true

Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]

true