XML 19 R7.htm IDEA: XBRL DOCUMENT v3.25.1
Cybersecurity Risk Management, Strategy and Governance
 12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Cybersecurity Risk Management and Strategy

We are dedicated to protecting the integrity, confidentiality, and availability of our data, infrastructure and operating systems. As part of our commitment to safeguarding our operations against cybersecurity threats, we employ a comprehensive strategy for the assessment, identification, and management of cybersecurity risks. We engage a managed services provider (“MSP”), which provides wide-ranging services including risk assessments, threat detection, monitoring and response strategies, security audits and cybersecurity training.

Cybersecurity Processes: We conduct robust cybersecurity processes aligned with the National Institute of Standards Technology (“NIST”) and the Cybersecurity Maturity Model Certification (“CMMC”) protocols. Our comprehensive approach includes:

An enterprise firewall;
Implementation of Multi-Factor Authentication (MFA);
Adherence to the Zero Trust model;
Utilization of Managed Detection and Response (MDR);
Endpoint Detection and Response (EDR) technologies;
24x7 Security Operations Center (SOC); and
Employment of Security Information and Event Management (SIEM) systems to continuously monitor our network and respond to threats in real time.

Risk Assessment Procedures: We conduct periodic risk assessments to identify potential cybersecurity threats and vulnerabilities within our IT infrastructure. These assessments are conducted using various software tools and methodologies that enable us to evaluate our systems critically and comprehensively. Our risk assessment process includes, but is not limited to, the analysis of:

Hardware and software configurations;
Network and data access protocols;
Encryption standards; and
Compliance with relevant industry and regulatory standards.

Threat Identification: We utilize advanced threat detection tools and services that continuously monitor our network for signs of unauthorized access, anomalies, and potential breaches. Our third-party cybersecurity provider is equipped with sophisticated detection technologies that help to swiftly identify even the most subtle signs of compromise. We focus on:

Real-time monitoring of our networks;
Regularly updated intrusion detection systems (IDS);
Deployment of endpoint detection and response (EDR) solutions; and
Utilization of threat intelligence platforms to stay abreast of emerging threats.

Threat Management: Upon identification of a potential threat, our managed service provider’s dedicated incident response team takes immediate action to mitigate any adverse impacts. Our threat management procedures include:

Immediate isolation of affected systems to prevent the spread of threats;
Application of appropriate remediation measures, such as patches and software updates;
Conducting a thorough investigation to understand the breach's nature and scope; and
Implementing enhancements to prevent future occurrences.

Our incident response plan provides a concise strategy of how we will respond to an incident, including who will respond and their roles and responsibilities, the facilities that are in place to help with the management of the incident, how decisions will be taken with regard to our response to an incident, how communication will be handled both internally and externally, and defining what will happen once the incident is resolved and how we can learn and improve from the situation.

Integration into Overall Risk Management: Our cybersecurity risk assessment processes are fully integrated into the broader risk management framework. Cybersecurity is positioned as a core component of our risk management strategy, with direct reporting to our President and COO, who is guided by our MSP firm. The MSP firm provides strategic direction on policy, procedures and best practice. The synergy between cybersecurity and risk management ensures a resilient posture against emerging cyber threats.

Engagement of Third Parties: These providers are selected based on stringent criteria for cybersecurity expertise, particularly their capability to implement and manage NIST and CMMC protocols.

Third-Party Service Provider Oversight: Our oversight processes include comprehensive due diligence checks for any new third-party service provider and continuous monitoring of our existing MSP firms activities. We have established protocols for communication and incident response that align with our managed service provider's operations, and industry best practice, ensuring swift action in the face of cybersecurity threats. Furthermore, a scheduled series of meetings has been established to procure updates and deliberate upon cybersecurity strategy with our contracted third-party providers.

Impact of Cybersecurity Risks

Material Effects from Cyber Threats: To date, our operations and financial condition have not been materially affected by cybersecurity threats, due in part to our proactive measures such as employee security training programs and advanced threat detection and response capabilities. Our defensive strategies have successfully mitigated the risks of cyber incidents.

Potential Risk Exposure: While we have not experienced significant disruptions from cyber threats, we recognize the evolving nature of cyber risks. We continually evaluate the likelihood of potential cybersecurity incidents that could materially impact our strategic direction, operational efficacy, and financial stability. Our investment in training, alongside our sophisticated SOC, SIEM, and Zero Trust architecture, positions us to identify and address potential cybersecurity challenges promptly.

Cybersecurity Governance

Our executive team is actively involved in overseeing our cybersecurity operations to ensure that they meet industry standards. The executive team provides regular updates to the Board—specifically the audit committee—on the status of our cybersecurity efforts, including any potential risks, threats or incidents.

Our President and COO, with guidance from our third-party MSP, manages our cybersecurity risk management and strategy process. Collectively, our consultants have 50+ years’ experience in the cybersecurity industry in various roles.

Processes for Informing the Board: The audit committee is regularly informed about cybersecurity risks through quarterly briefings from our President and COO. These briefings may include risk assessment reports, incident response updates, changes to the cybersecurity landscape, and other relevant information. In the case of a cybersecurity incident that meets reporting thresholds, the audit committee will be promptly notified and will receive continual updates until the situation is remedied.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block]

Integration into Overall Risk Management: Our cybersecurity risk assessment processes are fully integrated into the broader risk management framework. Cybersecurity is positioned as a core component of our risk management strategy, with direct reporting to our President and COO, who is guided by our MSP firm. The MSP firm provides strategic direction on policy, procedures and best practice. The synergy between cybersecurity and risk management ensures a resilient posture against emerging cyber threats.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block]

Our executive team is actively involved in overseeing our cybersecurity operations to ensure that they meet industry standards. The executive team provides regular updates to the Board—specifically the audit committee—on the status of our cybersecurity efforts, including any potential risks, threats or incidents.

Our President and COO, with guidance from our third-party MSP, manages our cybersecurity risk management and strategy process. Collectively, our consultants have 50+ years’ experience in the cybersecurity industry in various roles.

Processes for Informing the Board: The audit committee is regularly informed about cybersecurity risks through quarterly briefings from our President and COO. These briefings may include risk assessment reports, incident response updates, changes to the cybersecurity landscape, and other relevant information. In the case of a cybersecurity incident that meets reporting thresholds, the audit committee will be promptly notified and will receive continual updates until the situation is remedied.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]

Our incident response plan provides a concise strategy of how we will respond to an incident, including who will respond and their roles and responsibilities, the facilities that are in place to help with the management of the incident, how decisions will be taken with regard to our response to an incident, how communication will be handled both internally and externally, and defining what will happen once the incident is resolved and how we can learn and improve from the situation.

Our executive team is actively involved in overseeing our cybersecurity operations to ensure that they meet industry standards. The executive team provides regular updates to the Board—specifically the audit committee—on the status of our cybersecurity efforts, including any potential risks, threats or incidents.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]

Processes for Informing the Board: The audit committee is regularly informed about cybersecurity risks through quarterly briefings from our President and COO. These briefings may include risk assessment reports, incident response updates, changes to the cybersecurity landscape, and other relevant information. In the case of a cybersecurity incident that meets reporting thresholds, the audit committee will be promptly notified and will receive continual updates until the situation is remedied.

Cybersecurity Risk Role of Management [Text Block]

Our President and COO, with guidance from our third-party MSP, manages our cybersecurity risk management and strategy process. Collectively, our consultants have 50+ years’ experience in the cybersecurity industry in various roles.

Processes for Informing the Board: The audit committee is regularly informed about cybersecurity risks through quarterly briefings from our President and COO. These briefings may include risk assessment reports, incident response updates, changes to the cybersecurity landscape, and other relevant information. In the case of a cybersecurity incident that meets reporting thresholds, the audit committee will be promptly notified and will receive continual updates until the situation is remedied.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Expertise of Management Responsible [Text Block]

Our President and COO, with guidance from our third-party MSP, manages our cybersecurity risk management and strategy process. Collectively, our consultants have 50+ years’ experience in the cybersecurity industry in various roles.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true