Cybersecurity Risk Management and Strategy Disclosure |
12 Months Ended |
|---|---|
Dec. 31, 2024 | |
| Cybersecurity Risk Management, Strategy, and Governance [Line Items] | |
| Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] | Cybersecurity risk management is a critical part of our overall risk management efforts. We have developed and implemented a cybersecurity risk management program intended to protect the confidentiality, integrity, and availability of our key systems and information. This program leverages the security-control principles outlined by the National Institute of Standards and Technology ("NIST") Cybersecurity Framework 2.0 and other industry-recognized standards, as applicable. Our program prioritizes detection, analysis, and response to known, anticipated or unexpected threats. Some of the processes in place to manage risks from cybersecurity threats include identity and access management, logging and monitoring, penetration testing, vulnerability scanning, security monitoring, employee awareness training, and professional services from third-party providers. As cybersecurity threats evolve, we assess our program and make enhancements as needed to address emerging risks, adopt best practices, and strengthen our overall security posture. Our cybersecurity risk management program in particular focuses on the following key areas: Risk Assessment and Management At least annually, we conduct a cybersecurity risk assessment to identify key cybersecurity risks, assess the likelihood of the identified risks, and the potential business impact, and develop related mitigation and enhance plans. Our cyber risk management initiatives are integrated within the Company’s overall risk management process. The Company uses various techniques to identify cybersecurity risks, including but not limited to input from internal stakeholders, known and potential information security vulnerabilities identified through historical incidents and self-performed assessments, evaluations from third-party consultants, as well as external data including reported security incidents impacting other companies, and industry trends. The results of the assessment are used to drive alignment on prioritization of initiatives to enhance our security controls and measures, make recommendations to senior management, and if necessary, but at least annually, inform the Audit Committee and Board of Directors. Incident Response and Recovery Planning We maintain a comprehensive Incident Response and Recovery Plan (IRR Plan) designed to guide our preparation for, detection, response to, and recovery efforts in the event of cybersecurity incidents. The IRR Plan establishes clear roles and responsibilities for a cross-functional team (IR Team) tasked with handling cybersecurity incidents. The plan outlines a structured approach to managing incidents from the technical perspective, including monitoring, identification, investigation, assessment, containment, remediation, and mitigation. Additionally, the IRR Plan also addresses compliance with legal and reporting obligations, including any required notifications to affected parties, regulatory agencies, or the public, and reporting requirements with the SEC. Cybersecurity incidents are evaluated based on their severity, potential impact, and likelihood of escalation, and are prioritized for response, remediation, and disclosure as necessary. The IRR Plan is regularly reviewed and updated as necessary to incorporate improvements and enhance the organization's overall incident response capabilities. Should a cybersecurity event occur, the IR Team would review and assess the incident and determine whether further escalation and regulatory reporting is required. Any incident assessed as potentially being or becoming material is immediately escalated to the Audit Committee, and meetings of the Audit Committee and/or full Board of Directors would be held, as required. We consult with our outside legal counsel as appropriate, including on materiality analysis and disclosure matters. Senior management makes the final materiality determination and disclosure decisions. We maintain controls and procedures that are designed to ensure prompt escalation of certain cybersecurity incidents so that decisions regarding public disclosure and reporting of such incidents can be made in a timely manner. Collaboration We periodically engage third-party cybersecurity experts to assess and enhance our cybersecurity risk management program, and to ensure compliance with industry best practices and applicable standards. These partnerships enable us to stay ahead of evolving threats and implement robust strategies to protect critical systems and data in the event of cybersecurity incidents. Internally, our cybersecurity initiatives are led by our Information Technology ("IT") team headed by our experienced IT Manager, who is a Microsoft Certified Professional and holds certifications in CompTIA Network+ and Cisco Networking. During 2024, we also onboarded a Director of IT Research & Development with over 15 years of experience in IT, systems development, and cybersecurity frameworks, including senior roles at Fortune 500 companies. Both these IT leaders play a key role in driving strategies and solutions for system protection and incident management. We have also established an IT steering committee consisting of members from various key departments including IT, Finance, Operations, and Human Resources. The IT steering committee convenes regularly to review and align on IT strategic priorities, including the cybersecurity risk management program. This cross-functional approach ensures that cybersecurity efforts are integrated across the organization and that emerging risks are addressed proactively. In addition, we emphasize a company-wide culture of cybersecurity awareness. Employees are required to participate in mandatory training sessions at least annually, covering topics such as phishing recognition and threat response protocols. Other regular and ongoing security communications are also provided to reinforce these lessons and ensure that cybersecurity remains a priority at every level of the organization. Further, we work closely with third-party software as a service providers and other service partners to manage and mitigate security risks by implementing robust policies and procedures. Our process includes conducting thorough risk assessments during onboarding and requiring providers to maintain and implement strong security measures within their respective organizations. We mandate contractual obligations for timely notification of any material data breaches, enabling us to respond quickly to protect our data and operations.
|
| Cybersecurity Risk Management Processes Integrated [Flag] | true |
| Cybersecurity Risk Management Processes Integrated [Text Block] | Cybersecurity risk management is a critical part of our overall risk management efforts. We have developed and implemented a cybersecurity risk management program intended to protect the confidentiality, integrity, and availability of our key systems and information. This program leverages the security-control principles outlined by the National Institute of Standards and Technology ("NIST") Cybersecurity Framework 2.0 and other industry-recognized standards, as applicable. Our program prioritizes detection, analysis, and response to known, anticipated or unexpected threats. Some of the processes in place to manage risks from cybersecurity threats include identity and access management, logging and monitoring, penetration testing, vulnerability scanning, security monitoring, employee awareness training, and professional services from third-party providers. As cybersecurity threats evolve, we assess our program and make enhancements as needed to address emerging risks, adopt best practices, and strengthen our overall security posture.
|
| Cybersecurity Risk Management Third Party Engaged [Flag] | true |
| Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] | true |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] | false |
| Cybersecurity Risk Board of Directors Oversight [Text Block] | Our Board of Directors has oversight of our strategic and business risk management, and has delegated cybersecurity risk management oversight to the Audit Committee. |
| Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] | Our Board of Directors has oversight of our strategic and business risk management, and has delegated cybersecurity risk management oversight to the Audit Committee. Members of the Audit Committee receive updates on an as-needed basis, but at least annually, from senior management. |
| Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] | Members of the Audit Committee receive updates on an as-needed basis, but at least annually, from senior management. This includes existing and new cybersecurity risks, how management is assessing and addressing such risks, status on key information security initiatives, and cybersecurity incidents, if any, and responses. Members of our Board of Directors also engage in ad hoc conversations with management on cybersecurity-related news events and discuss any updates to our cybersecurity risk management program. |
| Cybersecurity Risk Role of Management [Text Block] | Risk Assessment and Management At least annually, we conduct a cybersecurity risk assessment to identify key cybersecurity risks, assess the likelihood of the identified risks, and the potential business impact, and develop related mitigation and enhance plans. Our cyber risk management initiatives are integrated within the Company’s overall risk management process. The Company uses various techniques to identify cybersecurity risks, including but not limited to input from internal stakeholders, known and potential information security vulnerabilities identified through historical incidents and self-performed assessments, evaluations from third-party consultants, as well as external data including reported security incidents impacting other companies, and industry trends. The results of the assessment are used to drive alignment on prioritization of initiatives to enhance our security controls and measures, make recommendations to senior management, and if necessary, but at least annually, inform the Audit Committee and Board of Directors. Incident Response and Recovery Planning We maintain a comprehensive Incident Response and Recovery Plan (IRR Plan) designed to guide our preparation for, detection, response to, and recovery efforts in the event of cybersecurity incidents. The IRR Plan establishes clear roles and responsibilities for a cross-functional team (IR Team) tasked with handling cybersecurity incidents. The plan outlines a structured approach to managing incidents from the technical perspective, including monitoring, identification, investigation, assessment, containment, remediation, and mitigation. Additionally, the IRR Plan also addresses compliance with legal and reporting obligations, including any required notifications to affected parties, regulatory agencies, or the public, and reporting requirements with the SEC. Cybersecurity incidents are evaluated based on their severity, potential impact, and likelihood of escalation, and are prioritized for response, remediation, and disclosure as necessary. The IRR Plan is regularly reviewed and updated as necessary to incorporate improvements and enhance the organization's overall incident response capabilities. Should a cybersecurity event occur, the IR Team would review and assess the incident and determine whether further escalation and regulatory reporting is required. Any incident assessed as potentially being or becoming material is immediately escalated to the Audit Committee, and meetings of the Audit Committee and/or full Board of Directors would be held, as required. We consult with our outside legal counsel as appropriate, including on materiality analysis and disclosure matters. Senior management makes the final materiality determination and disclosure decisions. We maintain controls and procedures that are designed to ensure prompt escalation of certain cybersecurity incidents so that decisions regarding public disclosure and reporting of such incidents can be made in a timely manner. Collaboration We periodically engage third-party cybersecurity experts to assess and enhance our cybersecurity risk management program, and to ensure compliance with industry best practices and applicable standards. These partnerships enable us to stay ahead of evolving threats and implement robust strategies to protect critical systems and data in the event of cybersecurity incidents. Internally, our cybersecurity initiatives are led by our Information Technology ("IT") team headed by our experienced IT Manager, who is a Microsoft Certified Professional and holds certifications in CompTIA Network+ and Cisco Networking. During 2024, we also onboarded a Director of IT Research & Development with over 15 years of experience in IT, systems development, and cybersecurity frameworks, including senior roles at Fortune 500 companies. Both these IT leaders play a key role in driving strategies and solutions for system protection and incident management. We have also established an IT steering committee consisting of members from various key departments including IT, Finance, Operations, and Human Resources. The IT steering committee convenes regularly to review and align on IT strategic priorities, including the cybersecurity risk management program. This cross-functional approach ensures that cybersecurity efforts are integrated across the organization and that emerging risks are addressed proactively. In addition, we emphasize a company-wide culture of cybersecurity awareness. Employees are required to participate in mandatory training sessions at least annually, covering topics such as phishing recognition and threat response protocols. Other regular and ongoing security communications are also provided to reinforce these lessons and ensure that cybersecurity remains a priority at every level of the organization.
|
| Cybersecurity Risk Management Positions or Committees Responsible [Flag] | true |
| Cybersecurity Risk Management Positions or Committees Responsible [Text Block] | We have also established an IT steering committee consisting of members from various key departments including IT, Finance, Operations, and Human Resources. The IT steering committee convenes regularly to review and align on IT strategic priorities, including the cybersecurity risk management program. This cross-functional approach ensures that cybersecurity efforts are integrated across the organization and that emerging risks are addressed proactively. In addition, we emphasize a company-wide culture of cybersecurity awareness. Employees are required to participate in mandatory training sessions at least annually, covering topics such as phishing recognition and threat response protocols. Other regular and ongoing security communications are also provided to reinforce these lessons and ensure that cybersecurity remains a priority at every level of the organization.
|
| Cybersecurity Risk Management Expertise of Management Responsible [Text Block] | Internally, our cybersecurity initiatives are led by our Information Technology ("IT") team headed by our experienced IT Manager, who is a Microsoft Certified Professional and holds certifications in CompTIA Network+ and Cisco Networking. During 2024, we also onboarded a Director of IT Research & Development with over 15 years of experience in IT, systems development, and cybersecurity frameworks, including senior roles at Fortune 500 companies. Both these IT leaders play a key role in driving strategies and solutions for system protection and incident management.
|
| Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] | Members of the Audit Committee receive updates on an as-needed basis, but at least annually, from senior management. This includes existing and new cybersecurity risks, how management is assessing and addressing such risks, status on key information security initiatives, and cybersecurity incidents, if any, and responses. Members of our Board of Directors also engage in ad hoc conversations with management on cybersecurity-related news events and discuss any updates to our cybersecurity risk management program. |
| Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] | true |