ITEM 1C.  CYBERSECURITY

 

Risk Management and Strategy

 

We have processes for assessing, identifying, and managing material risks from cybersecurity threats. These processes are integrated into our overall risk management systems and include overseeing and identifying risks from cybersecurity threats associated with the use of third-party service providers. We conduct security assessments of certain third-party providers before engagement and have established monitoring procedures in its effort to mitigate risks related to data breaches or other security incidents originating from third parties.

 

Governance

 

Board of Directors

 

The Audit Committee of our Board (the “Audit Committee”) oversees, among other things, the controls designed to assess, identify, and manage material risks from cybersecurity threats. The Audit Committee is informed of material risks from cybersecurity threats pursuant to the escalation criteria as set forth in our disclosure controls and procedures. Further, our Chief Financial Officer and our VP of Technology report on cybersecurity matters, including material risks and threats, to the Audit Committee, and the Audit Committee provides updates to our Board, in each case as frequently as is appropriate.

 

Management

 

Under the oversight of the Audit Committee, and as directed by our Chief Financial Officer, our VP of Technology, has established policies for and is primarily responsible for overseeing our cybersecurity incident response plan and related processes that are designed to assess and manage material risks from cybersecurity threats. Our VP of Technology has over 20 years of experience in the technology industry, with much of that experience in smaller companies and in software architecture and implementation. Our Chief Financial Officer and our VP of Technology are informed about and monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents pursuant to criteria set forth in our incident response plan. In addition, our Chief Financial Officer and our VP of Technology also coordinate with our legal counsel to assess and manage material risks from cybersecurity threats. Our Chief Financial Officer and our VP of Technology provide updates annually or more frequently as appropriate to the Audit Committee.

 

As of the date of this Annual Report, we are not aware of any cybersecurity threats that have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations or financial condition.