CYBERSECURITY

 

Our management and Board of Directors (the “Board”) recognize the importance of maintaining the security and resiliency of our cybersecurity environment to deliver on the expectations of our customers, business partners, employees, and investors. The Board is involved in our risk management practices. Overall, the purpose of our information security program is to protect the confidentiality, integrity and availability of our systems and data, along with the safe operation of our systems.

Technical safeguards

 

We deploy technical safeguards that are designed to protect our systems from cybersecurity threats, including firewalls, anti-malware software, and authentication and authorization controls.

Security awareness and training

 

We provide ongoing security awareness and training to educate internal users on how to identify and report potential issues. Phishing emails are discussed on a regular basis with employees to ensure proper protocols are followed. We also provide periodic updates to employees on emerging cybersecurity trends and ways to protect themselves and our company.

Governance of Cybersecurity Risks

The Audit Committee of the Board has the primary responsibility for oversight and review of guidelines and policies with respect to risk assessment and risk management, including cybersecurity. The Company’s Chief Executive Officer, President, and Chief Financial Officer are responsible for assessing and managing cybersecurity risks. The Company’s management periodically reports on cybersecurity issues and presents information to our Audit Committee as well as our full Board, as appropriate, on cybersecurity matters.

Upon verifying that a cybersecurity incident has occurred or is occurring, the Chief Executive Officer, President and Chief Financial Officer will promptly conduct a preliminary assessment of the severity level of the cybersecurity incident. Following this assessment, the Chief Executive Officer will determine whether to report the cybersecurity incident to the Audit Committee, who will then report such cybersecurity incident to the Board as the chair deems appropriate.

Material Impact of Cybersecurity Risks

We have not experienced a material information security breach incident, and we are not aware of any cybersecurity risks that are reasonably likely to materially affect our business. However, future incidents could have a material impact on our business strategy, results of operations or financial condition. For additional discussion of the risks posed by cybersecurity threats, see “Item 1A. Risk Factors— Risks to our Business— We are dependent on information technology and our systems and infrastructure face certain risks, including from cybersecurity breaches and data leakage.”