We recognize the critical importance of protecting our information technology ("IT") systems and the data of our employees, customers, and partners. We have an enterprise-wide cybersecurity program designed to identify, detect, investigate, protect, and respond to cybersecurity risks.

The Nominating and Corporate Governance Committee of the Board of Directors oversees our cybersecurity programs and cybersecurity team, which are led by our Vice President of Information Technology. At least semi-annual reviews are presented by the Vice President of Information Technology to the Nominating and Corporate Governance Committee demonstrating the cybersecurity practices and controls, mitigation activities, current threat levels, emerging cybersecurity threats, training initiatives, breaches, and results from any penetration testing. In addition, cybersecurity risk management is part of the enterprise risk management program and is reviewed by the Audit Committee at least annually.

We have developed an information security policy ensuring that our cybersecurity objectives are established and compatible with our strategic direction. The goal of this policy is to protect our informational assets against reasonably foreseeable internal, external, and accidental threats. Identifying and assessing cybersecurity risk is integrated into our overall risk management processes. Cybersecurity risks related to our business, operations, privacy, and compliance are identified and managed through third party assessments, internal IT audits, governance, risk and compliance reviews.

Our policies and approach to cybersecurity include several key elements: