ITEM 1C. CYBERSECURITY

 

Risk Management and Strategy

 

We recognize the importance of assessing, identifying, and managing material risks associated with cybersecurity threats, as such term is defined in Item 106(a) of Regulation S-K. To identify and assess material risks from cybersecurity threats, our enterprise risk management program considers cybersecurity risks alongside other company risks as part of our overall risk assessment process. Our cybersecurity risk management strategy prioritizes (i) detection, analysis, and response to known, anticipated, or unexpected threats, (ii) effective management of security risks, and (iii) resiliency against incidents.

 

We have implemented several cybersecurity processes, technologies, and controls to aid in our efforts to assess, identify, and manage material risks associated with cybersecurity threats. Such processes include technical security controls, policy enforcement mechanisms, monitoring systems, employee training, contractual arrangements, tools and related services from third-party providers, and management oversight.

 

Our risk-based control principles are based on the standards set by the National Institute of Standards and Technology (NIST), other industry-recognized standards, and contractual requirements, as applicable. Through these controls, we seek to maintain an information technology infrastructure that implements physical, administrative, and technical controls that are calibrated based on risk and designed to protect the confidentiality, integrity, and availability of our information systems and information stored on our networks.

 

As part of our cybersecurity risk management strategy, we periodically engage with consultants, auditors, and other third parties to help identify areas for continued focus, improvement, and compliance. We also incorporate cybersecurity risk management considerations in our processes for selecting, evaluating, and overseeing third-party providers.

 

In the last fiscal year, we have not identified risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents, that have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations, or financial condition.

 

Governance

 

The Audit Committee of our Board of Directors is responsible for board-level oversight of risks from cybersecurity threats, and the Audit Committee reports back to the full Board of Directors about this and other areas within its responsibility. As part of its oversight role, the Audit Committee receives reporting about our cybersecurity risk management and strategy processes covering topics such as data security, results from third-party assessments, progress towards cybersecurity risk management goals, our incident response plan, notable threats or incidents, and other developments related to cybersecurity, including through periodic updates from the Company’s CEO, other management team members, and consultants.

 

Our cybersecurity risk management and strategy processes are led by Gerbrand van Heerden (CFO). Such individual has over 20 years of prior work experience in various roles involving managing information security, developing cybersecurity strategy, implementing effective information and cybersecurity programs, as well as several relevant degrees and certifications.