Risk Management and Strategy

Our company is guided by a comprehensive cybersecurity framework to assess, identify, and manage material risks from cybersecurity threats. This framework is integrated into our overall quality and risk management system and is designed to protect our systems, data, and operations from cybersecurity threats. The framework includes policies to protect confidential information, guide periodic risk assessments, oversee and identify risks from cybersecurity threats associated with our use of third-party services providers, including through the use of a third-party risk management policy that accounts for such risks, and an incident response plan designed to detect, respond to, and recover from cyber incidents. Under this framework we may engage consultants and other third parties to assist in conducting cybersecurity risk assessments, implementing mitigation strategies, and testing the effectiveness of our cybersecurity controls.

There can be no guarantee that our policies and procedures will ultimately prove to be effective in every instance, especially considering evolving risk. Although our Risk Factors include further detail about the material cybersecurity risks we face, we believe that these risks have not materially affected our business to date. We can provide no assurance that there will not be incidents in the future or that they will not materially affect us, including our business strategy, results of operations, or financial condition.

Governance

Our Board of Directors is responsible for monitoring and assessing strategic risk exposure related to cybersecurity risks, and our executive officers are responsible for the day-to-day assessment and management of the material risks we face. Our Board of Directors administers its cybersecurity risk oversight function through the Audit Committee.

Our Chief Operating Officer and Systems Administrator are primary responsible for assessing and managing the cybersecurity risks we face under our policies and procedures, including those described in “Risk Management and Strategy” above. Our Chief Operating Officer is primarily responsible for reporting any material cybersecurity related incidents to our Audit Committee.