The Company has processes for assessing, identifying, and managing material risks from cybersecurity threats. These processes are integrated into the Company’s overall risk management systems, as overseen by the Company’s chief executive officer and board of directors. The Company engages information technology “managed service providers” (MSPs) to manage the Company’s computer and information systems at its three office locations and remote locations. The MSPs are responsible for evaluating and testing the Company’s risk management systems and assessing and remediating potential cybersecurity incidents as appropriate.

The executives in charge of each physical office location are responsible for assessing and managing cybersecurity risks for their locations, and the Company’s chief executive officer is responsible for assessing and managing cybersecurity risks to the Company as a whole. Because none of these individuals has specific training or experience in managing cybersecurity risks, MSPs that have expertise and experience in doing so are retained and relied upon. Our chief executive officer is responsible for escalating any cybersecurity matters as appropriate, in consultation with our legal counsel. Our board of directors is ultimately responsible for oversight of cybersecurity risk management and receives regular reports from Company management.