ITEM 1C. CYBERSECURITY

 

Our system of internal controls includes consideration of cybersecurity risks. We use technology and control procedures designed to mitigate cybersecurity risks, with our management team working to monitor, identify, assess, and respond to potential cybersecurity incidents that may threaten the Company. The system of controls also focuses on security awareness and training for employees with access to Company systems. Company management periodically reviews system and organization control reports (SOC 1, Type 2) for key outsourced information systems to ensure that third-party data processing is subject to appropriate controls and security measures.

 

We have engaged with a third-party information technology firm to assess our vulnerabilities and help us mitigate cybersecurity-related risks.

 

 

Management is responsible for the operational oversight of company-wide cybersecurity strategy, policy, and standards across relevant departments to assess and help prepare us to address cybersecurity risks. As part of our overall risk management system, we monitor and test our safeguards and train our employees on these safeguards. Personnel at all levels and departments are made aware of our cybersecurity policies through trainings and necessary implementations.

 

One of the key functions of our Board is informed oversight of our risk management process, including risks from cybersecurity threats. Our Board is responsible for monitoring and assessing strategic risk exposure, and management is responsible for the day-to-day management of any material risks that may arise. Our Board receives periodic updates from management regarding cybersecurity matters and is notified between such updates regarding any significant new cybersecurity threats or incidents, if any. We do not believe that there are currently any known risks from cybersecurity threats that are reasonably likely to materially affect us or our business strategy, results of operations or financial condition.

 

As of April 30, 2024, we have not identified an indication of a cybersecurity incident that would have a material impact on our business and consolidated financial statements. For further discussion of cybersecurity risks, please refer to Item 1A. Risk Factors.