Risk Management

We have in place certain infrastructure, systems, policies, and procedures that are designed to proactively and reactively address circumstances that arise when an unexpected cybersecurity incident occurs. These include processes for assessing, identifying, and managing material risks from cybersecurity threats. Our internal procedures dictate that we evaluate and evolve our security measures as appropriate. Identifying, assessing, and managing cybersecurity risk is integrated into our overall internal controls approach. Additionally, we have in place cybersecurity and data privacy policies designed to (a) respond to new requirements in global privacy laws and (b) prevent, detect, respond to, mitigate and recover from identified and significant cybersecurity threats. Refer to “Item 1A. Risk Factors” in this annual report on Form 10-K for additional information about cybersecurity-related risks.

Governance

During the first quarter of 2024, information security matters reporting, including managing and assessing risks from cybersecurity threats, have been established under the oversight of the Audit Committee of the Board or the “Audit Committee.” The Audit Committee also reviews the adequacy and effectiveness of the Company’s information security policies and practices and the internal controls regarding information security risks. Our security efforts are managed by a team of IT professionals who oversee the daily responsibilities of managing cybersecurity identification and threats. Going forward, the Audit Committee receives regular information security updates from management, including our Chief Technology Officer, who the board designated as the Chief Information Security Officer. The management team has established a quarterly rhythm to keep the Board and Audit Committee apprised of identified risks, ongoing risk management and changes in procedure to ensure transparency in the Company’s governance over cybersecurity.