Item 1C. Cybersecurity

 

Risk Management and Strategy

 

Management is to perform a corporate risk assessment annually, which includes specific consideration and assessment of cybersecurity risk, proportional to the size of the Company. Service providers must meet certain security requirements such as security incident or data breach notification and response protocols, data encryption requirements, and data disposal commitments.

 

In managing cybersecurity risk, we employ a defense-in-depth strategy and regularly monitor our cyber environment for potential new threats. Our strategy includes employee training and awareness on cybersecurity risks and related best practices, required password complexity, the use of multi-factor authentication, information security protocols, anti-virus and anti-ransomware software.

 

Governance

 

Our Board of Directors provides oversight of our cybersecurity program through an annual risk review. On an annual basis, cybersecurity risk and mitigation strategies are reviewed as part of management’s reporting to the Board of Directors, which includes the reporting of significant business risks, including cybersecurity mitigation strategies employed to manage these risks, and a review of any emerging risks. Annually, management is to provide an overview of our cybersecurity program to the Board of Directors, including a review of key strategies, emerging risks, and a summary of key performance indicators.