In the ordinary course of our business, we use, store, and transmit digitally confidential, sensitive, proprietary, personal, and health-related information. The secure maintenance of this information and our information technology systems is important to our operations and business strategy. To this end, we have implemented processes designed to assess, identify, and manage risks from potential unauthorized occurrences on or through our information technology systems that may result in adverse effects on the confidentiality, integrity, and availability of these systems and the data residing therein. These processes are managed and monitored by a third-party information technology vendor, which is overseen by our Senior Vice President of Administration, and include mechanisms, controls, technologies, systems, and other processes designed to prevent or mitigate data loss, theft, misuse, or other security incidents or vulnerabilities affecting the data and maintain a stable information technology environment. For example, we conduct vulnerability and data penetration testing, regularly review third party audits of our cloud-based technology vendors and perform ongoing regular risk assessments. We also conduct periodic employee training on cyber and information security, among other topics. In addition, to our third-party information technology vendor, we also consult with outside advisors and experts, when appropriate, to assist with assessing, identifying, and managing cybersecurity risks, including to anticipate future threats and trends, and their impact on the Company’s risk environment.

Our Senior Vice President of Administration who reports directly to the Chief Executive Officer and has over seven years of experience managing information technology and cybersecurity matters, together with our senior leadership team, is responsible for assessing and managing cybersecurity risks. We consider cybersecurity, along with other significant risks that we face, within our overall enterprise risk management framework. In the last fiscal year, we have not identified risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents, that have materially affected us, but we face certain ongoing cybersecurity risks threats that, if realized, are reasonably likely to materially affect us. Additional information on cybersecurity risks we face is

discussed in “PART I, ITEM 1A, RISK FACTORS,” under the heading “If we experience a significant disruption in our information technology systems or breaches of data security, our business could be adversely affected.”

The Board of Directors, as a whole, has oversight for the most significant risks facing us and for our processes to identify, prioritize, assess, manage, and mitigate those risks. The Board receives at least quarterly updates on cybersecurity and information technology matters and related risk exposures from our Senior Vice President, Administration as well as other members of the senior leadership team.