Item 1C.

Cybersecurity

 

Risk Management and Strategy

 

Cyber Security Governance

 

Oversight of cybersecurity infrastructure is managed by members of our management team, including our President & Chief Executive Officer. Management works in tandem with a third-party service provider (the “Service Provider”). The Service Provider periodically reviews and updates our antivirus and antimalware software, manages our Business Continuity and Disaster Recovery system, reviews our vulnerability management and ensures our system is Payment Card Industry (PCI) compliant. Given our overall risk profile, the Board has had limited involvement with our cybersecurity risk management. The management team, with support from the Service Provider, would raise any significant cybersecurity risks with the Board.

 

Risk Management and Strategy

 

We believe we have implemented processes that are designed to effectively identify and manage risks from cybersecurity threats. Through our Service Provider, we receive Endpoint Detection and Response services (“EDR”). The EDR helps to ensure faster identification of a cybersecurity breach. Once a cyber incident is identified, our Service Provider will notify management and work to secure our systems and fix the vulnerability. An investigation will be conducted, with the assistance of the Service Provider if needed, to determine the root cause of the cyber incident, the materiality of the cyber incident, and any disclosure or legal obligations that will stem from the cyber incident.

 

We have not been the victim of a cyber incident in the past but may be the subject of cyber incidents in the future.

 

 

Back SEC Filing Thank you for subscribing