v3.25.1
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Mar. 31, 2025
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Item 1C. Cybersecurity

 

Risk Management and Strategy

 

The Company’s cybersecurity risk management program is integrated with its overall enterprise risk management program and shares common methodologies, reporting channels and governance processes that apply across functions to other legal, compliance, strategic, operational, and financial risk areas.

 

The Company designs and assesses the cybersecurity risk management program based on the National Institute of Standards and Technology Cybersecurity Framework (“NIST CSF”). The Company uses the NIST CSF as a guide to help identify, assess, and manage cybersecurity risks relevant to its business; this does not imply that the Company’s cybersecurity program meets any particular technical standards, specifications, or requirements.

 

The cybersecurity risk management program is grounded in a zero-trust framework and employs a multi-layered approach, including:

 

Awareness and training for employees, involving phishing campaigns, informational sessions at management meetings, and annual mandatory training with simulations of common cybersecurity threats;
 

Security tools and technologies, along with control policies and active review procedures which strengthen authentication and access protection;
 

Third-party risk management process and monitoring procedures for service providers, suppliers, and vendors who have access to critical systems and information;
 

Risk and vulnerability management encompassing both proactive and predictive defenses which provides opportunities to assess, remediate, and validate; and
 

Managed detection and incident response, including advanced endpoint protection and data loss prevention.

 

In evaluating the risks identified as a part of the annual assessment process, the Company’s information technology team considers the likelihood and severity of the respective risk and the potential impact of the risk on the Company, its customers, and its employees. These risks are then prioritized and monitored by the information technology team.

 

The Company conducts periodic testing of software, hardware, defensive capabilities, and other information security systems to assess its cybersecurity readiness and maturity of the cybersecurity program. Tests are conducted by the information technology team and reputable third-party consultants and auditors. In developing and evaluating the testing procedures, the Company considers both its individual risks and industry standards.

 

The cybersecurity risk management program includes an incident response plan with a cross-functional team comprised of designated members of the information technology department, senior management, and other appropriate individuals. The team is responsible for assessing and managing the cybersecurity incident response process, as outlined within the incident response plan, and taking necessary corrective actions to mitigate and eliminate the issue.

 

As of the date of this report, the Company is not aware of any cybersecurity incidents that have materially affected or are reasonably likely to materially affect the Company, including its business strategy, results of operations, or financial condition that are required to be reported in this Form 10-K. For further discussion of the risks associated with cybersecurity incidents and potential impact to the Company, see the cybersecurity risk factor within “Item 1A. Risk Factors” in this Form 10-K.
Cybersecurity Risk Management Processes Integrated [Text Block] In evaluating the risks identified as a part of the annual assessment process, the Company’s information technology team considers the likelihood and severity of the respective risk and the potential impact of the risk on the Company, its customers, and its employees. These risks are then prioritized and monitored by the information technology team.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block]

Governance

 

The information technology department, led by the Senior Vice President of Technology and Planning, Chief Information Officer (“CIO”), is responsible for the Company’s cybersecurity program. The CIO, along with the certified Information Security Officer and the VP of Information Technology have significant experience spanning over 20 years in information security, infrastructure, and compliance.

 

The Board of Directors considers cybersecurity risk as part of its overall risk oversight function. The Board of Directors receives briefings from the CIO regarding the Company’s cybersecurity risk management program at least annually. These briefings include updates on the Company’s cybersecurity risks and threats, the status of projects to strengthen the information security systems, assessments of the information security program, and the emerging cybersecurity threat landscape.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] These briefings include updates on the Company’s cybersecurity risks and threats, the status of projects to strengthen the information security systems, assessments of the information security program, and the emerging cybersecurity threat landscape.
Cybersecurity Risk Role of Management [Text Block] The cybersecurity risk management program includes an incident response plan with a cross-functional team comprised of designated members of the information technology department, senior management, and other appropriate individuals. The team is responsible for assessing and managing the cybersecurity incident response process, as outlined within the incident response plan, and taking necessary corrective actions to mitigate and eliminate the issue.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] The CIO, along with the certified Information Security Officer and the VP of Information Technology have significant experience spanning over 20 years in information security, infrastructure, and compliance.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true