Risk Management and Strategy

Our cybersecurity program is designed to detect cybersecurity threats and vulnerabilities, protect our information systems from such threats, and ensure the confidentiality, integrity, and availability of systems and information used, owned, or managed by us. Our focus is on protecting sensitive information, such as the personal information of our customers and employees, and confidential business information that a competitor or a malicious actor could leverage. Our cybersecurity program has several components, including the adoption of information security protocols, standards, and guidelines consistent with industry best practices and engaging third-party service providers to conduct security assessments.

We have established policies and processes for assessing, identifying, and managing material risk from cybersecurity threats and have integrated these processes into our overall risk management systems and processes. We conduct regular risk assessments to identify cybersecurity threats and assessments in the event of a material change in our business practices that may affect information systems that are vulnerable to such cybersecurity threats. These risk assessments include identifying reasonably foreseeable internal and external risks, the likelihood and potential damage that could result from such risks, and the sufficiency of existing policies, procedures, systems, and safeguards in place to manage such risks. Following these risk assessments, we implement and maintain reasonable safeguards to minimize identified risks, reasonably address any identified gaps in existing safeguards, and regularly monitor the effectiveness of our safeguards.

We have implemented technical solutions designed to protect our information systems from cybersecurity threats, including firewalls, intrusion prevention and detection systems, antimalware and endpoint protection functionality, and access and identity controls. We regularly evaluate, monitor, and improve these solutions. As part of our overall risk management system, we monitor and test our safeguards and train our employees on these safeguards.

We have not experienced any cybersecurity incidents that have been determined to affect us materially, our business strategy, results of operations, or financial condition. As external events evolve, we will continue to evaluate and address these conditions as needed.

Our cybersecurity program is designed to detect cybersecurity threats and vulnerabilities, protect our information systems from such threats, and ensure the confidentiality, integrity, and availability of systems and information used, owned, or managed by us. Our focus is on protecting sensitive information, such as the personal information of our customers and employees, and confidential business information that a competitor or a malicious actor could leverage. Our cybersecurity program has several components, including the adoption of information security protocols, standards, and guidelines consistent with industry best practices and engaging third-party service providers to conduct security assessments.

We have established policies and processes for assessing, identifying, and managing material risk from cybersecurity threats and have integrated these processes into our overall risk management systems and processes. We conduct regular risk assessments to identify cybersecurity threats and assessments in the event of a material change in our business practices that may affect information systems that are vulnerable to such cybersecurity threats. These risk assessments include identifying reasonably foreseeable internal and external risks, the likelihood and potential damage that could result from such risks, and the sufficiency of existing policies, procedures, systems, and safeguards in place to manage such risks. Following these risk assessments, we implement and maintain reasonable safeguards to minimize identified risks, reasonably address any identified gaps in existing safeguards, and regularly monitor the effectiveness of our safeguards.

We have implemented technical solutions designed to protect our information systems from cybersecurity threats, including firewalls, intrusion prevention and detection systems, antimalware and endpoint protection functionality, and access and identity controls. We regularly evaluate, monitor, and improve these solutions. As part of our overall risk management system, we monitor and test our safeguards and train our employees on these safeguards.

Governance

One of the key functions of our Board of Directors is informed oversight of our risk management process, including risks from cybersecurity threats. Our Board of Directors is responsible for monitoring and assessing strategic risk exposure, and our executive officers are responsible for the day-to-day management of the material risks we face. Our Board of Directors administers its cybersecurity risk oversight function directly as a whole.