Cybersecurity
|
12 Months Ended |
Dec. 31, 2025 |
|---|
| Cybersecurity Risk Management Strategy And Governance [Abstract] |
|
| Cybersecurity Risk Management Processes For Assessing Identifying And Managing Threats [Text Block] |
Risk Management and Strategy: Coronado uses software tools to identify, assess, and manage material risks from cybersecurity threats. Coronado heavily relies on information technology systems throughout its operations and acknowledges the critical importance of safeguarding its digital assets and protecting sensitive information. Regular security assessments, including penetration tests, are conducted to monitor our data security against global standards. Coronado also maintains a suite of security measures to help defend against unauthorized access and misappropriation of technology. Additionally, the Coronado IT department distributes training and awareness information to personnel covering email security, password security, data handling security, enterprise resource planning systems and cloud security. Coronado’s cybersecurity risk management is integrated into its Group risk management processes, which are governed by the Group Risk Management Framework and Risk Management Policy. The Risk Management Framework and Risk Management Policy outline: • Risk management responsibilities; • Risk assessment frequency; • Risk assessment criteria (likelihood and consequence); • The requirement to implement internal controls; and • The level within the organization risk assessments are to be performed. Certain key controls incorporated into Coronado’s internal control processes are linked to cybersecurity risks, including controls over access and change management for key financial systems. Where the management of these key financial systems is outsourced to third parties, Coronado obtains assurance reports on the effectiveness of key vendor controls. Additionally, Coronado uses third parties to conduct cybersecurity penetration testing at Coronado's U.S. and Australian operations. In 2023, Coronado created the Digital Advisory Committee, or DAC, which is chaired by the Vice President of Information Technology. As part of Coronado’s processes to oversee and identify cybersecurity threats associated with its use of third-party the DAC is tasked with reviewing new software requests from Coronado’s various divisions. The DAC is comprised of business systems, plant and operational personnel from both Coronado’s U.S. and Australian operations. As of the filing of this Annual Report on Form 10-K, Coronado is not aware of any risks from cybersecurity threats, including as a result of any previous cybersecurity incidents that have occurred since the beginning of 2025 that have materially affected, or are reasonably likely to materially affect, Coronado, including Coronado’s business strategy, results of operations or financial condition. Coronado could be subject to cybersecurity incidents in the future which may have a material adverse effect on Coronado’s business strategy, results of operations or financial condition. For further information on Coronado’s risks relating to cybersecurity threats, see “Operation and Technology Risks” in the “Risk Factors” section of this Form 10-K. |
| Cybersecurity Risk Management Processes Integrated [Text Block] |
Coronado uses software tools to identify, assess, and manage material risks from cybersecurity threats. Coronado heavily relies on information technology systems throughout its operations and acknowledges the critical importance of safeguarding its digital assets and protecting sensitive information. Regular security assessments, including penetration tests, are conducted to monitor our data security against global standards. Coronado also maintains a suite of security measures to help defend against unauthorized access and misappropriation of technology. Additionally, the Coronado IT department distributes training and awareness information to personnel covering email security, password security, data handling security, enterprise resource planning systems and cloud security. |
| Cybersecurity Risk Management Third Party Engaged Flag |
true
|
| Cybersecurity Risk Third Party Oversight And Identification Processes Flag |
true
|
| Cybersecurity Risk Materially Affected Or Reasonably Likely To Materially Affect Registrant Flag |
true
|
| Cybersecurity Risk Materially Affected Or Reasonably Likely To Materially Affect Registrant [Text Block] |
Certain key controls incorporated into Coronado’s internal control processes are linked to cybersecurity risks, including controls over access and change management for key financial systems. Where the management of these key financial systems is outsourced to third parties, Coronado obtains assurance reports on the effectiveness of key vendor controls. Additionally, Coronado uses third parties to conduct cybersecurity penetration testing at Coronado's U.S. and Australian operations. In 2023, Coronado created the Digital Advisory Committee, or DAC, which is chaired by the Vice President of Information Technology. As part of Coronado’s processes to oversee and identify cybersecurity threats associated with its use of third-party the DAC is tasked with reviewing new software requests from Coronado’s various divisions. The DAC is comprised of business systems, plant and operational personnel from both Coronado’s U.S. and Australian operations. As of the filing of this Annual Report on Form 10-K, Coronado is not aware of any risks from cybersecurity threats, including as a result of any previous cybersecurity incidents that have occurred since the beginning of 2025 that have materially affected, or are reasonably likely to materially affect, Coronado, including Coronado’s business strategy, results of operations or financial condition. Coronado could be subject to cybersecurity incidents in the future which may have a material adverse effect on Coronado’s business strategy, results of operations or financial condition. For further information on Coronado’s risks relating to cybersecurity threats, see “Operation and Technology Risks” in the “Risk Factors” section of this Form 10-K. |
| Cybersecurity Risk Board Committee Or Subcommittee Responsible For Oversight [Text Block] |
The Board of Directors is responsible for reviewing, ratifying, and monitoring systems of risk management, internal control, and legal compliance. This includes identifying the main risks associated with Coronado's businesses, including cybersecurity risk, and implementing appropriate systems to manage such risks. As outlined in the charter of the Audit Governance and Risk Committee, or the AGRC, the Board of Directors has delegated to the AGRC responsibility for overseeing corporate and governance risk management, financial risk management, and compliance with applicable laws, regulations, standards, and best practice guidelines, which includes the oversight of cybersecurity risk. |
| Cybersecurity Risk Process For Informing Board Committee Or Subcommittee Responsible For Oversight [Text Block] |
The AGRC is informed of cybersecurity risks by management, which includes an annual cybersecurity risk presentation. As part of their review of reports AGRC and IT function provide cybersecurity risk updates to the Board of Directors, which enables the Board of Directors to incorporate the insights of such reports into its overall risk oversight analysis. |
| Cybersecurity Risk Role Of Management [Text Block] |
The Board of Directors is responsible for reviewing, ratifying, and monitoring systems of risk management, internal control, and legal compliance. This includes identifying the main risks associated with Coronado's businesses, including cybersecurity risk, and implementing appropriate systems to manage such risks. As outlined in the charter of the Audit Governance and Risk Committee, or the AGRC, the Board of Directors has delegated to the AGRC responsibility for overseeing corporate and governance risk management, financial risk management, and compliance with applicable laws, regulations, standards, and best practice guidelines, which includes the oversight of cybersecurity risk. The AGRC is informed of cybersecurity risks by management, which includes an annual cybersecurity risk presentation. As part of their review of reports AGRC and IT function provide cybersecurity risk updates to the Board of Directors, which enables the Board of Directors to incorporate the insights of such reports into its overall risk oversight analysis.
Supporting this governance framework, the Executive Leadership Team, or ELT, is responsible for maintaining effective systems of risk management and internal control. Within this framework, the Vice President of Information Technology is responsible for the cybersecurity function. The Vice President of Information Technology has experience in various roles involving managing information systems and cybersecurity functions and developing cybersecurity strategies. The Vice President of Information Technology reports to the Group Chief Financial Officer, or Group CFO, who is a member of the ELT . In order to prevent, detect, mitigate and remediate cybersecurity incidents, Coronado maintains a Cyber Incident Response Plan, or the Plan. The Plan outlines Coronado's approach to identifying and containing cybersecurity incidents, along with recovery and improvement processes. The Plan includes incident assessment criteria that allow for escalation of potentially material cybersecurity incidents. The Group CFO reports to the AGRC in the event of a potentially material cybersecurity incident. Additionally, annual reviews of Coronado’s current cybersecurity status and strategy are presented to the Board of Directors and the AGRC by management. |
| Cybersecurity Risk Management Positions Or Committees Responsible Flag |
true
|
| Cybersecurity Risk Management Positions Or Committees Responsible [Text Block] |
As part of their review of reports AGRC and IT function provide cybersecurity risk updates to the Board of Directors, which enables the Board of Directors to incorporate the insights of such reports into its overall risk oversight analysis. |
| Cybersecurity Risk Management Expertise Of Management Responsible [Text Block] |
The Board of Directors is responsible for reviewing, ratifying, and monitoring systems of risk management, internal control, and legal compliance. This includes identifying the main risks associated with Coronado's businesses, including cybersecurity risk, and implementing appropriate systems to manage such risks. As outlined in the charter of the Audit Governance and Risk Committee, or the AGRC, the Board of Directors has delegated to the AGRC responsibility for overseeing corporate and governance risk management, financial risk management, and compliance with applicable laws, regulations, standards, and best practice guidelines, which includes the oversight of cybersecurity risk. The AGRC is informed of cybersecurity risks by management, which includes an annual cybersecurity risk presentation. As part of their review of reports AGRC and IT function provide cybersecurity risk updates to the Board of Directors, which enables the Board of Directors to incorporate the insights of such reports into its overall risk oversight analysis. |
| Cybersecurity Risk Process For Informing Management Or Committees Responsible [Text Block] |
Supporting this governance framework, the Executive Leadership Team, or ELT, is responsible for maintaining effective systems of risk management and internal control. Within this framework, the Vice President of Information Technology is responsible for the cybersecurity function. The Vice President of Information Technology has experience in various roles involving managing information systems and cybersecurity functions and developing cybersecurity strategies. The Vice President of Information Technology reports to the Group Chief Financial Officer, or Group CFO, who is a member of the ELT . In order to prevent, detect, mitigate and remediate cybersecurity incidents, Coronado maintains a Cyber Incident Response Plan, or the Plan. The Plan outlines Coronado's approach to identifying and containing cybersecurity incidents, along with recovery and improvement processes. The Plan includes incident assessment criteria that allow for escalation of potentially material cybersecurity incidents. The Group CFO reports to the AGRC in the event of a potentially material cybersecurity incident. Additionally, annual reviews of Coronado’s current cybersecurity status and strategy are presented to the Board of Directors and the AGRC by management. |
| Cybersecurity Risk Management Positions Or Committees Responsible Report To Board Flag |
true
|