Cybersecurity Risk Management and Strategy Disclosure |
12 Months Ended |
|---|---|
Dec. 31, 2025 | |
| Cybersecurity Risk Management, Strategy, and Governance [Line Items] | |
| Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] | We recognize the importance of assessing, identifying, and managing material risks associated with cybersecurity threats, as defined in Item 106(a) of Regulation S-K, and are integrating them into our overall risk management systems and processes by implementing and maintaining various technical, physical, and organizational safeguards, such as policies, standards, and practices relating to: •risk assessments; •incident detection and response; •vulnerability management; •internal controls within our IT, Security and other departments; •network security controls; •access controls; •physical security; •asset management; •system monitoring; •employee cybersecurity awareness and training; •phishing tests; •the use of the internet, social media, email and wireless devices; •firewalls and intrusion prevention systems; •endpoint detection and response systems; and •anti-malware functionality. As part of this process, we engaged external consultants who assessed our internal cybersecurity programs and alignment with applicable practices and standards, such as the Internal Control - Integrated Framework issued by the Committee of Sponsoring Organizations of the Treadway Commission framework. We have also retained external service providers to monitor identified risk exposures, provide ongoing recommendations and software tools for their detection and mitigation, as well as evaluating the impact and coordinating the recovery from any incidents or breaches, should they occur. Our risk management program also assesses third-party risks, and we perform third-party risk management to identify and mitigate risks from third parties such as vendors, suppliers and other business partners associated with our use of third-party service providers. Cybersecurity risks are evaluated when determining the selection and oversight of service providers when handling and/or processing our employee, business or customer data. Further, in February 2024, we formalized our policy of monitoring third-party cybersecurity risks by requiring its consideration and approval by the IT change control board as a part of vendor selection and solution procurement.
|
| Cybersecurity Risk Management Processes Integrated [Flag] | true |
| Cybersecurity Risk Management Processes Integrated [Text Block] | We recognize the importance of assessing, identifying, and managing material risks associated with cybersecurity threats, as defined in Item 106(a) of Regulation S-K, and are integrating them into our overall risk management systems and processes by implementing and maintaining various technical, physical, and organizational safeguards, such as policies, standards, and practices relating to: •risk assessments; •incident detection and response; •vulnerability management; •internal controls within our IT, Security and other departments; •network security controls; •access controls; •physical security; •asset management; •system monitoring; •employee cybersecurity awareness and training; •phishing tests; •the use of the internet, social media, email and wireless devices; •firewalls and intrusion prevention systems; •endpoint detection and response systems; and •anti-malware functionality.
|
| Cybersecurity Risk Management Third Party Engaged [Flag] | true |
| Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] | true |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] | false |
| Cybersecurity Risk Board of Directors Oversight [Text Block] | Cybersecurity is an important part of our risk management processes and an area of focus for our Board and management. |
| Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] | Our Audit Committee is responsible for the oversight of risks from cybersecurity threats. |
| Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] | It receives updates on matters of cybersecurity from senior management during regular quarterly meetings and in the interim, if warranted. This includes existing and new cybersecurity risks, how management is addressing and/or mitigating those risks, cybersecurity and data privacy incidents (if any) and key information security initiatives. Our Board members also engage in ad hoc conversations with management on cybersecurity-related news events and discuss any updates to our cybersecurity risk management and strategy programs. |
| Cybersecurity Risk Role of Management [Text Block] | Cybersecurity is an important part of our risk management processes and an area of focus for our Board and management. Our Audit Committee is responsible for the oversight of risks from cybersecurity threats. It receives updates on matters of cybersecurity from senior management during regular quarterly meetings and in the interim, if warranted. This includes existing and new cybersecurity risks, how management is addressing and/or mitigating those risks, cybersecurity and data privacy incidents (if any) and key information security initiatives. Our Board members also engage in ad hoc conversations with management on cybersecurity-related news events and discuss any updates to our cybersecurity risk management and strategy programs. Our cybersecurity risk management and strategy processes are coordinated by our Director of Technology. He maintains the Certified Information Systems Security Professional certification and has ten years of senior leadership experience in defensive cyber security in both the private sector and Department of War. He is supported by leaders from our Information Technology, Document Management and Compliance teams, as well as management’s Disclosure Committee who have extensive work experience in various roles involving information technology, including security, auditing, compliance, systems and programming. They draw on their knowledge of daily information technology operations, ongoing cybersecurity initiatives and various monitoring tools to ultimately report through the Director of Technology and Director of Internal Controls to the Audit Committee on the monitoring, prevention, mitigation, detection and remediation of cybersecurity incidents. In the event the Audit Committee determines that a cybersecurity incident has occurred, the Audit Committee will evaluate whether to escalate the cybersecurity incident to the full Board.
|
| Cybersecurity Risk Management Positions or Committees Responsible [Flag] | true |
| Cybersecurity Risk Management Positions or Committees Responsible [Text Block] | Our cybersecurity risk management and strategy processes are coordinated by our Director of Technology. |
| Cybersecurity Risk Management Expertise of Management Responsible [Text Block] | He maintains the Certified Information Systems Security Professional certification and has ten years of senior leadership experience in defensive cyber security in both the private sector and Department of War. He is supported by leaders from our Information Technology, Document Management and Compliance teams, as well as management’s Disclosure Committee who have extensive work experience in various roles involving information technology, including security, auditing, compliance, systems and programming. |
| Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] | They draw on their knowledge of daily information technology operations, ongoing cybersecurity initiatives and various monitoring tools to ultimately report through the Director of Technology and Director of Internal Controls to the Audit Committee on the monitoring, prevention, mitigation, detection and remediation of cybersecurity incidents. |
| Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] | true |