We have instituted a framework of policies and procedures designed to assess, identify, respond to, and mitigate cybersecurity risks and events.

Central to this framework is a Security Information and Event Management (SIEM) and System Operations Center (SOC) solution, which is managed by a third-party partner. This solution constitutes the bulk of our cybersecurity management system. The SIEM technology aggregates, analyzes, and reports on security data from various sources, with the objective of providing real-time monitoring and alerting of cybersecurity threats and compliance reporting. The SOC is a centralized team of third-party security analysts who monitor the SIEM, analyze the SIEM data, and seek to protect us against cybersecurity threats. Our SIEM and SOC provider has been in business for over 20 years and was selected by us based upon the caliber of its existing client base, which includes blue chip companies and government agencies.

​

We discuss cybersecurity with key third party service providers to understand their cybersecurity measures and to seek to identify any vulnerabilities which may create risk for us.

​

We supplement our SIEM and SOC with our Disaster Recovery Plan, which comprises a data backup practice designed to provide recovery of critical data, reducing the risk of data loss due to system failures, cyberattacks, or natural disasters. We enhance our cybersecurity defenses through, among other things: providing periodic employee training, education, and awareness programs and initiatives that are designed to enhance employee awareness of how to detect, avoid and respond to cybersecurity risks and events; implementing firewalls to increase the protection of our network against unauthorized or harmful network traffic that breaches our security protocols; using data security protocols in seeking to limit access to data based on  what is necessary and authorized for an individual’s specific role; and employing endpoint security measures such as advanced malware protection and data loss prevention tools, designed to detect, thwart, and mitigate potential vulnerabilities and attacks.

We have instituted a framework of policies and procedures designed to assess, identify, respond to, and mitigate cybersecurity risks and events.

Central to this framework is a Security Information and Event Management (SIEM) and System Operations Center (SOC) solution, which is managed by a third-party partner. This solution constitutes the bulk of our cybersecurity management system. The SIEM technology aggregates, analyzes, and reports on security data from various sources, with the objective of providing real-time monitoring and alerting of cybersecurity threats and compliance reporting. The SOC is a centralized team of third-party security analysts who monitor the SIEM, analyze the SIEM data, and seek to protect us against cybersecurity threats. Our SIEM and SOC provider has been in business for over 20 years and was selected by us based upon the caliber of its existing client base, which includes blue chip companies and government agencies.

Board of Directors' Oversight

Our Board of Directors oversees cyber risk management efforts, primarily through the Audit Committee, to which the Board has delegated primary oversight responsibilities for cybersecurity matters. The Audit Committee receives a quarterly review of cybersecurity matters from management, encompassing any significant incidents, the evolving cyber threat landscape, program enhancements, risk mitigation strategies, and other pertinent topics. The Audit Committee Chair reports material matters relating to cybersecurity and other risks to the Board of Directors periodically.

Management provides our Board of Directors with an annual cybersecurity update, with the assistance and participation of our third-party IT consultant and our SIEM and SOC provider. These updates present an overview of our cybersecurity framework and provide an opportunity to address any questions or concerns the Board may have.

Our Board of Directors oversees cyber risk management efforts, primarily through the Audit Committee, to which the Board has delegated primary oversight responsibilities for cybersecurity matters. The Audit Committee receives a quarterly review of cybersecurity matters from management, encompassing any significant incidents, the evolving cyber threat landscape, program enhancements, risk mitigation strategies, and other pertinent topics. The Audit Committee Chair reports material matters relating to cybersecurity and other risks to the Board of Directors periodically.