Cybersecurity Risk Management and Strategy Disclosure |
12 Months Ended |
|---|---|
Dec. 31, 2025 | |
| Cybersecurity Risk Management, Strategy, and Governance [Line Items] | |
| Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] | Monitoring and assessing cybersecurity risk is a critical part of our overall enterprise risk management (“ERM”). Our Board regularly discusses significant areas of risk, including those that may be related to cybersecurity, as necessary. We have designed and implemented an information security program tailored to our operations, the nature of our products and services, and the sensitivity of the data that we process. We have implemented cybersecurity risk management processes that include, for example, developing organizational understandings to manage cybersecurity risk, identifying asset vulnerabilities, threats to internal and external organizational resources, and risk response activities, and developing a vendor risk management policy for assessing supply chain and vendor-related risks. As part of these processes, we have implemented an Incident Response Plan, which provides protocols for incident evaluation, including processes for notification and internal escalation of information to our senior management and the appropriate Board committees. Our Incident Response Plan is updated annually and tested in tabletop exercises. |
| Cybersecurity Risk Management Processes Integrated [Flag] | true |
| Cybersecurity Risk Management Processes Integrated [Text Block] | Monitoring and assessing cybersecurity risk is a critical part of our overall enterprise risk management (“ERM”). Our Board regularly discusses significant areas of risk, including those that may be related to cybersecurity, as necessary. We have designed and implemented an information security program tailored to our operations, the nature of our products and services, and the sensitivity of the data that we process. We have implemented cybersecurity risk management processes that include, for example, developing organizational understandings to manage cybersecurity risk, identifying asset vulnerabilities, threats to internal and external organizational resources, and risk response activities, and developing a vendor risk management policy for assessing supply chain and vendor-related risks. As part of these processes, we have implemented an Incident Response Plan, which provides protocols for incident evaluation, including processes for notification and internal escalation of information to our senior management and the appropriate Board committees. Our Incident Response Plan is updated annually and tested in tabletop exercises. |
| Cybersecurity Risk Management Third Party Engaged [Flag] | true |
| Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] | true |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] | false |
| Cybersecurity Risk Board of Directors Oversight [Text Block] | Our Board, including the Audit Committee of the Board, and our management team are actively involved in the oversight of risks from cybersecurity threats. Our Audit Committee discusses risks related to cybersecurity quarterly, and reports to the Board quarterly on such risks and events. Our Vice President Information Technology presents information to the Audit Committee regarding cybersecurity risks and events quarterly. The full Board also discusses cybersecurity risks and events annually. If there are direct risks rising to the level of potential materiality, the management team reports such risks and events to the Board. |
| Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] | Audit Committee |
| Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] | Our Audit Committee discusses risks related to cybersecurity quarterly, and reports to the Board quarterly on such risks and events. Our Vice President Information Technology presents information to the Audit Committee regarding cybersecurity risks and events quarterly. The full Board also discusses cybersecurity risks and events annually. If there are direct risks rising to the level of potential materiality, the management team reports such risks and events to the Board. |
| Cybersecurity Risk Role of Management [Text Block] | Our Vice President of Information Technology is responsible for day-to-day oversight of cybersecurity risk. The individual currently holding the position of Vice President of Information Technology has held the role for four years, has eighteen years of experience in IT and software development (with eight of those years in management roles), and holds certification from MIT Sloan School of Management in cybersecurity risk management. This individual is responsible for coordinating resources internally and externally regarding cybersecurity risk management and incident response, and reports directly to our Chief Executive Officer. Our management team has also established a Cybersecurity Incident Response Team (the “CSIRT”), which is comprised of our Chief Executive Officer, the Chair of the Audit Committee of our Board, our Vice-President, Legal and our Senior Vice President, Human Resources. The CSIRT is responsible for responding to cybersecurity incidents. |
| Cybersecurity Risk Management Positions or Committees Responsible [Flag] | true |
| Cybersecurity Risk Management Positions or Committees Responsible [Text Block] | Vice President of Information Technology |
| Cybersecurity Risk Management Expertise of Management Responsible [Text Block] | The individual currently holding the position of Vice President of Information Technology has held the role for four years, has eighteen years of experience in IT and software development (with eight of those years in management roles), and holds certification from MIT Sloan School of Management in cybersecurity risk management. |
| Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] | Monitoring and assessing cybersecurity risk is a critical part of our overall enterprise risk management (“ERM”). Our Board regularly discusses significant areas of risk, including those that may be related to cybersecurity, as necessary. We have designed and implemented an information security program tailored to our operations, the nature of our products and services, and the sensitivity of the data that we process. We have implemented cybersecurity risk management processes that include, for example, developing organizational understandings to manage cybersecurity risk, identifying asset vulnerabilities, threats to internal and external organizational resources, and risk response activities, and developing a vendor risk management policy for assessing supply chain and vendor-related risks. As part of these processes, we have implemented an Incident Response Plan, which provides protocols for incident evaluation, including processes for notification and internal escalation of information to our senior management and the appropriate Board committees. Our Incident Response Plan is updated annually and tested in tabletop exercises. |
| Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] | true |