Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Risk Management and Strategy

We have established policies and processes for assessing, identifying, and managing material risk from cybersecurity threats, and we have integrated these processes into our overall risk management program. We assess material risks from cybersecurity threats, including any potential unauthorized occurrence on or conducted through our information systems that may result in adverse effects on the confidentiality, integrity, or availability of our information systems or any information residing therein.

As a small company our IT systems and assets are limited mainly to accounting and administrative systems and email communications, all of which are cloud based. Our cybersecurity risk management program to protect these assets and systems includes:

	●	skilled third-party information security and data privacy personnel, who support our cybersecurity risk assessment processes, our security controls, and our response to cybersecurity incidents;

	●	email security systems including automatic detonation and evaluation of attachments in a sandbox;

	●	the implementation of formal protection systems against phishing; the use of multi-factor authentication (MFA), next-generation anti-virus, the use of tools to monitor access for unusual behaviour;

	●	the use of a protective DNS service to block access to malicious websites;

	●	external service providers, where appropriate, to monitor, assess, test, or otherwise assist with aspects of our security controls, to support risk mitigation efforts, and to utilize a security information and event management system (SIEM);

	●	the regular (less than 30 days) installation by our third-party information security provider of critical and high severity patches across our systems;

	●	training for our employees on cybersecurity awareness;

	●	carrying cyber risk insurance that provides protection (as specified in the applicable policies) against certain potential costs and losses arising from a cybersecurity incident;

We have not identified any risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents, that have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations, or financial condition.

Cybersecurity Risk Management Processes Integrated [Text Block]

We have established policies and processes for assessing, identifying, and managing material risk from cybersecurity threats, and we have integrated these processes into our overall risk management program. We assess material risks from cybersecurity threats, including any potential unauthorized occurrence on or conducted through our information systems that may result in adverse effects on the confidentiality, integrity, or availability of our information systems or any information residing therein.

Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]

false

Cybersecurity Risk Management Positions or Committees Responsible [Flag]

true

Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]

Our management team oversees efforts to prevent, detect, mitigate, and remediate cybersecurity risks and incidents through various means, which may include threat briefings from internal personnel and external service providers, as well as alerts and reports produced by security tools deployed in the information technology environment.