Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Cybersecurity Risk Management and Strategy

We have developed and implemented a cybersecurity risk management program intended to protect the confidentiality, integrity, and availability of our critical systems and information.

We design and assess our program based on the National Institute of Standards and Technology Cybersecurity Framework Special Publication 800-53, 800-61, rev 2 (“NIST CSF). This does not imply that we meet any particular technical standards, specifications, or requirements. We use the NIST CSF as a guide to help us identify, assess, and manage cybersecurity risks relevant to our business.

We have implemented a number of security measures designed to protect its systems and data, including firewalls, antivirus and malware detection tools, patches, log monitors, routine back-ups, system audits, system hardening, penetration testing and privileged access session management. In addition, we have continued its efforts to migrate its platforms to cloud-based computing, which is designed to further strengthen its security posture.

Our cybersecurity risk management program is integrated into our overall enterprise risk management program and shares common methodologies, reporting channels, and governance processes that apply across the enterprise risk management program to other legal, compliance, strategic, operational, and financial risk areas.

Our cybersecurity risk management program includes the following:

	●	risk assessments designed to help identify material cybersecurity risks to our critical systems, information, products, services, and our broader enterprise IT environment;

	●	a security team principally responsible for managing (1) our cybersecurity risk assessment processes, (2) our security controls, and (3) our response to cybersecurity incidents;

	●	the use of external service providers, where appropriate, to assess, test, or otherwise assist with aspects of our security controls;

	●	cybersecurity awareness training of our employees, incident response personnel, and senior management; and

	●	a cybersecurity incident response plan that includes procedures for responding to cybersecurity incidents.

There can be no assurance that our cybersecurity risk management program and processes, including our policies, controls or procedures, will be fully implemented, complied with or effective in protecting our systems and information.

Cybersecurity Risk Management Processes Integrated [Text Block]

Our cybersecurity risk management program is integrated into our overall enterprise risk management program and shares common methodologies, reporting channels, and governance processes that apply across the enterprise risk management program to other legal, compliance, strategic, operational, and financial risk areas.

Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]

Our Board oversees management’s implementation of our cybersecurity risk management program and receives updates on the cybersecurity risk management program from management at least annually. In addition, management updates the Board regarding any material or significant cybersecurity incidents, as well as incidents with lesser impact potential as necessary.