Risk Management and Strategy

We maintain a cybersecurity risk management program designed to identify, assess, manage, mitigate and respond to cybersecurity threats. This program is integrated into our broader enterprise risk management processes and addresses risks to our corporate information technology (“IT”) environment, including systems, networks, hardware, software, data, personnel and operational processes.

Our cybersecurity program incorporates recognized industry standards and best practices, including alignment with the National Institute of Standards and Technology (“NIST”) Cybersecurity Framework (“CSF”). We also consider applicable data protection and privacy regulations in jurisdictions in which we operate. We engage independent third-party specialists to perform periodic assessments of our cybersecurity program, including evaluations against the NIST CSF and vulnerability testing. These assessments are designed to identify, quantify and categorize cyber risks and potential vulnerabilities. Based on the results of such assessments, management develops and implements risk mitigation and remediation plans, as appropriate.

We maintain policies and procedures governing areas such as information security, acceptable use, identity and access management, onboarding and offboarding, change and configuration management, risk management, data protection, backup and recovery, and incident response. We also utilize third-party cybersecurity service providers and technology solutions to support our cybersecurity operations, including services related to:

Because we rely on third-party vendors, cloud providers and service partners in our operations, we maintain a third-party risk management process designed to assess and monitor cybersecurity risks associated with critical service providers. This includes vendor due diligence during onboarding, review of available independent audit reports (such as SOC reports, where applicable), evaluation of contractual security provisions, and ongoing monitoring of vendor performance and risk posture.

Despite these efforts, we cannot eliminate all cybersecurity risks. The threat landscape continues to evolve, and our systems and those of our third-party providers may be vulnerable to unauthorized access, disruption or compromise.

Governance

Management Oversight

Management is responsible for the day-to-day oversight and administration of our cybersecurity risk management program. The Company utilizes a senior technology advisor as a consultant with primary responsibility for cybersecurity oversight. This individual has extensive experience in information technology and cybersecurity.

The senior technology advisor, together with internal personnel and external cybersecurity service providers, oversees the prevention, detection, mitigation and remediation of cybersecurity incidents. Management receives information from internal monitoring tools, third-party service providers, vulnerability assessments, and threat intelligence sources, including governmental and private sector resources.

We maintain an incident response plan designed to provide a structured framework for identifying, escalating, investigating and responding to cybersecurity incidents, including processes to assess materiality and comply with applicable legal and regulatory reporting requirements.

Board Oversight

The Audit Committee of our Board of Directors oversees cybersecurity risk exposure and management’s efforts to monitor and mitigate cybersecurity risks. Management and, as appropriate, external cybersecurity advisors provide periodic briefings to the Audit Committee regarding: