Cybersecurity Risk Management and Strategy Disclosure |
12 Months Ended |
|---|---|
Mar. 31, 2026 | |
| Cybersecurity Risk Management, Strategy, and Governance [Line Items] | |
| Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] | We maintain a cybersecurity risk management program that is an important and integrated part of our enterprise risk management function and is designed to assess, identify, manage and protect our information systems and data from unauthorized access, use, disclosure, disruption, modification or destruction. Our program is based on applicable industry frameworks and standards, including those provided by the National Institute of Standards and Technology cybersecurity framework, or the NIST Framework. Our cybersecurity program includes processes, procedures and controls to reasonably mitigate our cybersecurity and information technology risk. The cybersecurity program is designed to minimize the impact and disruption to business operations. The efforts to prevent, detect and respond to cybersecurity threats are managed by our Vice President of Cybersecurity (“VP, Cybersecurity”) in collaboration with our Chief Information Officer (“CIO”), whose teams are responsible for leading our cybersecurity strategy, policy, communication, training, architecture and processes. Our cybersecurity program includes: •identifying and confirming the adequacy of security measures, security deficiencies and data from which to predict effectiveness of proposed security measures; •detection and reporting requirements for identifying unusual internal or external activity or events that may compromise the availability, confidentiality and integrity of our information technology resources; •specific testing to be performed within specific timelines, including but not limited to, networks, web applications and network accounts; •regularly reviewing relevant threat and vulnerability information from appropriate goods and services vendors, third-parties and public domain resources; •verifying compliance with cybersecurity policies through various methods, including but not limited to, system and tool reports, internal and external audits and feedback to the policy owner; •reviewing our cybersecurity policies at least annually or when there are significant changes within the company’s facilities or infrastructure to ensure their continuing suitability, adequacy and effectiveness; •a crisis management governance plan that outlines the members of the crisis management team, escalation path and escalation thresholds; and •periodic training sessions or tabletop exercises with our executive leadership team (“ELT”) to test our crisis management governance plan and to familiarize our management team with the elements and operation of our crisis management governance plan. When a cybersecurity threat or incident is identified, our security incident plan outlines the members of the Security Incident Response Team, escalation path and escalation thresholds. The Security Incident Response Team considers each incident’s impact to our operations, technology, safety and reputation and any legal or regulatory impacts. If an incident meets defined severity criteria, individually or in the aggregate, it is immediately escalated in accordance with the applicable response classification. We have also retained a third-party service provider to complement our incident response capabilities, if required. We engage third parties to conduct annual security penetration testing against our networks, both internally and externally, to identify and mitigate cyber risks. We have and will continue to conduct cybersecurity program assessments to evaluate its maturity against the NIST Framework. We require ongoing cybersecurity training for all employees, focusing on the appropriate protection and security of confidential company and third-party information. Additionally, employees participate in mandatory monthly cybersecurity awareness training that covers a broad range of security topics, including business email compromise, phishing schemes, remote work and reporting and responding to suspicious activities.
|
| Cybersecurity Risk Management Processes Integrated [Flag] | true |
| Cybersecurity Risk Management Processes Integrated [Text Block] | We maintain a cybersecurity risk management program that is an important and integrated part of our enterprise risk management function and is designed to assess, identify, manage and protect our information systems and data from unauthorized access, use, disclosure, disruption, modification or destruction. Our program is based on applicable industry frameworks and standards, including those provided by the National Institute of Standards and Technology cybersecurity framework, or the NIST Framework. Our cybersecurity program includes processes, procedures and controls to reasonably mitigate our cybersecurity and information technology risk. The cybersecurity program is designed to minimize the impact and disruption to business operations.
|
| Cybersecurity Risk Management Third Party Engaged [Flag] | true |
| Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] | true |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] | false |
| Cybersecurity Risk Board of Directors Oversight [Text Block] | Our Board of Directors oversees the risks of cybersecurity threats and considers cybersecurity risk as part of its risk oversight function. As such, it receives updates on our cybersecurity practices, events and risks from our CIO at the Board’s regularly scheduled meetings. |
| Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] | The efforts to prevent, detect and respond to cybersecurity threats are managed by our Vice President of Cybersecurity (“VP, Cybersecurity”) in collaboration with our Chief Information Officer (“CIO”), whose teams are responsible for leading our cybersecurity strategy, policy, communication, training, architecture and processes. |
| Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] | When a cybersecurity threat or incident is identified, our security incident plan outlines the members of the Security Incident Response Team, escalation path and escalation thresholds. |
| Cybersecurity Risk Role of Management [Text Block] | Our ELT also supports and monitors the effectiveness of and compliance with the cybersecurity policies and other security and data protection requirements. The ELT oversees external communications regarding data breaches, provides protocol and processes for internal and external communication and analyzes business impacts of a cybersecurity incident. Our VP, Cybersecurity has over 25 years of leadership experience, including 9 years of experience developing and implementing cybersecurity programs to protect organizations against cyber-attacks. The responsibilities of the VP, Cybersecurity include, but are not limited to, approving and maintaining the cybersecurity policies, including reviewing and approving cybersecurity policy deviations, waivers and exceptions; developing, deploying and maintaining cybersecurity program documentation, processes and procedures; validating compliance with cybersecurity policies by staff and third parties. The VP, Cybersecurity also evaluates security and data protection incidents, analyzes business impacts, provides security and risk guidance and recommendations, and reviews security incident reports. Our CIO has over 30 years of IT experience, including 18 years as CIO for businesses in a variety of industries. Our CIO has a track record of developing effective, leading-edge technology solutions that create business value. The CIO reviews, approves and monitors security policies, deviations, waivers and exceptions.
|
| Cybersecurity Risk Management Positions or Committees Responsible [Flag] | true |
| Cybersecurity Risk Management Positions or Committees Responsible [Text Block] | The efforts to prevent, detect and respond to cybersecurity threats are managed by our Vice President of Cybersecurity (“VP, Cybersecurity”) in collaboration with our Chief Information Officer (“CIO”), whose teams are responsible for leading our cybersecurity strategy, policy, communication, training, architecture and processes. |
| Cybersecurity Risk Management Expertise of Management Responsible [Text Block] | Our VP, Cybersecurity has over 25 years of leadership experience, including 9 years of experience developing and implementing cybersecurity programs to protect organizations against cyber-attacks. The responsibilities of the VP, Cybersecurity include, but are not limited to, approving and maintaining the cybersecurity policies, including reviewing and approving cybersecurity policy deviations, waivers and exceptions; developing, deploying and maintaining cybersecurity program documentation, processes and procedures; validating compliance with cybersecurity policies by staff and third parties. The VP, Cybersecurity also evaluates security and data protection incidents, analyzes business impacts, provides security and risk guidance and recommendations, and reviews security incident reports. Our CIO has over 30 years of IT experience, including 18 years as CIO for businesses in a variety of industries. Our CIO has a track record of developing effective, leading-edge technology solutions that create business value.
|
| Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] | When a cybersecurity threat or incident is identified, our security incident plan outlines the members of the Security Incident Response Team, escalation path and escalation thresholds. The Security Incident Response Team considers each incident’s impact to our operations, technology, safety and reputation and any legal or regulatory impacts. If an incident meets defined severity criteria, individually or in the aggregate, it is immediately escalated in accordance with the applicable response classification. |
| Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] | true |