Cybersecurity Risk Management and Strategy Disclosure |
12 Months Ended |
|---|---|
Mar. 31, 2026 | |
| Cybersecurity Risk Management, Strategy, and Governance [Line Items] | |
| Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] | Risk management and strategy Nextpower maintains a cybersecurity and information security program designed to identify, assess, prioritize, and manage risks to our systems, data, and operations. Cybersecurity risk management is integrated into our broader Enterprise Risk Management (ERM) framework and is treated as an ongoing, adaptive process aligned with the evolving threat landscape and regulatory expectations. We design our cybersecurity practices based on recognized industry standards and frameworks, including the NIST Cybersecurity Framework (NIST CSF) and the CIS Critical Security Controls. We regularly evaluate and enhance our controls to address emerging threats, regulatory developments, and business requirements. As part of our cybersecurity risk management processes, we assess whether identified cybersecurity threats or incidents are reasonably likely to materially affect the Company, including its financial condition, results of operations, or business strategy. This includes defined processes for escalation, internal reporting, and, where appropriate, disclosure in accordance with applicable SEC requirements. Key components of our cybersecurity risk management program include: •Governance and Leadership: A dedicated cybersecurity leadership function, led by the Chief Information Security Officer (CISO), is responsible for overseeing the cybersecurity program, strategy, and operations. •Risk Identification and Assessment: We perform ongoing risk assessments to identify internal and external threats, vulnerabilities, and potential impacts to the business. •Vulnerability Management: We conduct regular vulnerability scanning and engage independent third parties to perform penetration testing across our internal and external environments. •Third-Party Risk Management: We assess the security posture of critical vendors and service providers through due diligence, contractual requirements, and ongoing monitoring. •Threat Monitoring and Detection: We utilize a combination of automated tools, security monitoring platforms, and threat intelligence feeds to detect, analyze, and respond to potential threats in a timely manner. •Incident Response and Recovery: We maintain and periodically test an incident response plan designed to enable timely detection, containment, remediation, and recovery from cybersecurity incidents. We incorporate lessons learned from incidents and exercises into program improvements. •Security Awareness and Training: We provide ongoing cybersecurity awareness and training programs to employees to reduce human-related risk factors. •Risk Prioritization and Remediation: Identified risks are documented in a centralized risk register and prioritized based on potential business impact, with remediation efforts tracked through formal governance processes. We engage external cybersecurity firms and advisors, where appropriate, to support assessments, testing, and program maturity evaluations. We regularly review and update our cybersecurity program to reflect changes in the threat landscape, business operations, and regulatory environment. As of the date of this report, we have not identified any risks from cybersecurity threats or incidents that have materially affected or are reasonably likely to materially affect our business, strategy, results of operations, or financial condition. However, cybersecurity threats continue to increase in frequency and sophistication, and we remain focused on strengthening our defenses, detection capabilities, and response readiness. For additional information regarding cybersecurity risks, refer to the risk factor titled “Cybersecurity or other data security incidents could materially disrupt our operations, compromise sensitive information, and adversely affect our financial performance and reputation” in Item 1A. Risk Factors of this Annual Report on Form 10-K. Governance
|
| Cybersecurity Risk Management Processes Integrated [Flag] | true |
| Cybersecurity Risk Management Processes Integrated [Text Block] | Nextpower maintains a cybersecurity and information security program designed to identify, assess, prioritize, and manage risks to our systems, data, and operations. Cybersecurity risk management is integrated into our broader Enterprise Risk Management (ERM) framework and is treated as an ongoing, adaptive process aligned with the evolving threat landscape and regulatory expectations.
|
| Cybersecurity Risk Management Third Party Engaged [Flag] | true |
| Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] | true |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] | false |
| Cybersecurity Risk Board of Directors Oversight [Text Block] | Our Board of Directors oversee enterprise risk management, including cybersecurity risk. The Board has delegated primary oversight of cybersecurity risk to the Audit Committee. The Audit Committee is responsible for reviewing management’s assessment of cybersecurity risks, including the overall threat landscape, key risk exposures, and the effectiveness of mitigation strategies and investments. The Audit Committee receives regular updates from management on cybersecurity matters and reports to the full Board as appropriate. Management is responsible for the day-to-day management of cybersecurity risks. This includes identifying and assessing risks, implementing and maintaining controls, monitoring for threats, determining materiality of incidents, and responding to cybersecurity events. The cybersecurity program is led by the Chief Information Security Officer (CISO), who has over 15 years of experience in cybersecurity, information security, and enterprise risk management. The CISO has held senior leadership roles, including prior CISO positions, overseeing the design and operation of enterprise security programs across cloud and on-premises environments, including areas such as threat detection and response, vulnerability management, and security governance. The CISO holds the Certified Information Systems Security Professional (CISSP) certification. The CISO regularly reports to senior management and the Audit Committee on cybersecurity risks, incidents, program maturity, strategic initiatives, regulatory compliance, and significant developments in the cybersecurity landscape, and is responsible for providing updates during potentially material cybersecurity incidents.
|
| Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] | Management is responsible for the day-to-day management of cybersecurity risks. This includes identifying and assessing risks, implementing and maintaining controls, monitoring for threats, determining materiality of incidents, and responding to cybersecurity events.
|
| Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] | Our Board of Directors oversee enterprise risk management, including cybersecurity risk. The Board has delegated primary oversight of cybersecurity risk to the Audit Committee. The Audit Committee is responsible for reviewing management’s assessment of cybersecurity risks, including the overall threat landscape, key risk exposures, and the effectiveness of mitigation strategies and investments. The Audit Committee receives regular updates from management on cybersecurity matters and reports to the full Board as appropriate. Management is responsible for the day-to-day management of cybersecurity risks. This includes identifying and assessing risks, implementing and maintaining controls, monitoring for threats, determining materiality of incidents, and responding to cybersecurity events.
|
| Cybersecurity Risk Role of Management [Text Block] | Management is responsible for the day-to-day management of cybersecurity risks. This includes identifying and assessing risks, implementing and maintaining controls, monitoring for threats, determining materiality of incidents, and responding to cybersecurity events.
|
| Cybersecurity Risk Management Positions or Committees Responsible [Flag] | true |
| Cybersecurity Risk Management Positions or Committees Responsible [Text Block] | Management is responsible for the day-to-day management of cybersecurity risks. This includes identifying and assessing risks, implementing and maintaining controls, monitoring for threats, determining materiality of incidents, and responding to cybersecurity events.
|
| Cybersecurity Risk Management Expertise of Management Responsible [Text Block] | The cybersecurity program is led by the Chief Information Security Officer (CISO), who has over 15 years of experience in cybersecurity, information security, and enterprise risk management. |
| Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] | Our Board of Directors oversee enterprise risk management, including cybersecurity risk. The Board has delegated primary oversight of cybersecurity risk to the Audit Committee. The Audit Committee is responsible for reviewing management’s assessment of cybersecurity risks, including the overall threat landscape, key risk exposures, and the effectiveness of mitigation strategies and investments. The Audit Committee receives regular updates from management on cybersecurity matters and reports to the full Board as appropriate. Management is responsible for the day-to-day management of cybersecurity risks. This includes identifying and assessing risks, implementing and maintaining controls, monitoring for threats, determining materiality of incidents, and responding to cybersecurity events.
|
| Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] | true |