v3.26.1
Cybersecurity Risk Management, Strategy, and Governance
 12 Months Ended
Mar. 31, 2026
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Item 1C. Cybersecurity.

Cybersecurity is a significant and integrated component of Central Plains Bancshares, Inc. risk management strategy. As a financial services corporation, cyber threats are present and growing, and the potential exists for a cybersecurity incident to occur, which could disrupt business operations or compromise sensitive data. To date, The Company has not, to its knowledge, experienced an incident materially affecting or reasonably likely to materially affect The Company.

To prepare and respond to incidents, the Company has implemented a multi-layered cybersecurity strategy integrating people, technology, and processes. This includes employee training, the use of innovative technologies, and the implementation of policies and procedures in the areas of information and network security, data management, business continuity and disaster recovery, privacy, third-party risk management, and incident response. The Company engages third-party consultants and independent auditors to, among other things, conduct penetration and vulnerability tests, monitor systems, perform cybersecurity risk assessments, and conduct audits.

The Information Technology Department is primarily responsible for identifying, assessing, and managing material risks from cybersecurity threats. The Information Technology Department is managed by the IT Manager who reports directly to the Executive Vice President/Chief Operations Officer (COO). The IT Manager has more than seven years of experience with the Company and additional years of experience in the information technology (“IT”) field. The IT Manager is assisted in overseeing Information Technology by an IT Managed Service Provider firm. The IT Manager and COO oversee the information security program, which is governed by various information security and cybersecurity, systems development, change control, disaster recovery/business continuity and physical asset classification and control policies. The Information Security & Network System Policy identifies data sources, threats and vulnerabilities and ensures awareness, accountability, and oversight for data protection throughout the Company and with trusted third parties to ensure that data is protected and able to be recovered in the event of a breach or failure (technical or other disaster).

The Information Technology Department conducts on-going meetings and reviews with the IT Managed Service Provider to ensure the latest threats and vulnerabilities are addressed. This includes patch management. Quarterly external penetration and vulnerability testing is conducted by a third-party IT audit firm. Business continuity/ disaster recovery testing and incident response plan testing is conducted annually by the Board appointed Disaster Recovery Committee. In addition, the company participates in annual disaster recover exercises with its core IT system provider. The Board appointed Technology Committee provides oversight of policies and receives updates including cybersecurity, systems, IT assets and control policies. The COO is a member of the Technology Committee and the Disaster Recovery Committee and information from committee meetings and testing is reported to the Board.

The Company has implemented an Incident Response Plan to provide a structured incident response process for information security incidents that affect any of the information technology systems, network, or data of the Company. The Incident Response Plan is implemented and maintained by the COO.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block] To prepare and respond to incidents, the Company has implemented a multi-layered cybersecurity strategy integrating people, technology, and processes. This includes employee training, the use of innovative technologies, and the implementation of policies and procedures in the areas of information and network security, data management, business continuity and disaster recovery, privacy, third-party risk management, and incident response.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block]

The Information Technology Department conducts on-going meetings and reviews with the IT Managed Service Provider to ensure the latest threats and vulnerabilities are addressed. This includes patch management. Quarterly external penetration and vulnerability testing is conducted by a third-party IT audit firm. Business continuity/ disaster recovery testing and incident response plan testing is conducted annually by the Board appointed Disaster Recovery Committee. In addition, the company participates in annual disaster recover exercises with its core IT system provider. The Board appointed Technology Committee provides oversight of policies and receives updates including cybersecurity, systems, IT assets and control policies. The COO is a member of the Technology Committee and the Disaster Recovery Committee and information from committee meetings and testing is reported to the Board.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] The Board appointed Technology Committee provides oversight of policies and receives updates including cybersecurity, systems, IT assets and control policies.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] The COO is a member of the Technology Committee and the Disaster Recovery Committee and information from committee meetings and testing is reported to the Board.
Cybersecurity Risk Role of Management [Text Block] The Information Technology Department is managed by the IT Manager who reports directly to the Executive Vice President/Chief Operations Officer (COO). The IT Manager has more than seven years of experience with the Company and additional years of experience in the information technology (“IT”) field. The IT Manager is assisted in overseeing Information Technology by an IT Managed Service Provider firm. The IT Manager and COO oversee the information security program, which is governed by various information security and cybersecurity, systems development, change control, disaster recovery/business continuity and physical asset classification and control policies. The Information Security & Network System Policy identifies data sources, threats and vulnerabilities and ensures awareness, accountability, and oversight for data protection throughout the Company and with trusted third parties to ensure that data is protected and able to be recovered in the event of a breach or failure (technical or other disaster).
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] The Information Technology Department is managed by the IT Manager who reports directly to the Executive Vice President/Chief Operations Officer (COO).
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] The IT Manager has more than seven years of experience with the Company and additional years of experience in the information technology (“IT”) field.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] The IT Manager is assisted in overseeing Information Technology by an IT Managed Service Provider firm. The IT Manager and COO oversee the information security program, which is governed by various information security and cybersecurity, systems development, change control, disaster recovery/business continuity and physical asset classification and control policies.