Cybersecurity Implementation We have established a comprehensive cybersecurity risk management program aimed at safeguarding the confidentiality, integrity, and availability of our critical IT systems and data. This involves utilizing various security tools and techniques, such as penetration test and vulnerability scanning programs conducted by the respective outsourced cybersecurity service provider, to proactively identify, investigate, contain and recover from potential vulnerabilities and security incidents. Our cybersecurity risk management program is built based on the National Institute of Standards and Technology Cybersecurity Framework integrates with our broader enterprise risk management framework, utilizing consistent methodologies and reporting channels across all risk domains. Oversight of this program falls under the purview of our IT team, which ultimately reports to the Audit Committee. Our cybersecurity risk management program includes: | ● | an Information Security Policy outlining practices for maintaining confidence in our business and safeguarding information; |
| ● | utilization of internal and external resources for security assessments and audits; |
| ● | annual external audits and penetration tests for our systems; |
| ● | mandatory cybersecurity training for all employees and management; |
| ● | a comprehensive incident response plan for assessing, responding to, and resolving cybersecurity incidents; and |
| ● | a vendor assessment program to mitigate cybersecurity risks from third-party service providers, including contractual obligations for prompt reporting of security incidents or risks. |
As of the date of this report, the Company is not aware of any risks from cybersecurity threats that have materially affected or are reasonably likely to materially affect the Company, including its business strategy, results of operations, or financial condition. However, there can be no assurance that we will not be materially affected by such risks in the future. For information on the cybersecurity threats and risks we face and the potential impacts on the business related thereto, see “Item 3. Key Information—D. Risk Factors—Risks Relating to Our Business and Industry—A data security or privacy breach could damage our reputation and our relationships with our customers or employees, expose us to litigation risk, and adversely affect our business.”
|