Cybersecurity Risk Management and Strategy Disclosure |
12 Months Ended |
|---|---|
Mar. 31, 2025 | |
| Cybersecurity Risk Management, Strategy, and Governance [Line Items] | |
| Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] |
The Company’s comprehensive cybersecurity program is aligned with the National Institute for Standards and Technology Cybersecurity Framework, an industry standard that sets guidelines to manage cybersecurity risks. The cybersecurity program includes processes, procedures and controls to reasonably mitigate our cybersecurity and information technology risk. Our efforts focus on continuously protecting, detecting, responding to, managing and enhancing the security of our information systems, software, networks and digital assets. Such efforts are designed to protect against and mitigate the effects of, among other things, security and data privacy incidents including cyber-attacks, ransomware and identifying deliberate attempts to exploit known and existing vulnerabilities. The cybersecurity program is designed to minimize the impact and disruption to business operations.
The efforts to prevent, detect and respond to cybersecurity threats are managed by our VP, Cybersecurity in collaboration with our Chief Information Officer (“CIO”), whose teams are responsible for leading our cybersecurity strategy, policy, communication, training, architecture and processes. Our cybersecurity program includes:
•identifying and confirming the adequacy of security measures;
•identifying security deficiencies and data from which to predict effectiveness of proposed security measures;
•detection and reporting requirements for identifying unusual internal or external activity or events that may compromise the availability, confidentiality and integrity of our information technology resources;
•specific testing to be performed within specific timelines, including but not limited to, networks, web applications and network accounts;
•regularly reviewing relevant threat and vulnerability information from appropriate goods and services vendors, third-parties and public domain resources;
•verifying compliance with cybersecurity policies through various methods, including but not limited to, system and tool reports, internal and external audits and feedback to the policy owner;
•reviewing our cybersecurity policies at least annually or when there are significant changes within the company’s facilities or infrastructure to ensure their continuing suitability, adequacy and effectiveness;
•a crisis management governance plan that outlines the members of the crisis management team, escalation path and escalation thresholds; and
•periodic tabletop exercises with our management team to test our crisis management governance plan and to familiarize our management team with the elements and operation of our crisis management governance plan.
When a cybersecurity threat or incident is identified, our security incident plan outlines the members of the Security Incident Response Team, escalation path and escalation thresholds. The Security Incident Response Team considers each incident’s impact to our operations, technology, safety and reputation and any legal or regulatory impacts. If any individual situation or situations in the aggregate triggers any one severity level, the event is immediately escalated according to the appropriate response path for each incident classification. We have also retained a third-party service provider to complement our incident response capabilities, if required.
We engage third parties to conduct annual security penetration testing against our networks, both internally and externally, to identify and mitigate cyber risks. We have and will continue to conduct cybersecurity program assessments to evaluate its maturity against the National Institute for Standards and Technology Cybersecurity Framework. We require ongoing cybersecurity training for all employees, focusing on the appropriate protection and security of confidential company and third-party information. Additionally, employees participate in mandatory monthly cybersecurity awareness training that covers a broad range of security topics, including business email compromise, phishing schemes, remote work and reporting and responding to suspicious activities.
|
| Cybersecurity Risk Management Processes Integrated [Flag] | true |
| Cybersecurity Risk Management Processes Integrated [Text Block] |
The Company’s comprehensive cybersecurity program is aligned with the National Institute for Standards and Technology Cybersecurity Framework, an industry standard that sets guidelines to manage cybersecurity risks. The cybersecurity program includes processes, procedures and controls to reasonably mitigate our cybersecurity and information technology risk. Our efforts focus on continuously protecting, detecting, responding to, managing and enhancing the security of our information systems, software, networks and digital assets. Such efforts are designed to protect against and mitigate the effects of, among other things, security and data privacy incidents including cyber-attacks, ransomware and identifying deliberate attempts to exploit known and existing vulnerabilities. The cybersecurity program is designed to minimize the impact and disruption to business operations.
|
| Cybersecurity Risk Management Third Party Engaged [Flag] | true |
| Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] | true |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] | false |
| Cybersecurity Risk Board of Directors Oversight [Text Block] | The Board of Directors considers cybersecurity risk as part of its risk oversight function and oversees the risks from cybersecurity threats. As such, it receives updates on our cybersecurity practices, events and risks from our CIO at the Board’s regularly scheduled meetings. |
| Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] | The efforts to prevent, detect and respond to cybersecurity threats are managed by our VP, Cybersecurity in collaboration with our Chief Information Officer (“CIO”), whose teams are responsible for leading our cybersecurity strategy, policy, communication, training, architecture and processes. |
| Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] | When a cybersecurity threat or incident is identified, our security incident plan outlines the members of the Security Incident Response Team, escalation path and escalation thresholds. |
| Cybersecurity Risk Role of Management [Text Block] |
Our executive leadership team (“ELT”) also supports and monitors the effectiveness of and compliance with the cybersecurity policies and other security and data protection requirements. The ELT externally communicates data breaches, provides protocol and processes for internal and external communication and analyzes business impacts of a cybersecurity incident.
Our VP, Cybersecurity has over 25 years of leadership experience, including 8 years of experience developing and implementing cybersecurity programs to protect organizations against cyber-attacks. The responsibilities of the VP, Cybersecurity include, but are not limited to, developing, deploying and maintaining the cybersecurity policies; developing, deploying and maintaining cybersecurity program documentation, processes and procedures; validating compliance with cybersecurity policies by staff and third parties; and reviewing and approving cybersecurity policies deviations, waivers and exceptions. The VP, Cybersecurity also evaluates security and data protection incidents, analyzes business impacts, provides security and risk guidance and recommendations, and reviews security incident reports.
Our CIO has over 30 years of IT experience, including 17 years as CIO for businesses in a variety of industries. Our CIO has a track record of developing effective, leading-edge technology solutions that create business value. The CIO reviews and approves cybersecurity policies and reviews, approves and monitors security policies, deviations, waivers and exceptions.
|
| Cybersecurity Risk Management Positions or Committees Responsible [Flag] | true |
| Cybersecurity Risk Management Positions or Committees Responsible [Text Block] | The efforts to prevent, detect and respond to cybersecurity threats are managed by our VP, Cybersecurity in collaboration with our Chief Information Officer (“CIO”), whose teams are responsible for leading our cybersecurity strategy, policy, communication, training, architecture and processes. |
| Cybersecurity Risk Management Expertise of Management Responsible [Text Block] |
Our VP, Cybersecurity has over 25 years of leadership experience, including 8 years of experience developing and implementing cybersecurity programs to protect organizations against cyber-attacks. The responsibilities of the VP, Cybersecurity include, but are not limited to, developing, deploying and maintaining the cybersecurity policies; developing, deploying and maintaining cybersecurity program documentation, processes and procedures; validating compliance with cybersecurity policies by staff and third parties; and reviewing and approving cybersecurity policies deviations, waivers and exceptions. The VP, Cybersecurity also evaluates security and data protection incidents, analyzes business impacts, provides security and risk guidance and recommendations, and reviews security incident reports. Our CIO has over 30 years of IT experience, including 17 years as CIO for businesses in a variety of industries. Our CIO has a track record of developing effective, leading-edge technology solutions that create business value.
|
| Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] | When a cybersecurity threat or incident is identified, our security incident plan outlines the members of the Security Incident Response Team, escalation path and escalation thresholds. The Security Incident Response Team considers each incident’s impact to our operations, technology, safety and reputation and any legal or regulatory impacts. If any individual situation or situations in the aggregate triggers any one severity level, the event is immediately escalated according to the appropriate response path for each incident classification. |
| Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] | true |