Risk Factors - FRD

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing

$FRD Risk Factor changes from 00/07/14/23/2023 to 00/06/12/25/2025

Item 1A. Risk Factors Not required. Item 1B. Unresolved Staff Comments None. Item 1C. Item 1B. Cybersecurity Cybersecurity Governance The Board of Directors (the “Board”) of the Company is responsible for the oversight of the Company’s cybersecurity program and recognizes the risks that cybersecurity threats may impose on the Company, its business partners, employees and investors. The Company's IT Director is responsible for overall IT governance, risk and compliance including the Company’s cybersecurity program. The Audit Committee of the Board collaborates with the full Board and the IT Director to facilitate alignment of overall IT related controls and processes. We have a formalized IT Security Incident Report process which provides a method to document and communicate details of security incidents to appropriate stakeholders. The Board and the Audit Committee receive periodic briefings on cybersecurity and help set priorities and strategic direction. As part of continuous improvement, our cybersecurity program is being aligned with the NIST Cybersecurity Framework 2.0 to help ensure comprehensive controls and oversight. Cybersecurity Controls We have implemented a modern, comprehensive set of controls that restrict access to systems using a combination of firewalls, virtual private networks, multi-factor authentication and enforced use of corporate controlled compliant devices. We utilize automated intrusion prevention, detection and response systems which constantly monitor activity, build usage patterns and respond or alert when unusual activity is detected. We have experienced staff who perform root cause analysis, respond to any immediate threat, and implement improved controls for future prevention. Our cybersecurity tools are fully integrated and collect data from various sources to build relationships and detect more complex multi-channel attack strategies. Application controls are role-based and designed to protect data confidentiality and provide overall data integrity. A risk-based approach is taken regarding third-party systems utilized in our business. We have controls specifically focused on E-mail phishing including impersonation attempts. Although our automated controls prevent most phishing attempts, some can be delivered to employees. To mitigate this risk, we provide training to employees using various methods including E-mail phishing campaigns which send phishing-style E-mails, monitors user responses and automatically assigns further training as appropriate. Employees have been trained to send any suspicious activity to a central IT Service Desk for evaluation and appropriate timely action. All critical systems have rigorous data backups and are designed for disaster recovery, ensuring business continuity in the event of a catastrophic incident. As part of continuous improvement, disaster recovery testing is being conducted and documented. We are not aware of any unmitigated risk or any prior incident that may have materially affected the Company’s data integrity, confidentiality, operations, business strategy or financial reporting. Given our reliance on modern systems, we are aware a significant incident could impact the Company’s overall goals so we strive to provide modern counter measures to manage this risk. 4 .