Our cybersecurity program is designed to detect cybersecurity threats and vulnerabilities, protect our information systems from such threats, and ensure the confidentiality, integrity, and availability of systems and information used, owned or managed by us. Our focus is on protecting sensitive information, such as personal information of our customers and employees, and confidential business information that could be leveraged by a competitor or a malicious actor.

Our cybersecurity program has several components, including the adoption of information security protocols, standards, and guidelines consistent with best industry practices; engaging third-party service providers to conduct security assessments and penetration testing; and performing periodic internal audits of our cybersecurity protocols. We employ a risk-based process designed to manage cybersecurity risks presented by third-party vendors that may have access to our sensitive information and/or information technology (“IT”) systems. This process may consider the nature of the services provided, the sensitivity and quantity of information processed, the criticality of any potentially impacted IT systems, and/or the strength of the vendor’s cybersecurity practices.

We monitor potential cybersecurity risks through tracking. These key risks are characterized by various factors such as the likelihood of us experiencing a particular type of cybersecurity incident, the speed at which each type of cybersecurity incident could impact the Company, and management’s assessment of the Company’s ability to respond quickly and efficiently.

An incident response plan aligned with best practices guidelines governs our response to cybersecurity incidents. The incident response plan outlines how we can detect, analyze, contain, eradicate, recover, and perform post-incident activities in the event of a cybersecurity incident. It also contains an internal, risk-based escalation framework designed to ensure that all relevant individuals are promptly informed of any cybersecurity incident and dictates procedures for determining whether a cybersecurity incident is material without unreasonable delay.

While we may experience minor data and cybersecurity incidents from time to time, to our knowledge, the risks posed by cybersecurity threats have not materially affected and are not reasonably likely to materially affect our business strategy, results of operations or financial condition. However, there can be no assurance that we will not be materially affected by such risks in the future. A successful cybersecurity attack may expose us to misuse of information or systems, the compromising of confidential information, manipulation or destruction of data, production downtimes, and operations disruptions.

One of the key functions of our executive officers is to inform oversight of our risk management process, which includes risks from cybersecurity threats. Our executive officer monitor and assesses strategic risk exposure, and manages the material risks we face. Our executive ooficers monitor and assess strategic risk exposure, and manage the material risks we face.

Our Chief Executive Officer works to manage our cybersecurity policies and processes. He is responsible for managing how we identify, address, prevent and resolve cybersecurity issues and related matters. He is also responsible for tracking how we prevent, identify, lessen, and address cybersecurity issues. This is done through regular checks of our systems, tests to identify security weaknesses, and maintaining an incident response plan.