Risk Factors Dashboard

We periodically assess risks from cybersecurity threats, and monitor our information systems for potential vulnerabilities. However, to date, given the small size of our company and the nature of our operations, our reliance on information systems has primarily been limited to the use of standard off-the-shelf software (such as Google, Sage 100 Advanced Software, and Microsoft Office) and the use by our employees of standard personal computers. We also employ an internal Information System Employee, as well as an external 24 hour per day, 365 day per year, Information Technology Service, providing Cloud Hosting, Web Protection, License, Firewall, and IP Service. With the assistance of the outside IT service, in conjunction with our Internal IT Team, management has implemented the necessary formal processes for assessing, identifying, and managing risks from cybersecurity threats. Firewalls are regularly checked and updated to the latest firmware. In the case of an actual cyber security threat, our outside IT service has full backups of critical systems and a 6-hour Disaster Recovery plan.

Risks from cybersecurity threats have, to date, not materially affected us, our business strategy, results of operations or financial condition. We discuss how cybersecurity incidents could materially affect us in our risk factor disclosures within our FORWARD-LOOKING STATEMENTS, discussed in Item 7. MANAGEMENT’S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION AND RESULTS OF OPERATIONS, of this Annual Report on Form 10-K.

As discussed above, given the internal and external IT work, the nature of our current operations and our experience to date, we do not currently perceive cybersecurity as a particularly significant risk to our business. Accordingly, we have not tasked our Board of Directors with any additional cybersecurity oversight duties, or designated any committee of the Board of Directors to specifically oversee cybersecurity risks to our business.