We are committed to implementing and maintaining appropriate cybersecurity and data protection measures in recognition of our risk profile and the continuing prevalence of security breaches or disruptions across industries, particularly through cyber-attack or cyber-intrusion.  Cybersecurity impacts various aspects of our business, including our operations, governance, compliance program and employee training. We engage with third-party experts and consultants to identify and manage potential risks relevant to our business and proactively implement measures to mitigate their potential impact, including through regular training programs for our employees on data security issues and our implemented security measures, such as those relating to enterprise security, malware, anti-phishing and other potential threats.  Additionally, we have reporting and escalation procedures in place for employees to report incidents, vulnerabilities, or suspicious activities to the internal stakeholders and external service providers responsible for cybersecurity and IT matters, including our Vice President of Accounting and Administration (“VPAA”), our cybersecurity/IT managed service provider, and our virtual Chief Information Security Officer. The process provides for appropriate evaluation and escalation and to the IT Executive Committee, which includes appropriate members of our management and executive leadership team. With respect to our third party vendors and suppliers, we perform onboarding and due diligence procedures that evaluate such vendor/supplier’s cybersecurity and information technology policies and programs as appropriate. Our supplemental cybersecurity questionnaire communicates our expectations regarding information security requirements and is distributed to applicable vendors/suppliers to be completed satisfactorily prior to any engagement. 

Information security is also an element of the enterprise risk assessment periodically performed by management and reviewed by the Audit Committee of our Board of Directors.   The Audit Committee retains oversight of our cybersecurity and IT framework and the management team updates the Audit Committee and Board of Directors multiple times throughout the year with respect to key developments and updates relating to emerging cybersecurity risks, as well as measures implemented to mitigate such risks. We conduct both internal and external vulnerability and maturity assessments of our company’s information security management systems from time to time.

For additional information on our cybersecurity measures, please refer to our most recent Annual Report on Form 10-K available on our SEC Filings page.

Last updated: October 8, 2025