Cybersecurity Risk Management, Strategy and Governance |
12 Months Ended |
---|---|
Mar. 31, 2025 | |
Cybersecurity Risk Management, Strategy, and Governance [Line Items] | |
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] |
ITEM 16K. Cybersecurity
We recognize the importance of assessing, identifying and managing material risks associated with cybersecurity threats. These risks include, among other things: operational risks, intellectual property theft, fraud, extortion, harm to employees or customers and violation of data privacy and security laws.
We maintain various cybersecurity measures and protocols to safeguard our systems and data and continuously monitor and assess potential threats to pre-emptively address any emerging cyber risks. We have implemented various processes for assessing, identifying, and managing material risks from cybersecurity threats, which are integrated into our overall risk management framework. These processes include access controls to organizational systems, data encryption, cybersecurity training and security awareness campaigns through direct mail, and are designed to systematically evaluate potential vulnerabilities and cybersecurity threats and minimize their potential impact on our organization’s operations, assets, and stakeholders. Our cybersecurity risk management processes share common methodologies, reporting channels and governance processes with our broader risk management processes. By embedding cybersecurity risk management into and aligning it with our broader risk management processes, we aim to ensure a comprehensive and proactive approach to safeguarding our assets and operations.
We engage assessors, consultants, auditors, and other third-party specialists to enhance the effectiveness of our cybersecurity processes, augment our internal capabilities, validate our controls, and stay abreast of evolving cybersecurity risks and best practices.
For the fiscal year ended March 31, 2025, we did not detect any cybersecurity incidents that have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations, or financial condition.
Responsibility for overseeing cybersecurity risks is integrated into our internal cybersecurity committee (the "Cybersecurity Committee"), which includes our key executives. We also utilize third-party service providers who are responsible for monitoring, detecting and assessing cybersecurity risks and incidents. These third-party service providers are also used for certain IT-related services, where appropriate, to assess, test or otherwise assist with aspects of our security controls. Accordingly, we also implement processes to oversee and identify material cybersecurity risks associated with our utilization of third-party service providers on whom we have a material dependency, such as conducting due diligence assessments to evaluate their cybersecurity measures, data protection practices, and compliance with relevant regulatory requirements.
Our third-party service providers currently comprises senior IT professionals with expertise in risk management, cybersecurity, and information technology. These individuals have, and any future individuals are expected to have credentials relevant to their role, which includes prior experience working in similar roles and formal education. The third-party service providers are also expected to keep abreast of cybersecurity best practices and procedures. The third-party service providers are responsible for assessing, identifying and mitigating material cybersecurity risks, including at a strategic level, monitoring for, defending against and remediating cybersecurity incidents and implementing and making improvements to our overall cybersecurity strategy.
As we do not have a dedicated board committee solely focused on cybersecurity, our full board oversees the implementation of our cybersecurity strategy, as well as cybersecurity risks, with the aim of protecting our interests and assets. Our cybersecurity strategy was developed by our Cybersecurity Committee, the third-party service providers and approved by senior management. The board receives periodic reports and presentations on cybersecurity risks from the Cybersecurity Committee, including incidents or breaches (if any), vulnerabilities, mitigation strategies and the overall effectiveness of our cybersecurity program. These reports highlight significant or emerging cybersecurity threats, their potential impact on the organization, ongoing initiatives to mitigate risks and any proposed actions or investments required to enhance our cybersecurity posture. |
Cybersecurity Risk Management Processes Integrated [Flag] | true |
Cybersecurity Risk Management Processes Integrated [Text Block] |
We maintain various cybersecurity measures and protocols to safeguard our systems and data and continuously monitor and assess potential threats to pre-emptively address any emerging cyber risks. We have implemented various processes for assessing, identifying, and managing material risks from cybersecurity threats, which are integrated into our overall risk management framework. These processes include access controls to organizational systems, data encryption, cybersecurity training and security awareness campaigns through direct mail, and are designed to systematically evaluate potential vulnerabilities and cybersecurity threats and minimize their potential impact on our organization’s operations, assets, and stakeholders. Our cybersecurity risk management processes share common methodologies, reporting channels and governance processes with our broader risk management processes. By embedding cybersecurity risk management into and aligning it with our broader risk management processes, we aim to ensure a comprehensive and proactive approach to safeguarding our assets and operations. |
Cybersecurity Risk Management Third Party Engaged [Flag] | true |
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] | true |
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] | false |
Cybersecurity Risk Board of Directors Oversight [Text Block] |
As we do not have a dedicated board committee solely focused on cybersecurity, our full board oversees the implementation of our cybersecurity strategy, as well as cybersecurity risks, with the aim of protecting our interests and assets. Our cybersecurity strategy was developed by our Cybersecurity Committee, the third-party service providers and approved by senior management. The board receives periodic reports and presentations on cybersecurity risks from the Cybersecurity Committee, including incidents or breaches (if any), vulnerabilities, mitigation strategies and the overall effectiveness of our cybersecurity program. These reports highlight significant or emerging cybersecurity threats, their potential impact on the organization, ongoing initiatives to mitigate risks and any proposed actions or investments required to enhance our cybersecurity posture. |
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] | As we do not have a dedicated board committee solely focused on cybersecurity, our full board oversees the implementation of our cybersecurity strategy, as well as cybersecurity risks, with the aim of protecting our interests and assets. Our cybersecurity strategy was developed by our Cybersecurity Committee, the third-party service providers and approved by senior management. |
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] | The board receives periodic reports and presentations on cybersecurity risks from the Cybersecurity Committee, including incidents or breaches (if any), vulnerabilities, mitigation strategies and the overall effectiveness of our cybersecurity program. |
Cybersecurity Risk Role of Management [Text Block] |
Our third-party service providers currently comprises senior IT professionals with expertise in risk management, cybersecurity, and information technology. These individuals have, and any future individuals are expected to have credentials relevant to their role, which includes prior experience working in similar roles and formal education. The third-party service providers are also expected to keep abreast of cybersecurity best practices and procedures. The third-party service providers are responsible for assessing, identifying and mitigating material cybersecurity risks, including at a strategic level, monitoring for, defending against and remediating cybersecurity incidents and implementing and making improvements to our overall cybersecurity strategy.
As we do not have a dedicated board committee solely focused on cybersecurity, our full board oversees the implementation of our cybersecurity strategy, as well as cybersecurity risks, with the aim of protecting our interests and assets. Our cybersecurity strategy was developed by our Cybersecurity Committee, the third-party service providers and approved by senior management. The board receives periodic reports and presentations on cybersecurity risks from the Cybersecurity Committee, including incidents or breaches (if any), vulnerabilities, mitigation strategies and the overall effectiveness of our cybersecurity program. These reports highlight significant or emerging cybersecurity threats, their potential impact on the organization, ongoing initiatives to mitigate risks and any proposed actions or investments required to enhance our cybersecurity posture. |
Cybersecurity Risk Management Positions or Committees Responsible [Flag] | true |
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] | Responsibility for overseeing cybersecurity risks is integrated into our internal cybersecurity committee (the "Cybersecurity Committee"), which includes our key executives. |
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] | Our third-party service providers currently comprises senior IT professionals with expertise in risk management, cybersecurity, and information technology. |
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] | The third-party service providers are responsible for assessing, identifying and mitigating material cybersecurity risks, including at a strategic level, monitoring for, defending against and remediating cybersecurity incidents and implementing and making improvements to our overall cybersecurity strategy. |
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] | true |