We recognize the increasing volume and sophistication of cyber threats and take our responsibility to protect the information and systems under our purview seriously. We consider cybersecurity threat risks alongside other Company risks as part of our overall risk assessment process. Our cybersecurity processes aim to provide a comprehensive approach to assess, identify, manage, mitigate, and respond to cybersecurity threats.

We maintain a cybersecurity risk program predicated on a risk-based approach. We use cost-effective controls that are commensurate with the risk and sensitivity of our specific information systems, control systems and enterprise data. Our cybersecurity program incorporates best practices and industry standards from multiple sources and is designed to comply with applicable regulations. The cybersecurity program includes, but is not limited to, the following elements: risk assessment, policies and procedures, training and awareness, auditing, log collection and analysis, threat hunting and intelligence surveillance, compliance monitoring and testing, and incident response.

Our internal professionals collaborate with external subject matter specialists, as necessary. All third parties engaged for such matters are subjected to scrutiny to ensure they satisfy our security standards. We periodically review our third-party engagements to ensure that the providers maintain the necessary levels of protection and competency, as well as to oversee and identify potential cybersecurity risks and/or threats from such engagements.

We describe how risks from cybersecurity threats could materially affect us, including our business strategy, results of operations, or financial condition, as part of our risk factor disclosures at Part I, Item 1A, “Risk Factors” of this Annual Report on Form 10-K.

Cybersecurity is an important part of our risk management processes and an area of focus for our Board and management. Our Board is responsible for oversight of our cybersecurity risk, including the effectiveness of cybersecurity risk management policies and protocols, while our FSO and IT Manager are responsible for assessing and managing cybersecurity risk. We use a third-party service which monitors the Company’s security threats twenty-four hours each day throughout the year. Any detected deviation from the expected operating parameters will initiate a communication to our IT Manager for investigation and remediation of the detected deviation in a timely manner. Our IT Manager has over 30 years of IT and cybersecurity experience.

Our IT Manager provides timely reports on cyber security incidents to the FSO, Danny Schoening, who also serves as the Chief Executive Officer and as Chairman of the board of directors. These reports may in turn be presented to the full board depending on the severity of the incident. In the event of a major incident, the Company’s Incident Response policy will be executed and the appropriate parties notified.