Cybersecurity Risk Management and Strategy Disclosure |
12 Months Ended |
|---|---|
Mar. 31, 2026 | |
| Cybersecurity Risk Management, Strategy, and Governance [Line Items] | |
| Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] |
Risk Management and Strategy
We maintain a comprehensive process for identifying, assessing, and managing material risks from cybersecurity threats as part of our broader risk management system and processes. This cybersecurity risk management process includes a wide variety of mechanisms, controls, technologies, methods, systems, and other processes that are designed to prevent, detect, or mitigate data loss, theft, misuse, unauthorized access and other security incidents and vulnerabilities.
As part of our cybersecurity risk management process, we conduct regular application security assessments, vulnerability management, external penetration testing, security audits, and risk assessments. We leverage third-party security service providers to provide continuous and uninterrupted identification and mitigation of risk-prioritized security events. We maintain an incident response plan that is utilized when incidents are detected. Our incident response plan coordinates the activities that we and our third-party cybersecurity provider take to prepare to respond, recover from and mitigate cybersecurity incidents, which include processes to assess severity, investigate, escalate, contain, and remediate an incident, as well as to comply with potentially applicable legal obligations and mitigate brand and reputational harm.
We require employees with access to information systems, including all corporate employees, to undertake data protection, cybersecurity, privacy, and compliance programs at least annually. We maintain a team of dedicated security and compliance professionals who oversee cybersecurity risk management, mitigation, incident prevention, detection, and remediation, which is led by our Chief Information Security Officer (“CISO”). The team has deep cybersecurity experience with an average tenure of over 20 years with expertise in protecting critical assets for top firms in a myriad of different industries.
As part of our cybersecurity risk management process, we contractually require third-party service providers to implement and maintain key security measures in connection with their work with us when appropriate that is consistent with applicable laws. Additionally, our third-party service providers are required to promptly report any breach of their security measures or systems that may affect our Company. Our security and compliance professionals track and log privacy and security incidents across our vendors and other third-party service providers to remediate and resolve any such incidents. Significant incidents associated with our vendors and service providers are reviewed regularly to determine whether further escalation is appropriate. Any incident assessed as potentially being or potentially becoming material is immediately escalated for further assessment and then reported to designated members of our senior management.
We leverage the System and Organization Controls 2 (“SOC 2”) Type 2 attestation framework to determine the operating effectiveness of our internal security controls, the ISO/IEC 27001 certification standard to systematically manage information security risks across our organization, and the NIST Cybersecurity Framework to better understand, manage, and reduce cybersecurity risk and protect our business from ever-changing cyber threats.
We successfully re-attested to SOC 2 Type II and achieved ISO/IEC 27001 certification this fiscal year, representing an advancement in our information security posture and our commitment to industry-leading standards. The SOC 2 Type II re-attestation confirms the continued operating effectiveness of our internal security controls through independent third-party audit. We operate an Information Security Management System (ISMS) which complies with the requirements of ISO/IEC 27001:2022 for the following scope: Our ISMS applies to technical infrastructure, applications and systems that ensure delivery of its products and services to its customers. It also includes technical activities which hold, obtain, share, or manage customer and business data, and the business functions of Engineering, Product Management and Customer Support.
|
| Cybersecurity Risk Management Processes Integrated [Flag] | true |
| Cybersecurity Risk Management Processes Integrated [Text Block] |
We maintain a comprehensive process for identifying, assessing, and managing material risks from cybersecurity threats as part of our broader risk management system and processes. This cybersecurity risk management process includes a wide variety of mechanisms, controls, technologies, methods, systems, and other processes that are designed to prevent, detect, or mitigate data loss, theft, misuse, unauthorized access and other security incidents and vulnerabilities.
|
| Cybersecurity Risk Management Third Party Engaged [Flag] | true |
| Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] | true |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] | false |
| Cybersecurity Risk Board of Directors Oversight [Text Block] |
Governance
Our executive leadership team, along with input from the above team, are responsible for our overall enterprise risk management system and processes and regularly consider cybersecurity risks in the context of other
material risks to the Company. Senior management regularly discusses on at least a quarterly basis and more frequently as needed, cyber risks and trends and, should they arise, any material incidents with the Audit Committee. The Audit Committee has oversight responsibility over our cybersecurity risk management process, including risks and incidents relating to cybersecurity threats, including compliance with disclosure requirements, cooperation with law enforcement, and related effects on financial and other risks, and it reports any findings and recommendations, as appropriate, to the full Board for consideration.
|
| Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] | The Audit Committee has oversight responsibility over our cybersecurity risk management process |
| Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] | The Audit Committee has oversight responsibility over our cybersecurity risk management process, including risks and incidents relating to cybersecurity threats, including compliance with disclosure requirements, cooperation with law enforcement, and related effects on financial and other risks, and it reports any findings and recommendations, as appropriate, to the full Board for consideration. |
| Cybersecurity Risk Role of Management [Text Block] | Senior management regularly discusses on at least a quarterly basis and more frequently as needed, cyber risks and trends and, should they arise, any material incidents with the Audit Committee. |
| Cybersecurity Risk Management Positions or Committees Responsible [Flag] | true |
| Cybersecurity Risk Management Positions or Committees Responsible [Text Block] |
Our executive leadership team, along with input from the above team, are responsible for our overall enterprise risk management system and processes and regularly consider cybersecurity risks in the context of other material risks to the Company.
|
| Cybersecurity Risk Management Expertise of Management Responsible [Text Block] | The team has deep cybersecurity experience with an average tenure of over 20 years with expertise in protecting critical assets for top firms in a myriad of different industries. |
| Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] | Senior management regularly discusses on at least a quarterly basis and more frequently as needed, cyber risks and trends and, should they arise, any material incidents with the Audit Committee. |
| Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] | true |