Annual report [Section 13 and 15(d), not S-K Item 405]

Cybersecurity Risk Management and Strategy Disclosure

v3.25.4
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Oct. 31, 2025
Cybersecurity Risk Management, Strategy, and Governance [Abstract]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] Overview

 

Our IT and related systems are critical to the efficient operation of our business and essential to our ability to perform day-to-day processes. We face persistent security threats, including threats to our IT infrastructure and unlawful attempts to gain access to our confidential or otherwise proprietary information, or that of our employees, via phishing/malware campaigns and other cyberattack methods.

 

Our security policies and processes are based on industry best practices and are revisited regularly to ensure their appropriateness based on risk, threats and current technological capabilities. We regularly assess our threat landscape and monitor our systems and other technical security controls, maintain information security practices and ensure maintenance of backup and protective systems. We review System and Organization Controls 1 (SOC 1 Type II) certifications where relevant from key third party partners and other service providers with access to information assets at least annually.

 

Our internal controls and procedures address cybersecurity and include processes intended to ensure that security breaches are reported to appropriate personnel and, if warranted, analyzed for potential disclosure. We also maintain insurance coverage that is intended to address certain aspects of cybersecurity risks. To date, there have not been any cybersecurity threats that have materially affected the Company.

 
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] false
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block] Governance 

Board Oversight of Cybersecurity Matters

 

Assessing and managing information security matters is the responsibility of our Audit Committee. The Audit Committee meets with the senior executives, specifically the Chief Executive Officer and Chief Financial Officer on at least an annual basis to discuss cybersecurity posture. The Audit Committee may also periodically receive targeted briefings related to cybersecurity and reviews our incident response capabilities.

 

Management of Cybersecurity Risks

 

The senior executives work to protect our information systems from cybersecurity threats and to promptly assist in coordinating a response to any cybersecurity incidents in accordance with our cybersecurity incident response and recovery plans. We have engaged an IT Managed Service Provider who assists in the oversight of our corporate-wide data security, including developing, implementing and enforcing security policies to manage our overall cybersecurity risks. The senior executives regularly meet with our IT Managed Service Provider during the course of the year to review and discuss cybersecurity issues.

 

Strategy

 

Our Security Culture

 

We protect our information assets and manage risk by promoting a culture that communicates security risks, designs secure IT systems and operates according to approved processes to reduce the likelihood and impact of security incidents. We achieve this objective by:

 

  designing, implementing and maintaining solutions with appropriate security controls;
  sustaining solutions with required patching and vulnerability remediation;
  creating and executing controls in support of policy as well as regulatory compliance;
  ensuring that our policies, processes, practices and technologies proactively protect, shield, defend and remediate cyber threats; and
  delivering quality communications and training to stakeholders on cyber awareness and computing hygiene.

 

26

 

 

We believe that the conduct of our employees is critical to the success of our information security. We keep our employees apprised of threats, risks and the part that they play in protecting both themselves and the Company.

 

We assess our service providers prior to allowing our information to be processed, stored or transmitted by third parties, and we include standardized contractual requirements in each contract where appropriate. We validate our service providers’ security via open-source intelligence and, where appropriate, SOC 1 Type II reports on financially significant third-party service providers. Our process also includes regular monitoring of risk related to third parties on a periodic basis or when services or product purchases expand beyond their original scope or intended use.

 
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] Board Oversight of Cybersecurity Matters

 

Assessing and managing information security matters is the responsibility of our Audit Committee. The Audit Committee meets with the senior executives, specifically the Chief Executive Officer and Chief Financial Officer on at least an annual basis to discuss cybersecurity posture. The Audit Committee may also periodically receive targeted briefings related to cybersecurity and reviews our incident response capabilities.

 
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] Strategy 

Our Security Culture

 

We protect our information assets and manage risk by promoting a culture that communicates security risks, designs secure IT systems and operates according to approved processes to reduce the likelihood and impact of security incidents. We achieve this objective by:

 

  designing, implementing and maintaining solutions with appropriate security controls;
  sustaining solutions with required patching and vulnerability remediation;
  creating and executing controls in support of policy as well as regulatory compliance;
  ensuring that our policies, processes, practices and technologies proactively protect, shield, defend and remediate cyber threats; and
  delivering quality communications and training to stakeholders on cyber awareness and computing hygiene.

 

We believe that the conduct of our employees is critical to the success of our information security. We keep our employees apprised of threats, risks and the part that they play in protecting both themselves and the Company.

 

We assess our service providers prior to allowing our information to be processed, stored or transmitted by third parties, and we include standardized contractual requirements in each contract where appropriate. We validate our service providers’ security via open-source intelligence and, where appropriate, SOC 1 Type II reports on financially significant third-party service providers. Our process also includes regular monitoring of risk related to third parties on a periodic basis or when services or product purchases expand beyond their original scope or intended use.

 
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] Management of Cybersecurity Risks

 

The senior executives work to protect our information systems from cybersecurity threats and to promptly assist in coordinating a response to any cybersecurity incidents in accordance with our cybersecurity incident response and recovery plans. We have engaged an IT Managed Service Provider who assists in the oversight of our corporate-wide data security, including developing, implementing and enforcing security policies to manage our overall cybersecurity risks. The senior executives regularly meet with our IT Managed Service Provider during the course of the year to review and discuss cybersecurity issues.