XML 55 R37.htm IDEA: XBRL DOCUMENT v3.25.0.1
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
The Company has processes for assessing, identifying, and managing material risks from cybersecurity threats. These processes are integrated into the Company’s overall risk management systems, as overseen by the Company’s board of directors, primarily through its audit committee. These processes also include overseeing and identifying risks from cybersecurity threats associated with the use of third-party service providers. The Company conducts security assessments of certain third-party providers before engagement and has established monitoring procedures in its effort to mitigate risks related to data breaches or other security incidents originating from third parties. The Company from time to time engages third-party consultants, legal advisors, and audit firms in evaluating and testing the Company’s risk management systems and assessing and remediating certain cybersecurity incidents. The Company also continues to provide its employees with cybersecurity and data protection training to support its risk mitigation efforts.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block]
The Company has processes for assessing, identifying, and managing material risks from cybersecurity threats. These processes are integrated into the Company’s overall risk management systems, as overseen by the Company’s board of directors, primarily through its audit committee. These processes also include overseeing and identifying risks from cybersecurity threats associated with the use of third-party service providers. The Company conducts security assessments of certain third-party providers before engagement and has established monitoring procedures in its effort to mitigate risks related to data breaches or other security incidents originating from third parties. The Company from time to time engages third-party consultants, legal advisors, and audit firms in evaluating and testing the Company’s risk management systems and assessing and remediating certain cybersecurity incidents. The Company also continues to provide its employees with cybersecurity and data protection training to support its risk mitigation efforts.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block]
Board of Directors
The audit committee of the Company’s board of directors oversees, among other things, the adequacy and effectiveness of the Company’s internal controls, including internal controls designed to assess, identify, and manage material risks from cybersecurity threats. The audit committee is informed of material risks from cybersecurity threats pursuant to the escalation criteria as set forth in the Company’s disclosure controls and procedures. Further, at least once per quarter, the Company’s Chief Information and Digital Officer (“CIDO”), and/or the Company’s Chief Information Security Officer (“CISO”), reports on cybersecurity matters, including material risks and threats, to the Company’s audit committee, and the audit committee provides updates to the Company’s board of directors at regular board meetings. The CIDO also provides updates annually or more frequently as appropriate to the Company’s board of directors.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] Under the oversight of the audit committee of the Company’s board of directors, and as directed by the Company’s Chief Executive Officer, the CIDO and CISO are primarily responsible for the assessment and management of material cybersecurity risks.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] Under the oversight of the audit committee of the Company’s board of directors, and as directed by the Company’s Chief Executive Officer, the CIDO and CISO are primarily responsible for the assessment and management of material cybersecurity risks.
Cybersecurity Risk Role of Management [Text Block]
Under the oversight of the audit committee of the Company’s board of directors, and as directed by the Company’s Chief Executive Officer, the CIDO and CISO are primarily responsible for the assessment and management of material cybersecurity risks. The CIDO has more than two decades of experience with global technology organizations across multiple industries. The CISO has over 25 years of experience in information security, risk management, and compliance, has served as the chief information security officer at other organizations and, among other things, is a certified information systems security professional. The CIDO and CISO are also supported by a Cybersecurity & Privacy Executive Oversight Committee, which is comprised of certain members of senior management and is provides cross-functional support for cybersecurity risk management and facilitates the response to any cybersecurity incidents.
The Company’s CISO oversees the Company’s cybersecurity incident response plan and related processes that are designed to assess and manage material risks from cybersecurity threats. The Company’s CISO also coordinates with the Company’s legal counsel and third parties, such as consultants and legal advisors, to assess and manage material risks from cybersecurity threats. The Company’s CISO is informed about and monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents pursuant to criteria set forth in the Company’s incident response plan and related processes.
The Company’s Disclosure Committee, with the assistance of its Cybersecurity Subcommittee, is responsible for overseeing the establishment and effectiveness of controls and other procedures, including controls and procedures related to the public disclosure of material cybersecurity matters. The Company’s Disclosure Committee is comprised of, among others, the Company’s Corporate Controller and Chief Accounting Officer (“CAO”), Treasurer, Chief Legal Affairs Officer (“CLO”), Corporate Secretary, General Auditor, and the most senior members of the investor relations, external reporting, financial planning and analysis, and tax functions. The Cybersecurity Subcommittee of the Company’s Disclosure Committee is comprised of, among others, the Company’s CAO, Treasurer, CLO, Corporate Secretary, and General Auditor, as well as the CIDO and CISO and Chief Privacy Officer.
The Company’s CISO, or a delegate, informs the Disclosure Committee’s Cybersecurity Subcommittee of certain cybersecurity incidents that may potentially be determined to be material pursuant to escalation criteria set forth in the Company’s incident response plan and related processes. The Disclosure Committee’s Cybersecurity Subcommittee is also responsible for advising the Disclosure Committee and the Company’s Chief Executive Officer and Chief Financial Officer regarding cybersecurity disclosures in public filings. The CISO, with the CLO in attendance, also notifies the audit committee chair of any material cybersecurity incident.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
The Company’s CISO oversees the Company’s cybersecurity incident response plan and related processes that are designed to assess and manage material risks from cybersecurity threats. The Company’s CISO also coordinates with the Company’s legal counsel and third parties, such as consultants and legal advisors, to assess and manage material risks from cybersecurity threats. The Company’s CISO is informed about and monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents pursuant to criteria set forth in the Company’s incident response plan and related processes.
The Company’s Disclosure Committee, with the assistance of its Cybersecurity Subcommittee, is responsible for overseeing the establishment and effectiveness of controls and other procedures, including controls and procedures related to the public disclosure of material cybersecurity matters. The Company’s Disclosure Committee is comprised of, among others, the Company’s Corporate Controller and Chief Accounting Officer (“CAO”), Treasurer, Chief Legal Affairs Officer (“CLO”), Corporate Secretary, General Auditor, and the most senior members of the investor relations, external reporting, financial planning and analysis, and tax functions. The Cybersecurity Subcommittee of the Company’s Disclosure Committee is comprised of, among others, the Company’s CAO, Treasurer, CLO, Corporate Secretary, and General Auditor, as well as the CIDO and CISO and Chief Privacy Officer.
The Company’s CISO, or a delegate, informs the Disclosure Committee’s Cybersecurity Subcommittee of certain cybersecurity incidents that may potentially be determined to be material pursuant to escalation criteria set forth in the Company’s incident response plan and related processes. The Disclosure Committee’s Cybersecurity Subcommittee is also responsible for advising the Disclosure Committee and the Company’s Chief Executive Officer and Chief Financial Officer regarding cybersecurity disclosures in public filings. The CISO, with the CLO in attendance, also notifies the audit committee chair of any material cybersecurity incident.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] The CIDO has more than two decades of experience with global technology organizations across multiple industries. The CISO has over 25 years of experience in information security, risk management, and compliance, has served as the chief information security officer at other organizations and, among other things, is a certified information systems security professional
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
The Company’s CISO oversees the Company’s cybersecurity incident response plan and related processes that are designed to assess and manage material risks from cybersecurity threats. The Company’s CISO also coordinates with the Company’s legal counsel and third parties, such as consultants and legal advisors, to assess and manage material risks from cybersecurity threats. The Company’s CISO is informed about and monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents pursuant to criteria set forth in the Company’s incident response plan and related processes.
The Company’s Disclosure Committee, with the assistance of its Cybersecurity Subcommittee, is responsible for overseeing the establishment and effectiveness of controls and other procedures, including controls and procedures related to the public disclosure of material cybersecurity matters. The Company’s Disclosure Committee is comprised of, among others, the Company’s Corporate Controller and Chief Accounting Officer (“CAO”), Treasurer, Chief Legal Affairs Officer (“CLO”), Corporate Secretary, General Auditor, and the most senior members of the investor relations, external reporting, financial planning and analysis, and tax functions. The Cybersecurity Subcommittee of the Company’s Disclosure Committee is comprised of, among others, the Company’s CAO, Treasurer, CLO, Corporate Secretary, and General Auditor, as well as the CIDO and CISO and Chief Privacy Officer.
The Company’s CISO, or a delegate, informs the Disclosure Committee’s Cybersecurity Subcommittee of certain cybersecurity incidents that may potentially be determined to be material pursuant to escalation criteria set forth in the Company’s incident response plan and related processes. The Disclosure Committee’s Cybersecurity Subcommittee is also responsible for advising the Disclosure Committee and the Company’s Chief Executive Officer and Chief Financial Officer regarding cybersecurity disclosures in public filings. The CISO, with the CLO in attendance, also notifies the audit committee chair of any material cybersecurity incident.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true