XML 44 R28.htm IDEA: XBRL DOCUMENT v3.25.0.1
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
As part of our overall risk management system, we have established certain procedures to assess, identify, and manage material risks from cybersecurity threats. Our cybersecurity risk management system is designed to align with industry best practices, including International Organization for Standardization, or ISO, standards, provide a framework for handling cybersecurity threats and incidents, and facilitate coordination across different departments of our company. As part of this system, we have a formally documented information security management program and conduct regular tabletop exercises that include participation from executive officers. In addition, we engage consultants and other third parties who are experts in the cybersecurity risk management field to review and provide testing services as well as general incident management services. These engagements directly contribute to industry certifications and attestations that demonstrate our dedication to protecting the data that we are entrusted with by customers. Our Governance, Risk, and Compliance team within the information security management program oversees and identifies material cybersecurity risks associated with our use of these third-party service providers through a formal vendor security risk management program.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block]
As part of our overall risk management system, we have established certain procedures to assess, identify, and manage material risks from cybersecurity threats. Our cybersecurity risk management system is designed to align with industry best practices, including International Organization for Standardization, or ISO, standards, provide a framework for handling cybersecurity threats and incidents, and facilitate coordination across different departments of our company. As part of this system, we have a formally documented information security management program and conduct regular tabletop exercises that include participation from executive officers. In addition, we engage consultants and other third parties who are experts in the cybersecurity risk management field to review and provide testing services as well as general incident management services. These engagements directly contribute to industry certifications and attestations that demonstrate our dedication to protecting the data that we are entrusted with by customers. Our Governance, Risk, and Compliance team within the information security management program oversees and identifies material cybersecurity risks associated with our use of these third-party service providers through a formal vendor security risk management program.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block]
One of the Board’s key functions is informed oversight of our risk management process, which includes responsibility for ensuring management has processes in place designed to identify, evaluate, manage, and mitigate cybersecurity risks to which it is exposed. The Board receives regular updates, on at least a quarterly basis, from our senior management team on such cybersecurity risks, developments in cybersecurity, and updates to the Company’s information security management program. The Board is also involved in strategic decisions related to the impact of these risks on our business.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
One of the Board’s key functions is informed oversight of our risk management process, which includes responsibility for ensuring management has processes in place designed to identify, evaluate, manage, and mitigate cybersecurity risks to which it is exposed. The Board receives regular updates, on at least a quarterly basis, from our senior management team on such cybersecurity risks, developments in cybersecurity, and updates to the Company’s information security management program. The Board is also involved in strategic decisions related to the impact of these risks on our business.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] The Board receives regular updates, on at least a quarterly basis, from our senior management team on such cybersecurity risks, developments in cybersecurity, and updates to the Company’s information security management program.
Cybersecurity Risk Role of Management [Text Block]
Our senior management team, which includes our Chief Information Security Officer, or CISO, is responsible for identifying, assessing, and managing material risks from cybersecurity threats, as well as for establishing processes to ensure such risks are monitored and mitigated, with the CISO taking the lead on such matters. Our CISO, who joined Appian in May 2021, brings over 18 years’ experience in security and compliance initiatives, including experience in the software-as-a-service and platform-as-a-service cloud industries. We have documented the framework and process for when and by whom senior management is informed and when such information will be reported to the other parties in our Incident Response Guide, which is regularly reviewed and updated by the information security team.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
Our senior management team, which includes our Chief Information Security Officer, or CISO, is responsible for identifying, assessing, and managing material risks from cybersecurity threats, as well as for establishing processes to ensure such risks are monitored and mitigated, with the CISO taking the lead on such matters. Our CISO, who joined Appian in May 2021, brings over 18 years’ experience in security and compliance initiatives, including experience in the software-as-a-service and platform-as-a-service cloud industries. We have documented the framework and process for when and by whom senior management is informed and when such information will be reported to the other parties in our Incident Response Guide, which is regularly reviewed and updated by the information security team.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] Our CISO, who joined Appian in May 2021, brings over 18 years’ experience in security and compliance initiatives, including experience in the software-as-a-service and platform-as-a-service cloud industries.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
Our senior management team, which includes our Chief Information Security Officer, or CISO, is responsible for identifying, assessing, and managing material risks from cybersecurity threats, as well as for establishing processes to ensure such risks are monitored and mitigated, with the CISO taking the lead on such matters. Our CISO, who joined Appian in May 2021, brings over 18 years’ experience in security and compliance initiatives, including experience in the software-as-a-service and platform-as-a-service cloud industries. We have documented the framework and process for when and by whom senior management is informed and when such information will be reported to the other parties in our Incident Response Guide, which is regularly reviewed and updated by the information security team.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true