XML 45 R25.htm IDEA: XBRL DOCUMENT v3.25.1
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Feb. 02, 2025
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
We recognize the importance of assessing, identifying, and managing material risks associated with cybersecurity threats. We have implemented cybersecurity processes, technologies, and controls to aid in our efforts to assess, identify, and manage such risks. Our cybersecurity program prioritizes threat mitigation, while focusing on maintaining the integrity and resilience of our systems. We leverage the National Institute of Standards and Technology (“NIST”) Cybersecurity Framework as guidelines in the development of our cybersecurity program. We also adhere to applicable Payment Card Industry Data Security Standards. The cybersecurity risk management process and related governance processes are integrated into our broader enterprise risk management framework, which is designed to appropriately identify, prioritize, manage, and oversee risks.
Overseeing our cybersecurity efforts on a day-to-day basis is our cybersecurity team, led by our Chief Information Security Officer (“CISO”). Our cybersecurity team, in partnership with third parties, designs and implements our data security and cybersecurity programs, risk assessments, monitoring procedures, and training programs for our associates. We continue to make investments to enhance our ability to identify, protect from and detect security risks within our environment.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block] We recognize the importance of assessing, identifying, and managing material risks associated with cybersecurity threats. We have implemented cybersecurity processes, technologies, and controls to aid in our efforts to assess, identify, and manage such risks. Our cybersecurity program prioritizes threat mitigation, while focusing on maintaining the integrity and resilience of our systems. We leverage the National Institute of Standards and Technology (“NIST”) Cybersecurity Framework as guidelines in the development of our cybersecurity program. We also adhere to applicable Payment Card Industry Data Security Standards. The cybersecurity risk management process and related governance processes are integrated into our broader enterprise risk management framework, which is designed to appropriately identify, prioritize, manage, and oversee risks.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block] At the Board of Directors (the “Board”) level, cybersecurity is overseen by the Board and by the Board’s Audit Committee, which has primary responsibility for overseeing cybersecurity and privacy risks. During fiscal 2024, the Board and/or the Audit Committee received quarterly reports on privacy, data protection and/or cybersecurity matters from senior information technology (“IT”) leaders, including our Chief Information Officer (“CIO”) and CISO, as well as the Chair of our Data Security and Privacy Governance Committee (discussed below). In addition, our Board held a meeting dedicated to cybersecurity topics. Periodically, our Board receives presentations on cybersecurity matters from third-party cybersecurity experts.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] At the Board of Directors (the “Board”) level, cybersecurity is overseen by the Board and by the Board’s Audit Committee, which has primary responsibility for overseeing cybersecurity and privacy risks.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] During fiscal 2024, the Board and/or the Audit Committee received quarterly reports on privacy, data protection and/or cybersecurity matters from senior information technology (“IT”) leaders, including our Chief Information Officer (“CIO”) and CISO, as well as the Chair of our Data Security and Privacy Governance Committee (discussed below). In addition, our Board held a meeting dedicated to cybersecurity topics. Periodically, our Board receives presentations on cybersecurity matters from third-party cybersecurity experts.
Cybersecurity Risk Role of Management [Text Block]
Our CISO, who reports to our CIO, joined the Company in 2021 after working with the Company as a third-party consultant since 2019. During a nearly two-decade tenure at a leading professional services firm, he worked with clients on managing information security, developing cybersecurity strategy, and implementing effective information and cybersecurity programs and initiatives addressing emerging cybersecurity threats. Our CISO has significant prior cybersecurity experience, including experience protecting company, customer and associate data across a diverse set of industries. He holds a Bachelor of Science degree in Information Systems and has achieved several relevant certifications, including Certified Information Security Manager, Certified Information Systems Security Professional, and Certified Information Privacy Professional. Our CISO leads a team of over 500 associates focused on cybersecurity.
We have three management-level committees that support our cybersecurity, privacy and data governance efforts. They are led by our Data Security and Privacy Governance Committee, which provides management-level governance over cybersecurity matters, including discussion of cybersecurity priorities, emerging risks, awareness and training programs, risk mitigation efforts, and regulatory compliance. This committee is chaired by our Vice President – Internal Audit and Corporate Compliance and is composed of a cross-functional team of senior leaders, including our CEO. The committee generally meets quarterly and is supported by our Security and Technology Risk Leadership Committee and our Privacy and Data Governance Committee. The activities of the Data Security and Privacy Governance Committee are reported to the Board or the Audit Committee by the Chair of the committee, as appropriate.
The Security and Technology Risk Leadership Committee provides leadership and oversight of our cybersecurity program. It is chaired by our CISO and composed of Company technology leaders as well as a cross-functional group of representatives from other departments. Our Privacy and Data Governance Committee provides leadership and oversight of our privacy and data governance programs. It is chaired by our Chief Privacy Officer and composed of a cross-functional group across approximately 20 departments. These committees generally meet monthly or every other month and report to the Data Security and Privacy Governance Committee on a regular basis.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
Our CISO, who reports to our CIO, joined the Company in 2021 after working with the Company as a third-party consultant since 2019. During a nearly two-decade tenure at a leading professional services firm, he worked with clients on managing information security, developing cybersecurity strategy, and implementing effective information and cybersecurity programs and initiatives addressing emerging cybersecurity threats. Our CISO has significant prior cybersecurity experience, including experience protecting company, customer and associate data across a diverse set of industries. He holds a Bachelor of Science degree in Information Systems and has achieved several relevant certifications, including Certified Information Security Manager, Certified Information Systems Security Professional, and Certified Information Privacy Professional. Our CISO leads a team of over 500 associates focused on cybersecurity.
We have three management-level committees that support our cybersecurity, privacy and data governance efforts. They are led by our Data Security and Privacy Governance Committee, which provides management-level governance over cybersecurity matters, including discussion of cybersecurity priorities, emerging risks, awareness and training programs, risk mitigation efforts, and regulatory compliance. This committee is chaired by our Vice President – Internal Audit and Corporate Compliance and is composed of a cross-functional team of senior leaders, including our CEO. The committee generally meets quarterly and is supported by our Security and Technology Risk Leadership Committee and our Privacy and Data Governance Committee. The activities of the Data Security and Privacy Governance Committee are reported to the Board or the Audit Committee by the Chair of the committee, as appropriate.
The Security and Technology Risk Leadership Committee provides leadership and oversight of our cybersecurity program. It is chaired by our CISO and composed of Company technology leaders as well as a cross-functional group of representatives from other departments. Our Privacy and Data Governance Committee provides leadership and oversight of our privacy and data governance programs. It is chaired by our Chief Privacy Officer and composed of a cross-functional group across approximately 20 departments. These committees generally meet monthly or every other month and report to the Data Security and Privacy Governance Committee on a regular basis.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] Our CISO, who reports to our CIO, joined the Company in 2021 after working with the Company as a third-party consultant since 2019. During a nearly two-decade tenure at a leading professional services firm, he worked with clients on managing information security, developing cybersecurity strategy, and implementing effective information and cybersecurity programs and initiatives addressing emerging cybersecurity threats. Our CISO has significant prior cybersecurity experience, including experience protecting company, customer and associate data across a diverse set of industries. He holds a Bachelor of Science degree in Information Systems and has achieved several relevant certifications, including Certified Information Security Manager, Certified Information Systems Security Professional, and Certified Information Privacy Professional. Our CISO leads a team of over 500 associates focused on cybersecurity.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] The committee generally meets quarterly and is supported by our Security and Technology Risk Leadership Committee and our Privacy and Data Governance Committee. The activities of the Data Security and Privacy Governance Committee are reported to the Board or the Audit Committee by the Chair of the committee, as appropriate. These committees generally meet monthly or every other month and report to the Data Security and Privacy Governance Committee on a regular basis.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true