XML 42 R27.htm IDEA: XBRL DOCUMENT v3.25.1
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Jan. 31, 2025
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
We have developed and implemented a cybersecurity risk management program intended to protect the confidentiality, integrity, and availability of our critical systems and information.

Our cybersecurity risk management program is guided by industry standards developed by the NIST, the International Organization for Standardization (“ISO”), and other relevant organizations.

Our cybersecurity risk management program is integrated into our overall enterprise risk management program and utilizes common reporting channels and governance processes that apply across other risk areas. While everyone at our company plays a part in managing cybersecurity risks, as discussed in more detail under “Cybersecurity Governance” below, our board of directors, both directly and through delegation to our Audit Committee (the “Audit Committee”), and our senior management team are actively involved in the oversight of our cybersecurity risk management program. In general, we seek to address cybersecurity risks through a comprehensive, cross-functional approach by engaging teams across the business. We expect these teams to operate pursuant to our Standard Operating Procedures. Our approach is focused on preserving the confidentiality, integrity, and availability of the information that we collect and store by identifying, preventing, and mitigating cybersecurity threats and effectively responding to cybersecurity incidents when they occur through shared processes.

Our cybersecurity risk management and strategy includes:

Our dedicated Security team, which performs periodic risk assessments to identify and assess cybersecurity threats, vulnerabilities, their severities, and potential mitigations. The team leverages both top-down and bottom-up risk processes and technologies to identify, manage and monitor cyber threats and vulnerabilities. The team also manages our response to cybersecurity incidents.
Incident Response Playbooks and Standard Operating Procedures (“SOP”) outlining procedures for detecting, responding to, and mitigating cybersecurity incidents. Depending on the nature and severity of an incident, this process provides for escalating notification to our CEO and the board of directors.
The use of external service providers, where appropriate, to assess, test or otherwise assist with certain aspects of our security controls and processes, as well as maturity assessments of our cybersecurity program.
Implementation of new hire and annual data privacy and cybersecurity training of all employees, including senior management; annual role-based training of employees with specific access to systems, devices, or locations, and targeted cybersecurity simulation training held on a recurring basis.
A third-party risk management process that identifies and mitigates cybersecurity threats associated with our use of third-party service providers. Such service providers are subject to risk tiering, security risk assessments, continuous monitoring including investigation of security incidents that have impacted our third-party service providers, as applicable.

We continue to invest in the cybersecurity and resiliency of our networks and to enhance our internal controls and processes, which are designed to help protect our systems and infrastructure, and the information they contain. While we have experienced cybersecurity incidents in the past, we believe our current processes, systems and oversight with respect to the management of risks associated with cybersecurity threats are effective. If we were to experience a material cybersecurity incident in the future, such incident may have a material effect, including on our business strategy, operating results, or financial condition. For more information regarding the risks we face from cybersecurity threats see “Risk Factors.”
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block]
We have developed and implemented a cybersecurity risk management program intended to protect the confidentiality, integrity, and availability of our critical systems and information.

Our cybersecurity risk management program is guided by industry standards developed by the NIST, the International Organization for Standardization (“ISO”), and other relevant organizations.
Our cybersecurity risk management program is integrated into our overall enterprise risk management program and utilizes common reporting channels and governance processes that apply across other risk areas
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block] While everyone at our company plays a part in managing these risks, oversight responsibility is shared by our board of directors, our Audit Committee, and management.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] We have recently also established a Security Governance Council (“Council”) that provides strategic guidance for the protection of our information, technology, and physical assets, including the definition of security risks and the prioritization of the implementation of associated controls.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] To facilitate coordinated supervision of cybersecurity matters, our management team provides regular cybersecurity updates to our board of directors and regular updates on cyber risk management, which include development regarding our cybersecurity program, broader cybersecurity trends, evolving industry standards, the threat environment and other topics, to the Audit Committee.
Cybersecurity Risk Role of Management [Text Block]
We have recently also established a Security Governance Council (“Council”) that provides strategic guidance for the protection of our information, technology, and physical assets, including the definition of security risks and the prioritization of the implementation of associated controls. The Council membership is led by the Chief Information Security Officer (“CISO”) and includes relevant senior executives and has begun to meet at least quarterly, and will reconvene on an emergency basis when necessary to respond to potentially material cybersecurity incidents. The CISO reports to the Chief Information Officer (“CIO”) and is responsible for management of cybersecurity risks and the protection and defense of our networks, systems and data. The CISO manages a team of cybersecurity professionals with broad experience and expertise, including in cybersecurity threat assessments and detection, mitigation technologies, cybersecurity training, incident response, cyber forensics, insider threats and regulatory compliance. Our CISO has over 20 years of experience in IT and Information Security across security architecture, incident response, and threat intelligence programs. Our CISO also holds a bachelor’s degree in computer science and maintains Certified Information Systems Security Professional certification.

Members of executive leadership are informed about and monitor the prevention, mitigation, detection, and remediation of cybersecurity incidents through their management of, and participation in, the cybersecurity risk management and strategy processes described herein, including the operation of our incident response plan. Our program is regularly evaluated by internal and external experts with the results of those reviews reported to members of executive leadership, and the Audit Committee. We also actively engage with key vendors, industry participants, and intelligence and law enforcement communities as part of our continuing efforts to evaluate and enhance the effectiveness of our information security policies and procedures.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] The Council membership is led by the Chief Information Security Officer (“CISO”) and includes relevant senior executives and has begun to meet at least quarterly, and will reconvene on an emergency basis when necessary to respond to potentially material cybersecurity incidents. The CISO reports to the Chief Information Officer (“CIO”) and is responsible for management of cybersecurity risks and the protection and defense of our networks, systems and data.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] The CISO manages a team of cybersecurity professionals with broad experience and expertise, including in cybersecurity threat assessments and detection, mitigation technologies, cybersecurity training, incident response, cyber forensics, insider threats and regulatory compliance. Our CISO has over 20 years of experience in IT and Information Security across security architecture, incident response, and threat intelligence programs. Our CISO also holds a bachelor’s degree in computer science and maintains Certified Information Systems Security Professional certification.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] The Council membership is led by the Chief Information Security Officer (“CISO”) and includes relevant senior executives and has begun to meet at least quarterly, and will reconvene on an emergency basis when necessary to respond to potentially material cybersecurity incidents.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true