XML 42 R24.htm IDEA: XBRL DOCUMENT v3.25.0.1
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Dec. 29, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
We recognize the importance of developing, implementing, and maintaining robust cybersecurity measures to safeguard our information systems and protect the confidentiality, integrity, and availability of our data. Our cybersecurity risk management strategy is integrated into our established enterprise risk management program, which includes defined risk, assessment, mitigation, and reporting processes. Our information security team has deployed multiple technical and operational processes to aid in our ability to continuously identify and respond to cybersecurity threats and incidents. Our cybersecurity incident management process includes impact assessment, containment, mitigation and recovery strategies.
In addition to our continuous monitoring of our information systems, we utilize third parties to provide external threat intelligence and evaluation of incident notifications in order to identify potential threats or incidents that could impact us. We also evaluate our cybersecurity program against the National Institute of Standards and Technology’s Cybersecurity Framework. For all suspected cybersecurity incidents, the information security team conducts a preliminary assessment to determine the potential severity and impact extent of the incident and, where appropriate, a materiality assessment is made. Upon a confirmed cybersecurity incident, the information security team initiates an incident response process with goals to contain, respond, recover, protect and minimize any impacts caused by the incident. The response process includes deployment of a variety of short term and long-term technical and procedural actions as appropriate. Further, we have established a third party risk management program to monitor suppliers who have access to our information.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block] Our cybersecurity risk management strategy is integrated into our established enterprise risk management program, which includes defined risk, assessment, mitigation, and reporting processes.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block]
Our Audit Committee, a committee of our Board of Directors, is responsible for governing management’s review and assessment of our cybersecurity and other information technology risks, controls, and procedures, including management’s incident resolution process and any specific cybersecurity issues that could affect the adequacy of our internal controls. Our Chief Information Officer provides regular updates to the Audit Committee and to the Board of Directors, including a review of any security risk events and improvements in our security controls.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] Our Audit Committee, a committee of our Board of Directors, is responsible for governing management’s review and assessment of our cybersecurity and other information technology risks, controls, and procedures, including management’s incident resolution process and any specific cybersecurity issues that could affect the adequacy of our internal controls.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] Our Chief Information Officer provides regular updates to the Audit Committee and to the Board of Directors, including a review of any security risk events and improvements in our security controls.
Cybersecurity Risk Role of Management [Text Block]
Our information security team, under the Chief Information Officer, is led by our Chief Information Security Officer (CISO) and is responsible for assessing and managing risks from cybersecurity threats. Our CISO has over 20 years of information security experience, including as a leader of information security programs at other large enterprises, and is supported by a team of professionals focused on information security. Our information security team regularly meets to review our cybersecurity posture, the broader cybersecurity landscape and any identified cybersecurity incidents. Our information security team has procedures in place for investigating suspected cybersecurity incidents, as well as monitoring cybersecurity risks and ongoing mitigation strategies, the status of prevention, detection, and mitigation controls and any planned future control enhancements.
We believe that risks from prior cybersecurity threats to information systems owned and used by us, including as a result of any previous cybersecurity incidents, have not materially affected our business to date. We can provide no assurance that there will not be incidents in the future or that they will not materially affect us, including our business strategy, results of operations, or financial condition. We maintain a cybersecurity insurance policy which may mitigate certain financial impacts of a cybersecurity incident. Please refer to “Risks Relating to Information Technology Security and Continuity” within the Risk Factors within the Business & Market Information Section of this report.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] Our information security team, under the Chief Information Officer, is led by our Chief Information Security Officer (CISO) and is responsible for assessing and managing risks from cybersecurity threats.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] Our CISO has over 20 years of information security experience, including as a leader of information security programs at other large enterprises, and is supported by a team of professionals focused on information security.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
Our Audit Committee, a committee of our Board of Directors, is responsible for governing management’s review and assessment of our cybersecurity and other information technology risks, controls, and procedures, including management’s incident resolution process and any specific cybersecurity issues that could affect the adequacy of our internal controls. Our Chief Information Officer provides regular updates to the Audit Committee and to the Board of Directors, including a review of any security risk events and improvements in our security controls.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true