XML 39 R23.htm IDEA: XBRL DOCUMENT v3.25.1
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Feb. 01, 2025
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
Cybersecurity risk is assessed at the enterprise level as part of our overall enterprise risk management program. We maintain a dedicated cybersecurity function and program that is led by the Chief Information Security Officer ("CISO").
The cybersecurity function performs an annual threat and risk assessment that drives our security strategy. The strategy is aligned to the ISO 27001/02 and NIST cybersecurity frameworks, which drive our security policies and procedures. These policies and procedures, along with enabling security technology and qualified security function employees, maintain activities to prevent, detect, and minimize the effects of cybersecurity incidents. Cybersecurity technology and practices are in place to enable the protection of consumer and employee personal data and confidential information.
We maintain incident response plans and playbooks that allow for cybersecurity incident response, management and recovery in the event of an incident. These plans are tested on an annual basis.
We periodically engage qualified third parties to perform external assessments and audits of our overall security program, as well as to perform detailed security assessments of various components of our overall technology infrastructure. We also supplement our own internal expertise with qualified third parties to engage in varying security operational functions aiding in the identification and remediation of potential cybersecurity threats.
We require the crew and temporary staffing to complete annual training on information security, including cybersecurity, global data privacy requirements and compliance measures.
We have implemented a third-party service provider risk assessment program to assess material cyber threats associated with using third-party providers. This program is designed to assess risk prior to the onboarding of new providers as well as to review high risk and medium risk providers on an annual basis.
As of the date of this Annual Report, we are not aware of any risks from cybersecurity threats that have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations and financial condition.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block]
Cybersecurity risk is assessed at the enterprise level as part of our overall enterprise risk management program. We maintain a dedicated cybersecurity function and program that is led by the Chief Information Security Officer ("CISO").
The cybersecurity function performs an annual threat and risk assessment that drives our security strategy. The strategy is aligned to the ISO 27001/02 and NIST cybersecurity frameworks, which drive our security policies and procedures. These policies and procedures, along with enabling security technology and qualified security function employees, maintain activities to prevent, detect, and minimize the effects of cybersecurity incidents. Cybersecurity technology and practices are in place to enable the protection of consumer and employee personal data and confidential information.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block]
We have integrated governance processes into our overall risk management framework to enable the Board of Directors to oversee cybersecurity risk. The Audit Committee oversees management’s policies and procedures related to cybersecurity risk management and periodically reports to the Board of Directors. The Chairman of the Audit Committee acts as the lead with respect to direct oversight of management.
Our Board of Directors considers cybersecurity risks through interaction with our management team and the Audit Committee, as well as through quarterly updates with our CISO.
Management informs the Audit Committee of material aspects of our cybersecurity program on a quarterly basis. This includes informing the committee on key strategic and operational goals, risk mitigation efforts, performance metrics, and descriptions and notification of emerging or existing risks as well as incidents impacting us.
Management assesses and considers cybersecurity risks through its enterprise risk management program, consultation with external advisors, as well as through discussions with our CIO and CISO. We have an experienced and dedicated CISO with over 25 years of Information Technology experience in retail for several globally recognized brands, with the majority of their career focused on all aspects of cybersecurity from delivery to operations including incident response. The CISO holds a Master’s Degree in Information Technology, has attained the professional certifications of Chief Information Security Manager and National Association of Corporate Directors, and actively participates in the cybersecurity industry through advisory boards and forums that promote peer to peer collaboration.
Management is informed of cybersecurity risks and activities as part of the quarterly business review of the Information Technology function.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] We have integrated governance processes into our overall risk management framework to enable the Board of Directors to oversee cybersecurity risk. The Audit Committee oversees management’s policies and procedures related to cybersecurity risk management and periodically reports to the Board of Directors. The Chairman of the Audit Committee acts as the lead with respect to direct oversight of management.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
Our Board of Directors considers cybersecurity risks through interaction with our management team and the Audit Committee, as well as through quarterly updates with our CISO.
Management informs the Audit Committee of material aspects of our cybersecurity program on a quarterly basis. This includes informing the committee on key strategic and operational goals, risk mitigation efforts, performance metrics, and descriptions and notification of emerging or existing risks as well as incidents impacting us.
Management assesses and considers cybersecurity risks through its enterprise risk management program, consultation with external advisors, as well as through discussions with our CIO and CISO. We have an experienced and dedicated CISO with over 25 years of Information Technology experience in retail for several globally recognized brands, with the majority of their career focused on all aspects of cybersecurity from delivery to operations including incident response. The CISO holds a Master’s Degree in Information Technology, has attained the professional certifications of Chief Information Security Manager and National Association of Corporate Directors, and actively participates in the cybersecurity industry through advisory boards and forums that promote peer to peer collaboration.
Cybersecurity Risk Role of Management [Text Block] Management assesses and considers cybersecurity risks through its enterprise risk management program, consultation with external advisors, as well as through discussions with our CIO and CISO.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
Cybersecurity risk is assessed at the enterprise level as part of our overall enterprise risk management program. We maintain a dedicated cybersecurity function and program that is led by the Chief Information Security Officer ("CISO").
The cybersecurity function performs an annual threat and risk assessment that drives our security strategy. The strategy is aligned to the ISO 27001/02 and NIST cybersecurity frameworks, which drive our security policies and procedures. These policies and procedures, along with enabling security technology and qualified security function employees, maintain activities to prevent, detect, and minimize the effects of cybersecurity incidents. Cybersecurity technology and practices are in place to enable the protection of consumer and employee personal data and confidential information.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] We have an experienced and dedicated CISO with over 25 years of Information Technology experience in retail for several globally recognized brands, with the majority of their career focused on all aspects of cybersecurity from delivery to operations including incident response. The CISO holds a Master’s Degree in Information Technology, has attained the professional certifications of Chief Information Security Manager and National Association of Corporate Directors, and actively participates in the cybersecurity industry through advisory boards and forums that promote peer to peer collaboration.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
We have integrated governance processes into our overall risk management framework to enable the Board of Directors to oversee cybersecurity risk. The Audit Committee oversees management’s policies and procedures related to cybersecurity risk management and periodically reports to the Board of Directors. The Chairman of the Audit Committee acts as the lead with respect to direct oversight of management.
Our Board of Directors considers cybersecurity risks through interaction with our management team and the Audit Committee, as well as through quarterly updates with our CISO.
Management informs the Audit Committee of material aspects of our cybersecurity program on a quarterly basis. This includes informing the committee on key strategic and operational goals, risk mitigation efforts, performance metrics, and descriptions and notification of emerging or existing risks as well as incidents impacting us.
Management assesses and considers cybersecurity risks through its enterprise risk management program, consultation with external advisors, as well as through discussions with our CIO and CISO. We have an experienced and dedicated CISO with over 25 years of Information Technology experience in retail for several globally recognized brands, with the majority of their career focused on all aspects of cybersecurity from delivery to operations including incident response. The CISO holds a Master’s Degree in Information Technology, has attained the professional certifications of Chief Information Security Manager and National Association of Corporate Directors, and actively participates in the cybersecurity industry through advisory boards and forums that promote peer to peer collaboration.
Management is informed of cybersecurity risks and activities as part of the quarterly business review of the Information Technology function.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true