XML 56 R30.htm IDEA: XBRL DOCUMENT v3.25.0.1
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] The Company utilizes a risk-based, multi-layered information security strategy based on the U.S. National Institute of Standards and Technology Cybersecurity Framework to assess, identify, and manage risks from cybersecurity threats. This approach includes: (i) dedicated security operations center monitoring; (ii) network-based and host-based protections; (iii) a Privacy Council focused on privacy regulation adherence; (iv) privileged access management controls; (v) annual and ongoing information security training for all employees and targeted tabletop and other exercises; (vi) encryption of data, backup, recovery, and testing; (vii) regular internal and external audits against information security best practices; and (viii) benchmarking using external third parties. The Company employs these, and other measures, to protect its information assets and operations from internal and external cyber threats while ensuring business resiliency. It also aims to protect employee, customer and supplier information from unauthorized access or attack, as well as secure the Company's networks, systems, devices, products, and services.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block]
Cybersecurity is an integral part of the Company's overall risk management program. The Company takes a comprehensive approach to cybersecurity, involving key stakeholders in oversight and decision-making processes.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block]
The Company does not believe that there are currently any known risks from cybersecurity threats that are reasonably likely to materially affect the Company or its business strategy, results of operations, or financial condition. However, the Company could face risks from cybersecurity threats in the future that could have a material adverse effect on its business strategy, results of operations, or financial condition. See "Risk Factors - Risks Related to the Company's Business and Strategy" in Part I, Item 1A of this Annual Report.
Cybersecurity Risk Board of Directors Oversight [Text Block] The Board of Directors provides oversight of the Company's cybersecurity program. The Audit Committee, which consists of non-employee independent directors, receives updates from the Chief Information Officer ("CIO") on cybersecurity performance and recent industry trends at least quarterly. In addition to regular cybersecurity briefings from the Audit Committee, the Board also receives periodic, but at least annual, updates from management regarding cybersecurity, including prompt notice of cybersecurity threats or incidents that could materially impact the Company. The Board is informed about risk profile status, adversary assessments, training initiatives, cybersecurity projects, emerging global policies and regulations, cybersecurity technologies and best practices, cyber readiness, third-party assessments, mitigation efforts, and response plans.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] Audit Committee
Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
The Company has a dedicated CIO and an Information Security Director who are supported by a team of cybersecurity professionals (the "Cybersecurity Team") that are responsible for leading the company-wide cybersecurity program and risk mitigation efforts. The CIO, the Information Security Director, and Cybersecurity Team work across all organizations within the Company to protect the Company and its employees, customers and suppliers against cybersecurity risks. The CIO and Information Security Director, with over 35 and 25 years of experience, respectively, have cybersecurity expertise, coupled with experience in IT strategy, operational management, incident response, and business continuity maintenance.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] The Company also has a cross-functional Cybersecurity Incident Response Team consisting of senior-level management. This team is responsible for cybersecurity incident oversight and meets as needed, depending on the nature of an incident. The Company's internal audit team also provides independent assurance on the overall operations of the Company's cybersecurity program. The Company ensures that all employees, including part-time and temporary employees, undergo cybersecurity training and compliance programs at least annually.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true