XML 48 R32.htm IDEA: XBRL DOCUMENT v3.25.0.1
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
Risk Management and Strategy
We maintain a cybersecurity program designed to assess, identify and manage risks from cybersecurity threats that may result in adverse effects on the confidentiality, integrity and availability of our information systems. Dedicated security, privacy, information governance and compliance professionals administer the program with oversight by our senior management team.
We have integrated cybersecurity risk into our broader enterprise risk management framework. Our cyber risk program leverages internationally recognized standards as appropriate. We use a combination of technology controls, human oversight and processes to actively monitor and protect our network and systems. All employees participate in a number of information security training programs. Employees receive training on how to spot and report cyber risks and events through our global cybersecurity awareness program. In addition, we hold cybersecurity risk insurance.
We engage outside experts to evaluate and review our cybersecurity programs. These external reviews include regular audits, threat assessments, vulnerability scans, simulated attacks and other advice regarding information security practices. We regularly conduct incident response exercises with key stakeholders.
To manage risks associated with third-party service providers, we typically require new vendors with access to our computing environment or access to confidential or sensitive data to undergo a risk assessment from our information security team. We conduct periodic reviews of these vendors to evaluate compliance with our cybersecurity policies. We strive to ensure that our contracts with such vendors require them to maintain security controls in line with industry best practices, applicable laws and our policies. We rely on vendors to notify us in a timely manner of material cybersecurity incidents, by virtue of the documents governing their relationship with us or applicable law.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block] We have integrated cybersecurity risk into our broader enterprise risk management framework. Our cyber risk program leverages internationally recognized standards as appropriate. We use a combination of technology controls, human oversight and processes to actively monitor and protect our network and systems. All employees participate in a number of information security training programs. Employees receive training on how to spot and report cyber risks and events through our global cybersecurity awareness program. In addition, we hold cybersecurity risk insurance
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block]
Governance
Cybersecurity is overseen by our Board of Directors with assistance from the Audit Committee. Our Board of Directors receives quarterly reports from management which may address a broad range of cybersecurity and IT topics, including trends, regulatory developments, data security policies and practices, cybersecurity incidents, current and projected threat assessments and ongoing efforts to prevent, detect and respond to critical threats.
Our Audit Committee, which is responsible for oversight of cybersecurity risks, periodically reviews and discusses with management, including the Chief Information Officer ("CIO") and the Chief Information Security Officer ("CISO"), risk issues associated with cybersecurity and policies and controls intended to mitigate those risks.
Our CISO, who has extensive cybersecurity knowledge and skills gained from over 25 years of work experience, heads the team responsible for cybersecurity. Our CISO’s team is responsible for leading enterprise-wide cybersecurity strategy, policy, standards and processes. The team includes senior professionals, many with more than 15 years of cybersecurity expertise and industry certifications such as Certified Information Security Systems Professional, CompTIA Security+, Global Information Assurance Certification, and Certified Ethical Hacker. Members of the team are provided with opportunities to attend external training, conferences, and other events to keep abreast of the latest cybersecurity trends. Our CISO receives ongoing updates from his team regarding the prevention, detection, mitigation, and remediation of cybersecurity incidents.
Our CISO meets with our Audit Committee at least annually to discuss cybersecurity risk and related issues. These meetings may encompass a broad range of topics, including:
cybersecurity initiatives and strategies,
cybersecurity events,
emerging threats,
regulatory requirements, and
industry standards.
In the event of a cybersecurity incident, we have an incident response plan which sets forth a framework to report and document such incidents to our cybersecurity incident response team. This framework aims to enable the response team to take actions to monitor, mitigate and remediate such incidents in a timely manner. Cybersecurity incidents are regularly reported to the CIO and CISO and certain critical events are reported to the CEO and the crisis management team comprised
of senior executives. We also have protocols in place by which certain cybersecurity incidents are reported to the Board of Directors as part of their oversight of cybersecurity matters.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] Cybersecurity is overseen by our Board of Directors with assistance from the Audit Committee. Our Board of Directors receives quarterly reports from management which may address a broad range of cybersecurity and IT topics, including trends, regulatory developments, data security policies and practices, cybersecurity incidents, current and projected threat assessments and ongoing efforts to prevent, detect and respond to critical threats.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] Our Audit Committee, which is responsible for oversight of cybersecurity risks, periodically reviews and discusses with management, including the Chief Information Officer ("CIO") and the Chief Information Security Officer ("CISO"), risk issues associated with cybersecurity and policies and controls intended to mitigate those risks.
Cybersecurity Risk Role of Management [Text Block]
Our CISO, who has extensive cybersecurity knowledge and skills gained from over 25 years of work experience, heads the team responsible for cybersecurity. Our CISO’s team is responsible for leading enterprise-wide cybersecurity strategy, policy, standards and processes. The team includes senior professionals, many with more than 15 years of cybersecurity expertise and industry certifications such as Certified Information Security Systems Professional, CompTIA Security+, Global Information Assurance Certification, and Certified Ethical Hacker. Members of the team are provided with opportunities to attend external training, conferences, and other events to keep abreast of the latest cybersecurity trends. Our CISO receives ongoing updates from his team regarding the prevention, detection, mitigation, and remediation of cybersecurity incidents.
Our CISO meets with our Audit Committee at least annually to discuss cybersecurity risk and related issues. These meetings may encompass a broad range of topics, including:
cybersecurity initiatives and strategies,
cybersecurity events,
emerging threats,
regulatory requirements, and
industry standards.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] Our Audit Committee, which is responsible for oversight of cybersecurity risks, periodically reviews and discusses with management, including the Chief Information Officer ("CIO") and the Chief Information Security Officer ("CISO"), risk issues associated with cybersecurity and policies and controls intended to mitigate those risks.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
Our CISO, who has extensive cybersecurity knowledge and skills gained from over 25 years of work experience, heads the team responsible for cybersecurity. Our CISO’s team is responsible for leading enterprise-wide cybersecurity strategy, policy, standards and processes. The team includes senior professionals, many with more than 15 years of cybersecurity expertise and industry certifications such as Certified Information Security Systems Professional, CompTIA Security+, Global Information Assurance Certification, and Certified Ethical Hacker. Members of the team are provided with opportunities to attend external training, conferences, and other events to keep abreast of the latest cybersecurity trends. Our CISO receives ongoing updates from his team regarding the prevention, detection, mitigation, and remediation of cybersecurity incidents.
Our CISO meets with our Audit Committee at least annually to discuss cybersecurity risk and related issues. These meetings may encompass a broad range of topics, including:
cybersecurity initiatives and strategies,
cybersecurity events,
emerging threats,
regulatory requirements, and
industry standards.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
In the event of a cybersecurity incident, we have an incident response plan which sets forth a framework to report and document such incidents to our cybersecurity incident response team. This framework aims to enable the response team to take actions to monitor, mitigate and remediate such incidents in a timely manner. Cybersecurity incidents are regularly reported to the CIO and CISO and certain critical events are reported to the CEO and the crisis management team comprised
of senior executives. We also have protocols in place by which certain cybersecurity incidents are reported to the Board of Directors as part of their oversight of cybersecurity matters.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true