XML 180 R33.htm IDEA: XBRL DOCUMENT v3.25.3
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Aug. 31, 2025
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
CMC has established a comprehensive cybersecurity risk management program to identify, assess and manage material risks from cybersecurity threats to our computer systems, outsourced services, communications systems, industrial processing equipment, hardware and software, and to safeguard our data and our customers’ data. Our risk management program includes a documented cybersecurity incident response plan and a data breach response plan (the "response plans") that outline how to respond to and contain incidents and data breaches. Additionally, we maintain a cybersecurity incident disclosure and evaluation plan (the "disclosure plan") which is used to assess the impact of a cybersecurity incident and promptly issue required SEC disclosures if needed. The response plans and disclosure plan are adapted based on the type of incident or data breach and are tested at least once per year. We use the National Institute of Standards and Technology Cybersecurity Framework to guide our risk management program and engage third parties to regularly review our response plans.

CMC recognizes the critical importance of a well-developed cybersecurity risk management program and has designed ongoing cybersecurity management protocols that are embedded in our global business processes and activities. These protocols include, but are not limited to, penetration testing, vulnerability scanning, attack simulations and appropriate internal controls, along with independent third-party audits conducted to evaluate compliance with security standards and best practices. The protocols are designed by our Chief Information Security Officer ("CISO") and implemented by an experienced team comprising our information security and various technology departments. We engage expert consultants and third-party service providers to review our cybersecurity controls and readiness, alert us to potential improvements and provide incremental industry knowledge and expertise. Additionally, employees are required to complete cybersecurity training at the start of their
employment and annually thereafter, and are regularly exposed to phishing awareness campaigns that simulate real-world threats.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block] CMC has established a comprehensive cybersecurity risk management program to identify, assess and manage material risks from cybersecurity threats to our computer systems, outsourced services, communications systems, industrial processing equipment, hardware and software, and to safeguard our data and our customers’ data.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block] Both management and our Board understand that cybersecurity is crucial for securing our data and operations and defending the interests of our stakeholders. Our Board considers cybersecurity risk management as part of its general oversight function and receives an annual update on cybersecurity matters. The audit committee of our Board oversees management’s process for identifying and mitigating cybersecurity threats and implementing the cybersecurity risk management processes described above. On a quarterly basis, our Vice President and Chief Information Officer ("CIO") and CISO update the audit committee regarding cybersecurity management initiatives, the status of ongoing cybersecurity threats and other developments in our cybersecurity management protocols.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] Both management and our Board understand that cybersecurity is crucial for securing our data and operations and defending the interests of our stakeholders. Our Board considers cybersecurity risk management as part of its general oversight function and receives an annual update on cybersecurity matters.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] Both management and our Board understand that cybersecurity is crucial for securing our data and operations and defending the interests of our stakeholders. Our Board considers cybersecurity risk management as part of its general oversight function and receives an annual update on cybersecurity matters. The audit committee of our Board oversees management’s process for identifying and mitigating cybersecurity threats and implementing the cybersecurity risk management processes described above. On a quarterly basis, our Vice President and Chief Information Officer ("CIO") and CISO update the audit committee regarding cybersecurity management initiatives, the status of ongoing cybersecurity threats and other developments in our cybersecurity management protocols.
Cybersecurity Risk Role of Management [Text Block]
Both management and our Board understand that cybersecurity is crucial for securing our data and operations and defending the interests of our stakeholders. Our Board considers cybersecurity risk management as part of its general oversight function and receives an annual update on cybersecurity matters. The audit committee of our Board oversees management’s process for identifying and mitigating cybersecurity threats and implementing the cybersecurity risk management processes described above. On a quarterly basis, our Vice President and Chief Information Officer ("CIO") and CISO update the audit committee regarding cybersecurity management initiatives, the status of ongoing cybersecurity threats and other developments in our cybersecurity management protocols.

Our CISO has many years of experience in creating and implementing cybersecurity risk management programs and using cybersecurity management technologies and infrastructure solutions. Our CISO works under the supervision of our CIO, who has extensive experience in information technology and cybersecurity functions. The CISO and the CIO are responsible for daily cybersecurity risk management, establishing risk management practices and executing the response plans when potential cybersecurity incidents arise. We engage a third-party service provider on a biannual basis to evaluate our cybersecurity risk management program and perform health checks on key applications. We also complete annual penetration testing to test our defenses against potential threats or risks.
The response plans define a cross-functional cyber incident response team (the "CIRT") that includes members of senior management, including the CISO and CIO, among other skilled employees. The CIRT supports the detection, mitigation and remediation of cybersecurity incidents and informs relevant members of management and the audit committee about cybersecurity threats and events. Select CIRT members participate in regular technical readiness exercises. Moreover, our executive officers participate in annual crisis tabletop exercises and attack simulations to prepare for a swift, effective and thorough response to potential cybersecurity incidents.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] On a quarterly basis, our Vice President and Chief Information Officer ("CIO") and CISO update the audit committee regarding cybersecurity management initiatives, the status of ongoing cybersecurity threats and other developments in our cybersecurity management protocols.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] Our CISO has many years of experience in creating and implementing cybersecurity risk management programs and using cybersecurity management technologies and infrastructure solutions.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] On a quarterly basis, our Vice President and Chief Information Officer ("CIO") and CISO update the audit committee regarding cybersecurity management initiatives, the status of ongoing cybersecurity threats and other developments in our cybersecurity management protocols.
Our CISO has many years of experience in creating and implementing cybersecurity risk management programs and using cybersecurity management technologies and infrastructure solutions. Our CISO works under the supervision of our CIO, who has extensive experience in information technology and cybersecurity functions. The CISO and the CIO are responsible for daily cybersecurity risk management, establishing risk management practices and executing the response plans when potential cybersecurity incidents arise. We engage a third-party service provider on a biannual basis to evaluate our cybersecurity risk management program and perform health checks on key applications. We also complete annual penetration testing to test our defenses against potential threats or risks.
The response plans define a cross-functional cyber incident response team (the "CIRT") that includes members of senior management, including the CISO and CIO, among other skilled employees. The CIRT supports the detection, mitigation and remediation of cybersecurity incidents and informs relevant members of management and the audit committee about cybersecurity threats and events. Select CIRT members participate in regular technical readiness exercises. Moreover, our executive officers participate in annual crisis tabletop exercises and attack simulations to prepare for a swift, effective and thorough response to potential cybersecurity incidents.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true