XML 61 R7.htm IDEA: XBRL DOCUMENT v3.25.1
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Abstract]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] Risk

We maintain a comprehensive process (the “Cybersecurity Program”) for assessing, identifying, and managing potential cybersecurity threats, including risks that could affect our business operations.

 

The Cybersecurity Program is managed by our Information Security Manager (“CISO”) and overseen by our Chief Information Technology Director (“CIO”), who leads our information security team. This team is responsible for the development and execution of the Cybersecurity Program and is composed of individuals with formal education and degrees and certifications in information technology or cybersecurity and relevant experience working in information technology and cybersecurity, including related industries of the Company. Additionally, they receive periodic updates, training, and education on cybersecurity related topics.

 

As part of our Cybersecurity Program, the information security team carries out the following activities:

 

 

·Coordinates the actions that we execute to detect, respond to and recover from cybersecurity incidents, such as processes to triage, assess severity for, escalate, contain, investigate and remediate the incident, as well as to comply with potentially applicable legal obligations and mitigate brand and reputational damages.
·Uses the National Institute of Standards and Technology (NIST) Cybersecurity Framework to measure our security posture and manage risk.
·Monitors, detects and prevents cybersecurity threats through different software and hardware solutions to protect our environment, such as multifactor authentication, firewalls, penetration testing, and a 24/7 Security Operation Center (“SOC”).
·Conducts annual cybersecurity trainings for all our employees with the aim of deepening awareness and learning regarding risks, threats, and good practices in information security, where different interactive initiatives are performed. During the year 2024, we carried out these trainings for the eighth consecutive year.
·Completes regular tests of our controls through penetration testing, vulnerability scanning and attack simulation.
·Informs the CISO, through e-mails and automated security alerts, of any cybersecurity matter. At least weekly, the CISO informs the CIO the relevant events during the period, having special meeting or communications if urgent matters arise.

 

 

Moreover, our Board recognizes the importance of cybersecurity in safeguarding the Company’s sensitive information and the potential effects that a cybersecurity incident could have on our operations. The Board is responsible for overseeing overall risk management for the Company, including cybersecurity risks, and has delegated responsibility for such oversight to the Audit Committee. Our Board receives annual updates about cybersecurity risks and events from our CISO and CIO. These updates include information regarding the deployment and administration of our Cybersecurity Program, status of projects relating to cybersecurity, and cybersecurity activities of the period, among other matters.

 

We remain committed to continuously enhancing our Cybersecurity Program to protect our business operations and stakeholders.

 

During 2024, we were the target of different cybersecurity threats, but they did not result in a significant loss or a negative impact on our operations since no attack attempt achieved its objective due to the measures implemented by the Company. Please see “Risk Factors - Cybersecurity events, such as a cyber-attack could adversely affect our business, financial condition, operational results and cash flows”.
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block] we were the target of different cybersecurity threats, but they did not result in a significant loss or a negative impact on our operations since no attack attempt achieved its objective due to the measures implemented by the Company.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] The Cybersecurity Program is managed by our Information Security Manager (“CISO”) and overseen by our Chief Information Technology Director (“CIO”), who leads our information security team.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] This team is responsible for the development and execution of the Cybersecurity Program and is composed of individuals with formal education and degrees and certifications in information technology or cybersecurity and relevant experience working in information technology and cybersecurity, including related industries of the Company.
Cybersecurity Risk Role of Management [Text Block] our Board recognizes the importance of cybersecurity in safeguarding the Company’s sensitive information and the potential effects that a cybersecurity incident could have on our operations.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] The Board is responsible for overseeing overall risk management for the Company, including cybersecurity risks, and has delegated responsibility for such oversight to the Audit Committee.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true