XML 55 R27.htm IDEA: XBRL DOCUMENT v3.25.0.1
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
We have established various policies, processes, and technologies to aid in our efforts to assess, identify, manage, and mitigate material risks posed by cybersecurity threats, including, among other things:
Our CISO and IT teams continuously monitor our systems and perform an annual cybersecurity risk assessment;
We have implemented a proactive incident response and management plan generally aligned with the National Institute of Standards and Technology (NIST), with annual plan testing and training for employees involved in the response process;
Annual penetration tests are performed by a third party and any notable findings are included in remediation plans;
We engage with key industry partners and threat intelligence services, including assessors, consultants and other industry third parties to evaluate our cybersecurity risk management and incident response plans and processes;
All employees, contractors and temporary workers are required to review and acknowledge our acceptable use policies, which include sections on information and cybersecurity practices and policies;
Employees are regularly engaged in cybersecurity awareness campaigns, anti-phishing tests, and mandatory training as needed;
We address third-party cybersecurity risks through interviews and third-party independent assessment reports;
We maintain cybersecurity insurance coverage as part of our overall insurance portfolio; and
In conformity with customer requirements, we require proof that subcontractors complete relevant cybersecurity education and awareness training prior to being awarded a subcontract.
We are not aware of any risks from cybersecurity threats that have materially affected, or are reasonably likely to materially affect, our Company, business strategy, or financial results, and we have not experienced any cybersecurity incidents that have had a material adverse impact on our operations or financial results. See Item 1A. Risk Factors for a discussion of cybersecurity risks.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block]
We have established various policies, processes, and technologies to aid in our efforts to assess, identify, manage, and mitigate material risks posed by cybersecurity threats, including, among other things:
Our CISO and IT teams continuously monitor our systems and perform an annual cybersecurity risk assessment;
We have implemented a proactive incident response and management plan generally aligned with the National Institute of Standards and Technology (NIST), with annual plan testing and training for employees involved in the response process;
Annual penetration tests are performed by a third party and any notable findings are included in remediation plans;
We engage with key industry partners and threat intelligence services, including assessors, consultants and other industry third parties to evaluate our cybersecurity risk management and incident response plans and processes;
All employees, contractors and temporary workers are required to review and acknowledge our acceptable use policies, which include sections on information and cybersecurity practices and policies;
Employees are regularly engaged in cybersecurity awareness campaigns, anti-phishing tests, and mandatory training as needed;
We address third-party cybersecurity risks through interviews and third-party independent assessment reports;
We maintain cybersecurity insurance coverage as part of our overall insurance portfolio; and
In conformity with customer requirements, we require proof that subcontractors complete relevant cybersecurity education and awareness training prior to being awarded a subcontract.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block]
Cybersecurity and risks related to our information technology (“IT”) are an important focus of our Board of Directors’ risk oversight. Our Board of Directors, with assistance from the Audit Committee, oversees the Company’s enterprise risk management process, which includes cybersecurity risk management. The Audit Committee, a member of which holds a Certificate in Cyber Risk Governance and a Qualified Risk Director designation from the DCRO Institute, receives regular reports from our Chief Information Officer (“CIO”), along with members of senior management, on the identification and status of cybersecurity risks and management.
Our IT and cybersecurity programs are managed by our CIO, who reports to the President (who also became the Chief Executive Officer effective January 1, 2025). Our CIO has over 30 years of experience in managing IT and cybersecurity. We also have a dedicated Chief Information Security Officer (“CISO”), who reports to the CIO and has overall responsibility for establishing our enterprise-wide cybersecurity strategy, standards, architecture, processes and procedures, and policies. Our CISO has over 25 years of experience in IT and cybersecurity. The Company has adopted incident response plan procedures for assessing and escalating cybersecurity incidents to various response teams that include the CISO, the CIO and other senior management, as necessary.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] Our Board of Directors, with assistance from the Audit Committee, oversees the Company’s enterprise risk management process, which includes cybersecurity risk management.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] The Audit Committee, a member of which holds a Certificate in Cyber Risk Governance and a Qualified Risk Director designation from the DCRO Institute, receives regular reports from our Chief Information Officer (“CIO”), along with members of senior management, on the identification and status of cybersecurity risks and management.
Cybersecurity Risk Role of Management [Text Block]
Cybersecurity and risks related to our information technology (“IT”) are an important focus of our Board of Directors’ risk oversight. Our Board of Directors, with assistance from the Audit Committee, oversees the Company’s enterprise risk management process, which includes cybersecurity risk management. The Audit Committee, a member of which holds a Certificate in Cyber Risk Governance and a Qualified Risk Director designation from the DCRO Institute, receives regular reports from our Chief Information Officer (“CIO”), along with members of senior management, on the identification and status of cybersecurity risks and management.
Our IT and cybersecurity programs are managed by our CIO, who reports to the President (who also became the Chief Executive Officer effective January 1, 2025). Our CIO has over 30 years of experience in managing IT and cybersecurity. We also have a dedicated Chief Information Security Officer (“CISO”), who reports to the CIO and has overall responsibility for establishing our enterprise-wide cybersecurity strategy, standards, architecture, processes and procedures, and policies. Our CISO has over 25 years of experience in IT and cybersecurity. The Company has adopted incident response plan procedures for assessing and escalating cybersecurity incidents to various response teams that include the CISO, the CIO and other senior management, as necessary.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
Cybersecurity and risks related to our information technology (“IT”) are an important focus of our Board of Directors’ risk oversight. Our Board of Directors, with assistance from the Audit Committee, oversees the Company’s enterprise risk management process, which includes cybersecurity risk management. The Audit Committee, a member of which holds a Certificate in Cyber Risk Governance and a Qualified Risk Director designation from the DCRO Institute, receives regular reports from our Chief Information Officer (“CIO”), along with members of senior management, on the identification and status of cybersecurity risks and management.
Our IT and cybersecurity programs are managed by our CIO, who reports to the President (who also became the Chief Executive Officer effective January 1, 2025). Our CIO has over 30 years of experience in managing IT and cybersecurity. We also have a dedicated Chief Information Security Officer (“CISO”), who reports to the CIO and has overall responsibility for establishing our enterprise-wide cybersecurity strategy, standards, architecture, processes and procedures, and policies. Our CISO has over 25 years of experience in IT and cybersecurity. The Company has adopted incident response plan procedures for assessing and escalating cybersecurity incidents to various response teams that include the CISO, the CIO and other senior management, as necessary.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] Our IT and cybersecurity programs are managed by our CIO, who reports to the President (who also became the Chief Executive Officer effective January 1, 2025). Our CIO has over 30 years of experience in managing IT and cybersecurity. We also have a dedicated Chief Information Security Officer (“CISO”), who reports to the CIO and has overall responsibility for establishing our enterprise-wide cybersecurity strategy, standards, architecture, processes and procedures, and policies. Our CISO has over 25 years of experience in IT and cybersecurity.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] The Company has adopted incident response plan procedures for assessing and escalating cybersecurity incidents to various response teams that include the CISO, the CIO and other senior management, as necessary.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true