XML 44 R28.htm IDEA: XBRL DOCUMENT v3.25.0.1
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
Management has responsibility for developing and coordinating the Company’s cybersecurity policy and strategy, and for managing the prevention, detection, mitigation and remediation of cybersecurity incidents. We utilize various risk assessment tools and technologies to identify potential cyber and information security threats and risks as well as engage with various third parties to assist in program development, risk evaluation and testing. Our cybersecurity program is predicated on the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF). At minimum, on an annual basis we measure ourselves against this framework and use the NIST CSF as a guide to help us identify, assess, and manage cybersecurity risks relevant to our strategic execution. We have also implemented a third-party risk assessment process for certain service providers, suppliers, and vendors, which is conducted during the procurement cycle. Critical vendors are assessed on an annual basis. In addition, all team members are required to participate in ongoing training and awareness programs that include periodic assessments to drive adoption and awareness of cybersecurity processes and controls.
We promote a company-wide culture of cybersecurity risk management intended to protect the confidentiality, integrity, and availability of our critical systems and the information contained therein. As part of our cybersecurity risk management strategy, our corporate information technology team collaborates cross-functionally with key business leaders within privacy, compliance, finance and operations, among others, to identify, assess, and manage cybersecurity risks relevant to our business. On a quarterly basis, led by the Chief Information Security Officer (CISO) and Privacy Officer, the cybersecurity and privacy governance committee meets, which comprises of our executive and regional leadership teams. This governance committee assists in discussing existing or emerging threats, prioritizing roadmap items and/or budgetary considerations for project work.
No risks from cybersecurity threats or previous cybersecurity incidents have materially affected, or are reasonably likely to materially affect, our business strategy, financial condition or results of operations. However, there can be no assurance that the controls and procedures in place to monitor and mitigate the risks of cyber threats will be successful or sufficient to avoid material losses or consequences in the future. Additionally, while we have insurance coverage in place that is designed to address certain aspects of cyber risks, such insurance coverage may be insufficient to cover all insured losses or all types of claims that may arise.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block]
Management has responsibility for developing and coordinating the Company’s cybersecurity policy and strategy, and for managing the prevention, detection, mitigation and remediation of cybersecurity incidents. We utilize various risk assessment tools and technologies to identify potential cyber and information security threats and risks as well as engage with various third parties to assist in program development, risk evaluation and testing. Our cybersecurity program is predicated on the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF). At minimum, on an annual basis we measure ourselves against this framework and use the NIST CSF as a guide to help us identify, assess, and manage cybersecurity risks relevant to our strategic execution. We have also implemented a third-party risk assessment process for certain service providers, suppliers, and vendors, which is conducted during the procurement cycle. Critical vendors are assessed on an annual basis. In addition, all team members are required to participate in ongoing training and awareness programs that include periodic assessments to drive adoption and awareness of cybersecurity processes and controls.
We promote a company-wide culture of cybersecurity risk management intended to protect the confidentiality, integrity, and availability of our critical systems and the information contained therein. As part of our cybersecurity risk management strategy, our corporate information technology team collaborates cross-functionally with key business leaders within privacy, compliance, finance and operations, among others, to identify, assess, and manage cybersecurity risks relevant to our business. On a quarterly basis, led by the Chief Information Security Officer (CISO) and Privacy Officer, the cybersecurity and privacy governance committee meets, which comprises of our executive and regional leadership teams. This governance committee assists in discussing existing or emerging threats, prioritizing roadmap items and/or budgetary considerations for project work.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block] Our Board of Directors as a whole and through its committees, oversees risk management, including cybersecurity risks. The Board has delegated risk management responsibilities with respects to cybersecurity to our Audit Committee.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] The Board has delegated risk management responsibilities with respects to cybersecurity to our Audit Committee. Specifically, the Audit Committee periodically reviews our cybersecurity policies, data security programs and plans that management has established to monitor compliance and assess preparedness.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] On an annual basis, at a minimum, our CISO or Chief Information Officer (CIO) present necessary updates on our cybersecurity risks and any material cybersecurity incidents. These updates include the following: (i) current cybersecurity threats, (ii) an overview of third-party risks, (iii) our cybersecurity roadmap, (iv) the maturity of our cybersecurity programs and/or (v) ongoing regulatory compliance.
Cybersecurity Risk Role of Management [Text Block]
Management is responsible for the day-to-day handling of risks facing our Company. Our Board of Directors as a whole and through its committees, oversees risk management, including cybersecurity risks. The Board has delegated risk management responsibilities with respects to cybersecurity to our Audit Committee. Specifically, the Audit Committee periodically reviews our cybersecurity policies, data security programs and plans that management has established to monitor compliance and assess preparedness. Our cybersecurity team is led by our CISO, who has over 20 years of experience in the cybersecurity space and is a Certified Information Security Manager (CISM). On an annual basis, at a minimum, our CISO or Chief Information Officer (CIO) present necessary updates on our cybersecurity risks and any material cybersecurity incidents. These updates include the following: (i) current cybersecurity threats, (ii) an overview of third-party risks, (iii) our cybersecurity roadmap, (iv) the maturity of our cybersecurity programs and/or (v) ongoing regulatory compliance.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] Our cybersecurity team is led by our CISO, who has over 20 years of experience in the cybersecurity space and is a Certified Information Security Manager (CISM). On an annual basis, at a minimum, our CISO or Chief Information Officer (CIO) present necessary updates on our cybersecurity risks and any material cybersecurity incidents. These updates include the following: (i) current cybersecurity threats, (ii) an overview of third-party risks, (iii) our cybersecurity roadmap, (iv) the maturity of our cybersecurity programs and/or (v) ongoing regulatory compliance.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] Our cybersecurity team is led by our CISO, who has over 20 years of experience in the cybersecurity space and is a Certified Information Security Manager (CISM). On an annual basis, at a minimum, our CISO or Chief Information Officer (CIO) present necessary updates on our cybersecurity risks and any material cybersecurity incidents.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] On an annual basis, at a minimum, our CISO or Chief Information Officer (CIO) present necessary updates on our cybersecurity risks and any material cybersecurity incidents. These updates include the following: (i) current cybersecurity threats, (ii) an overview of third-party risks, (iii) our cybersecurity roadmap, (iv) the maturity of our cybersecurity programs and/or (v) ongoing regulatory compliance.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true