XML 51 R31.htm IDEA: XBRL DOCUMENT v3.25.0.1
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
Tredegar’s business model depends on the efficiency and reliability of its information systems, networks, and essential assets, with a portion of these systems and networks being administered by third-party service providers. Tredegar’s Cybersecurity Program (the “Program”), which was designed utilizing a risk-based approach, was developed to not only prevent, identify, investigate, resolve, and mitigate potential cybersecurity vulnerabilities within Tredegar but also to enhance the information security posture of Tredegar’s operations involving third-party service providers.
Tredegar entrusts its third-party service providers with the responsibility to institute security measure protocols that are appropriately and proportionally tailored to the corresponding risks. However, Tredegar also periodically conducts assessments of the third-party service providers’ security frameworks to verify the implementation of adequate security measures, to safeguard Tredegar against potential vulnerabilities.
The Program leverages a blend of automated systems, manual operations, and external evaluations to proactively identify and mitigate potential cybersecurity threats. Key components of the Program include Tredegar’s Cybersecurity Incident Response Plan and Cyber Crisis Management Plan. These plans encompass a strategic approach that includes: (i) detection of threats, thorough analysis of cybersecurity incidents to determine whether timely notification to Tredegar’s Board of Directors (“Board”) is necessary; (ii) containment of incidents; (iii) eradication or mitigation of threats; (iv) recovery processes; and (v) a comprehensive post-incident review.
To further strengthen its cybersecurity posture, Tredegar employs third-party consultants who work with the internal audit and information technology (“IT”) functions to assess Tredegar’s information security program and practices, including incident management, service continuity, and information security compliance programs, and identify areas for improvement. The results of such an assessment are regularly presented to the Audit Committee. Notably, these assessments include periodic penetration tests, which allow Tredegar to identify vulnerabilities, refine procedures, and enhance its crisis management and recovery capabilities. The Program is also supported by an organizational structure, involving collaboration across various business sectors and an interdisciplinary Global Data Protection and Cybersecurity Oversight Team that meets regularly to identify information security risks and appropriate risk mitigation strategies. Additionally, because Tredegar recognizes the significant role that its employees play in information security, it provides annual formal information security training to all of its employees that covers critical topics such as phishing and email security best practices. Furthermore, periodic simulated phishing exercises are conducted to reinforce these practices.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block]
Tredegar’s business model depends on the efficiency and reliability of its information systems, networks, and essential assets, with a portion of these systems and networks being administered by third-party service providers. Tredegar’s Cybersecurity Program (the “Program”), which was designed utilizing a risk-based approach, was developed to not only prevent, identify, investigate, resolve, and mitigate potential cybersecurity vulnerabilities within Tredegar but also to enhance the information security posture of Tredegar’s operations involving third-party service providers.
Tredegar entrusts its third-party service providers with the responsibility to institute security measure protocols that are appropriately and proportionally tailored to the corresponding risks. However, Tredegar also periodically conducts assessments of the third-party service providers’ security frameworks to verify the implementation of adequate security measures, to safeguard Tredegar against potential vulnerabilities.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block] The Board is responsible for risk management, with specific oversight of cybersecurity risks being delegated to the Audit Committee. The Audit Committee receives updates from Tredegar’s and Bonnell’s IT Directors at each of its quarterly meetings. These updates encompass an assessment of Tredegar’s cybersecurity risk profile, including the efficacy of Tredegar’s cybersecurity policies, procedures, strategies, and areas of emerging risk. Additionally, the Board receives annual, but often more frequent, updates on Tredegar’s cybersecurity systems.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] The Board is responsible for risk management, with specific oversight of cybersecurity risks being delegated to the Audit Committee. The Audit Committee receives updates from Tredegar’s and Bonnell’s IT Directors at each of its quarterly meetings.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] The Audit Committee receives updates from Tredegar’s and Bonnell’s IT Directors at each of its quarterly meetings. These updates encompass an assessment of Tredegar’s cybersecurity risk profile, including the efficacy of Tredegar’s cybersecurity policies, procedures, strategies, and areas of emerging risk. Additionally, the Board receives annual, but often more frequent, updates on Tredegar’s cybersecurity systems.
Cybersecurity Risk Role of Management [Text Block]
Tredegar’s IT Director and Bonnell’s Director of Information Security are responsible for managing the Program, including the prevention, mitigation, detection and remediation of cybersecurity incidents. Tredegar’s IT Director has over 10 years of cybersecurity expertise, including working in similar roles at other companies, has cybersecurity certifications from EC-Council and ODU Global and holds a degree in Computer Science from Universidade Catolica de Pernambuco and an MBA in IT Management from Universidade Federal de Pernambuco. Bonnell’s Director of Information Security has over 30 years of cybersecurity experience, including working in similar roles at other companies, has cybersecurity certifications from EC-Council and ISC^2 and holds a degree in Mechanical Engineering from the Georgia Institute of Technology. Tredegar’s IT Director and Bonnell’s Director of Information Security also regularly collaborate closely with key management, including the Chief Financial Officer, General Counsel, Compliance Manager, and Human Resources Executive Director, to foster effective communication regarding the Program within Tredegar.
The Board is responsible for risk management, with specific oversight of cybersecurity risks being delegated to the Audit Committee. The Audit Committee receives updates from Tredegar’s and Bonnell’s IT Directors at each of its quarterly meetings. These updates encompass an assessment of Tredegar’s cybersecurity risk profile, including the efficacy of Tredegar’s cybersecurity policies, procedures, strategies, and areas of emerging risk. Additionally, the Board receives annual, but often more frequent, updates on Tredegar’s cybersecurity systems.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] The Board is responsible for risk management, with specific oversight of cybersecurity risks being delegated to the Audit Committee. The Audit Committee receives updates from Tredegar’s and Bonnell’s IT Directors at each of its quarterly meetings.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] Tredegar’s IT Director has over 10 years of cybersecurity expertise, including working in similar roles at other companies, has cybersecurity certifications from EC-Council and ODU Global and holds a degree in Computer Science from Universidade Catolica de Pernambuco and an MBA in IT Management from Universidade Federal de Pernambuco.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
Tredegar’s IT Director and Bonnell’s Director of Information Security are responsible for managing the Program, including the prevention, mitigation, detection and remediation of cybersecurity incidents. Tredegar’s IT Director has over 10 years of cybersecurity expertise, including working in similar roles at other companies, has cybersecurity certifications from EC-Council and ODU Global and holds a degree in Computer Science from Universidade Catolica de Pernambuco and an MBA in IT Management from Universidade Federal de Pernambuco. Bonnell’s Director of Information Security has over 30 years of cybersecurity experience, including working in similar roles at other companies, has cybersecurity certifications from EC-Council and ISC^2 and holds a degree in Mechanical Engineering from the Georgia Institute of Technology. Tredegar’s IT Director and Bonnell’s Director of Information Security also regularly collaborate closely with key management, including the Chief Financial Officer, General Counsel, Compliance Manager, and Human Resources Executive Director, to foster effective communication regarding the Program within Tredegar.
The Board is responsible for risk management, with specific oversight of cybersecurity risks being delegated to the Audit Committee. The Audit Committee receives updates from Tredegar’s and Bonnell’s IT Directors at each of its quarterly meetings. These updates encompass an assessment of Tredegar’s cybersecurity risk profile, including the efficacy of Tredegar’s cybersecurity policies, procedures, strategies, and areas of emerging risk. Additionally, the Board receives annual, but often more frequent, updates on Tredegar’s cybersecurity systems.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true