XML 49 R34.htm IDEA: XBRL DOCUMENT v3.25.1
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
The Board of Directors is responsible for the Company’s risk management strategy and overseeing the Company’s risk management program, of which cybersecurity is a critical element. The Chief Strategy and Technology Officer (“CSTO”) and the Chief Information Security Officer (“CISO”) are responsible for designing, implementing and administering the Company’s cybersecurity risk management policies, processes and practices, business continuity planning and disaster recovery functions and activities. The CSTO and CISO meet on a quarterly basis with other members of Management as the Technology and Information Security Committee (“TIS Committee”) to review the Company’s cybersecurity risk management, business continuity planning and disaster recovery strategy and performance.
The Company’s cybersecurity policies, standards, processes, and practices are generally based on recognized frameworks established by the National Institute of Standards and Technology (“NIST”), the International Organization for Standardization (“ISO”), applicable industry standards, and applicable data privacy and cybersecurity regulations. Annual technology and cybersecurity risk assessments are conducted to identify and evaluate applicable risks and controls designed to address such risks. In general, the Company seeks to identify, assess and manage material cybersecurity risks through a company-wide approach addressing the confidentiality, integrity, and availability of the Company’s information systems and the information that the Company collects and processes.
Cybersecurity Risk Management and Strategy
The Company’s cybersecurity risk management strategy focuses on several areas:
Identification and Reporting: The Company strives to have controls and procedures designed to identify, assess, manage and respond to cybersecurity threats and incidents, including fulfilling potential public disclosure or reporting requirements as may be applicable.
Technical Safeguards: The Company strives to implement and maintain technical safeguards designed to protect the Company’s information systems and data from cybersecurity threats, including perimeter and web application firewalls, proxy, intrusion prevention and detection systems, anti-malware, endpoint detection response functionality, data loss prevention systems, security incident event management, geo-blocking and access controls. Such safeguards are generally evaluated through internal security testing, third party penetration testing and vulnerability assessments, as well as outside audits and certifications, and revised as warranted. The Company seeks to comply with the cybersecurity framework guidelines issued by the NIST and ISO.
Education and Awareness: The Company provides periodic, mandatory training for all levels of employees regarding information security, cybersecurity threats, business continuity planning and disaster recovery in an effort to equip Company employees with tools to address cybersecurity threats, and to communicate the Company’s evolving information security policies, standards, processes and practices.
Incident Response and Recovery Planning: The Company’s Security Operations Center (“SOC”), reporting to the CISO, strives to provide 24x7 incident monitoring. If an incident occurs which SOC determines qualifies as a “critical risk” according to predetermined criteria, Company policy requires the SOC to engage an incident management team to assist with evaluating, responding to and managing the response of the incident. The Company has established and seeks to maintain comprehensive incident identification, containment, response and business continuity plans designed to respond to potential cybersecurity incidents. The Company strives to conduct periodic drills and tabletop exercises to test these.
Third-Party Risk Management: The Company strives to conduct initial and periodic risk evaluations of vendors meeting predefined criteria for heightened cybersecurity risk, based on their access to or provision of critical information systems or data.
The Company strives to conduct periodic assessments of the Company’s policies, standards, processes and practices. Summary results of such assessments are evaluated by the CISO to assist the Company in adjusting its cybersecurity policies, standards, processes and practices; the CISO reviews critical results with the TIS Committee.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block] The Company’s cybersecurity policies, standards, processes, and practices are generally based on recognized frameworks established by the National Institute of Standards and Technology (“NIST”), the International Organization for Standardization (“ISO”), applicable industry standards, and applicable data privacy and cybersecurity regulations. Annual technology and cybersecurity risk assessments are conducted to identify and evaluate applicable risks and controls designed to address such risks. In general, the Company seeks to identify, assess and manage material cybersecurity risks through a company-wide approach addressing the confidentiality, integrity, and availability of the Company’s information systems and the information that the Company collects and processes.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block] The Board of Directors oversees the Company’s risk management program, including the management of cybersecurity threats. The Board of Directors receives regular reports from the CTSO on cybersecurity threats and the Company’s mitigation strategies. The TIS Committee provides Management oversight of the Company’s cybersecurity risk management, business continuity planning and disaster recovery strategy and performance.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] The TIS Committee provides Management oversight of the Company’s cybersecurity risk management, business continuity planning and disaster recovery strategy and performance.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] To facilitate the success of the Company’s cybersecurity program, cross-functional teams work with the CISO and SOC seek to address cybersecurity threats and respond to cybersecurity incidents.
Cybersecurity Risk Role of Management [Text Block]
Governance
The Board of Directors oversees the Company’s risk management program, including the management of cybersecurity threats. The Board of Directors receives regular reports from the CTSO on cybersecurity threats and the Company’s mitigation strategies. The TIS Committee provides Management oversight of the Company’s cybersecurity risk management, business continuity planning and disaster recovery strategy and performance.
To facilitate the success of the Company’s cybersecurity program, cross-functional teams work with the CISO and SOC seek to address cybersecurity threats and respond to cybersecurity incidents. Through ongoing communications with these teams, the CISO and Management are informed about and monitor the prevention, detection, mitigation and remediation of cybersecurity threats and incidents and report such threats and incidents to the Board of Directors, as appropriate.
The CISO has served in various roles in information technology, information security, and business continuity for over 20 years. The CISO holds undergraduate and graduate degrees in Information Systems Management and has attained the professional certification of Certified Information Security Manager from the Information Systems Audit and Control Association.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] The Board of Directors oversees the Company’s risk management program, including the management of cybersecurity threats. The Board of Directors receives regular reports from the CTSO on cybersecurity threats and the Company’s mitigation strategies. The TIS Committee provides Management oversight of the Company’s cybersecurity risk management, business continuity planning and disaster recovery strategy and performance.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
The Board of Directors oversees the Company’s risk management program, including the management of cybersecurity threats. The Board of Directors receives regular reports from the CTSO on cybersecurity threats and the Company’s mitigation strategies. The TIS Committee provides Management oversight of the Company’s cybersecurity risk management, business continuity planning and disaster recovery strategy and performance.
To facilitate the success of the Company’s cybersecurity program, cross-functional teams work with the CISO and SOC seek to address cybersecurity threats and respond to cybersecurity incidents. Through ongoing communications with these teams, the CISO and Management are informed about and monitor the prevention, detection, mitigation and remediation of cybersecurity threats and incidents and report such threats and incidents to the Board of Directors, as appropriate.
The CISO has served in various roles in information technology, information security, and business continuity for over 20 years. The CISO holds undergraduate and graduate degrees in Information Systems Management and has attained the professional certification of Certified Information Security Manager from the Information Systems Audit and Control Association.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
The Board of Directors oversees the Company’s risk management program, including the management of cybersecurity threats. The Board of Directors receives regular reports from the CTSO on cybersecurity threats and the Company’s mitigation strategies. The TIS Committee provides Management oversight of the Company’s cybersecurity risk management, business continuity planning and disaster recovery strategy and performance.
To facilitate the success of the Company’s cybersecurity program, cross-functional teams work with the CISO and SOC seek to address cybersecurity threats and respond to cybersecurity incidents. Through ongoing communications with these teams, the CISO and Management are informed about and monitor the prevention, detection, mitigation and remediation of cybersecurity threats and incidents and report such threats and incidents to the Board of Directors, as appropriate.
The CISO has served in various roles in information technology, information security, and business continuity for over 20 years. The CISO holds undergraduate and graduate degrees in Information Systems Management and has attained the professional certification of Certified Information Security Manager from the Information Systems Audit and Control Association.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true