XML 49 R33.htm IDEA: XBRL DOCUMENT v3.25.0.1
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Dec. 29, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
Our broader information security program aims to secure our systems, keep our business running, and protect our client partners, field talent, team members, and shareholders from vulnerabilities and threats by protecting against, detecting, and recovering from cybersecurity incidents. With oversight from our Board, the Audit Committee, and management, we have put proactive measures and systems in place in an effort to protect our information assets from unauthorized use or access. Our cybersecurity framework is based on the National Institute of Standards and Technology (“NIST”).

Management Oversight

Key members of senior management, including our Chief Information Officer (“CIO”), are accountable for our cybersecurity and data privacy programs and is supported by the Board of the Directors (the “Board”). Under the guidance of the Board, our IT department, under the direction of our CIO, manages day-to-day operations of the security and data privacy functions and proposes changes to our cybersecurity strategy, which is part of our overall information technology strategy. The senior management, including our CIO, and the Board meet frequently to discuss cyber and data operations, privacy programs and risks. Our CIO has extensive information technology and program management experience and has served many years in our corporate information security organization.

Our IT department monitors and manages system infrastructure in an effort to protect us against threats. Our cybersecurity process considers risks from many sources including, but not limited to, alerts, threat intelligence sources, risk assessments, and vulnerability management. Our cybersecurity process includes a risk assessment procedure, a risk evaluation procedure, and a third-party partner to strengthen our cybersecurity controls. These controls are designed to block and/or provide alerts on suspicious activities. Our security team responds as appropriate to risks identified.

Board Oversight

The Board is actively engaged in the oversight of cybersecurity and data privacy. On a quarterly basis, the Board receives updates on (a) our progress on security improvement objectives, (b) relevant reported cybersecurity internal incidents and the global evolving risks, and (c) results of work performed by our third-party information security partner. We engage subject matter experts in conducting independent assessments of our cybersecurity program maturity, penetration tests, and other tests and assessments.

Third-Party Vendor Management

Many of our information technology systems and networks are cloud-based or managed by third parties, whose future performance and reliability we cannot control. The risk of a cyberattack or security breach on a third party carries the same risks to us as those associated with our internal systems. We seek to reduce these risks by performing significant vendor due diligence procedures prior to engaging with any third-party vendor who will have access to sensitive data. Additionally, we require annual audits of certain third parties’ information technology processes.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block] With oversight from our Board, the Audit Committee, and management, we have put proactive measures and systems in place in an effort to protect our information assets from unauthorized use or access.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block]
The Board is actively engaged in the oversight of cybersecurity and data privacy. On a quarterly basis, the Board receives updates on (a) our progress on security improvement objectives, (b) relevant reported cybersecurity internal incidents and the global evolving risks, and (c) results of work performed by our third-party information security partner. We engage subject matter experts in conducting independent assessments of our cybersecurity program maturity, penetration tests, and other tests and assessments.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] Key members of senior management
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] Key members of senior management, including our Chief Information Officer (“CIO”), are accountable for our cybersecurity and data privacy programs and is supported by the Board of the Directors (the “Board”). Under the guidance of the Board, our IT department, under the direction of our CIO, manages day-to-day operations of the security and data privacy functions and proposes changes to our cybersecurity strategy, which is part of our overall information technology strategy. The senior management, including our CIO, and the Board meet frequently to discuss cyber and data operations, privacy programs and risks. Our CIO has extensive information technology and program management experience and has served many years in our corporate information security organization.
Cybersecurity Risk Role of Management [Text Block]
Key members of senior management, including our Chief Information Officer (“CIO”), are accountable for our cybersecurity and data privacy programs and is supported by the Board of the Directors (the “Board”). Under the guidance of the Board, our IT department, under the direction of our CIO, manages day-to-day operations of the security and data privacy functions and proposes changes to our cybersecurity strategy, which is part of our overall information technology strategy. The senior management, including our CIO, and the Board meet frequently to discuss cyber and data operations, privacy programs and risks. Our CIO has extensive information technology and program management experience and has served many years in our corporate information security organization.
Our IT department monitors and manages system infrastructure in an effort to protect us against threats. Our cybersecurity process considers risks from many sources including, but not limited to, alerts, threat intelligence sources, risk assessments, and vulnerability management. Our cybersecurity process includes a risk assessment procedure, a risk evaluation procedure, and a third-party partner to strengthen our cybersecurity controls. These controls are designed to block and/or provide alerts on suspicious activities. Our security team responds as appropriate to risks identified.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] Key members of senior management
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true