XML 46 R28.htm IDEA: XBRL DOCUMENT v3.25.0.1
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
We maintain a comprehensive cybersecurity program and process for identifying, assessing and managing risks from cybersecurity threats as part of our broader risk management system. Our cybersecurity program is run by a dedicated team of cybersecurity professionals with deep expertise in incident prevention, detection and remediation, led by our Vice President, Information Security (a certified information systems security professional with a degree in computer science and more than 30 years of relevant work experience) and our Chief Operating Officer (a seasoned executive with a degree in industrial systems and decades of product and technology experience, including more than 19 years with the Company). The Information Security team is responsible for identifying, assessing and mitigating cybersecurity vulnerabilities, threats and risks; evaluating and deploying appropriate security tools; and operating a 24x7 security operations center to promptly detect, remediate and prevent security incidents. The team maintains a comprehensive incident response policy that includes prompt reporting of security incidents to a cross-functional working group (including our Chief Operating Officer, General Counsel, Chief Compliance Officer and other security and privacy personnel) in order to ensure that information required to be disclosed by the Company with respect to security incidents is timely identified and reported.
We have aligned our information security management system to the International Organization for Standardization ("ISO") 27001 standard and our privacy management system to the ISO 27701 standard. An outside auditor tests the effectiveness of our security and privacy controls against the ISO 27001 and 27701 standards on an annual basis. We also undergo client security audits and cybersecurity program assessments by outside consultants, and we regularly update our program and processes to incorporate recommendations from auditors, consultants and other experts. Finally, we maintain a third-party risk management process that includes screening and evaluation by the Information Security team of service providers who will have access to our systems or confidential information, in order to identify and manage cybersecurity risks associated with our use of such providers.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block] We maintain a comprehensive cybersecurity program and process for identifying, assessing and managing risks from cybersecurity threats as part of our broader risk management system.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block] Our Board of Directors has an active role, as a whole and at the committee level, in overseeing management of our material risks from cybersecurity threats.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] The Board's Audit Committee oversees management of financial, regulatory, compliance and security risks and receives reports at least quarterly from our Chief Operating Officer regarding our cybersecurity programs, vulnerabilities, threats and risks.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] The full Board is regularly informed about such risks through committee reports, attendance at committee meetings and other communications.
Cybersecurity Risk Role of Management [Text Block] Our cybersecurity program is run by a dedicated team of cybersecurity professionals with deep expertise in incident prevention, detection and remediation, led by our Vice President, Information Security (a certified information systems security professional with a degree in computer science and more than 30 years of relevant work experience) and our Chief Operating Officer (a seasoned executive with a degree in industrial systems and decades of product and technology experience, including more than 19 years with the Company). The Information Security team is responsible for identifying, assessing and mitigating cybersecurity vulnerabilities, threats and risks; evaluating and deploying appropriate security tools; and operating a 24x7 security operations center to promptly detect, remediate and prevent security incidents. The team maintains a comprehensive incident response policy that includes prompt reporting of security incidents to a cross-functional working group (including our Chief Operating Officer, General Counsel, Chief Compliance Officer and other security and privacy personnel) in order to ensure that information required to be disclosed by the Company with respect to security incidents is timely identified and reported.
Our executive leadership team is responsible for designing and implementing our enterprise risk management program, with input from our Chief Product Officer, Chief Operating Officer, General Counsel and other security and privacy personnel regarding material risks from cybersecurity threats. The executive leadership team regularly discusses security threat trends; incident trends, including any significant incidents that may arise; risk mitigation; and overall security strategy as part of our enterprise security governance process. We consult with outside counsel as appropriate, including on materiality analyses and disclosure matters, and our senior management makes the final materiality determinations and disclosure and other compliance decisions. Our management apprises our independent public accounting firm of any relevant developments.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] Our cybersecurity program is run by a dedicated team of cybersecurity professionals with deep expertise in incident prevention, detection and remediation, led by our Vice President, Information Security (a certified information systems security professional with a degree in computer science and more than 30 years of relevant work experience) and our Chief Operating Officer (a seasoned executive with a degree in industrial systems and decades of product and technology experience, including more than 19 years with the Company).
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] Our cybersecurity program is run by a dedicated team of cybersecurity professionals with deep expertise in incident prevention, detection and remediation, led by our Vice President, Information Security (a certified information systems security professional with a degree in computer science and more than 30 years of relevant work experience) and our Chief Operating Officer (a seasoned executive with a degree in industrial systems and decades of product and technology experience, including more than 19 years with the Company).
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] The team maintains a comprehensive incident response policy that includes prompt reporting of security incidents to a cross-functional working group (including our Chief Operating Officer, General Counsel, Chief Compliance Officer and other security and privacy personnel) in order to ensure that information required to be disclosed by the Company with respect to security incidents is timely identified and reported.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true