XML 44 R29.htm IDEA: XBRL DOCUMENT v3.25.0.1
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
Identifying, assessing, and managing cybersecurity risks is an important component of our overall enterprise risk management program. Our cybersecurity programs have been developed based on the National Institute of Standards and Technology Cybersecurity Framework and seek to protect us against cybersecurity risks. Among other things, these programs generally involve maturity evaluations and assessments by third parties, vulnerability scanning, employee testing and training, technical and business team-focused tabletop exercises, business continuity planning, incident response planning, and data security assessments of third-party service providers as a part of vendor management.
Identified Risks
As of the date of this Annual Report, we are not aware of any cybersecurity threats that have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations, or financial condition. However, we face certain ongoing risks from cybersecurity threats that, if realized, may, among other things, cause material disruptions to our operations, which may materially affect us, including our business strategy, results of operations and/or financial condition. For more information about these risks, see the risk factor titled “Our operations are subject to cybersecurity risks that could have a material adverse effect on our results of operations and financial condition” under Item 1A of Part I of this Annual Report.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block]
Identifying, assessing, and managing cybersecurity risks is an important component of our overall enterprise risk management program. Our cybersecurity programs have been developed based on the National Institute of Standards and Technology Cybersecurity Framework and seek to protect us against cybersecurity risks. Among other things, these programs generally involve maturity evaluations and assessments by third parties, vulnerability scanning, employee testing and training, technical and business team-focused tabletop exercises, business continuity planning, incident response planning, and data security assessments of third-party service providers as a part of vendor management.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block]
Our Board of Directors (the “Board”) considers cybersecurity risk as part of its risk oversight function and has assigned oversight of cybersecurity risk management to the Audit Committee. The Audit Committee regularly receives reports from our management, including the SC (defined below) and our senior IT leadership and third parties on cybersecurity matters. The Audit Committee reports to the Board regarding its activities, including those related to cybersecurity. In addition, the Board receives reports addressing cybersecurity as part of our overall enterprise risk management program and to the extent cybersecurity matters are addressed therein, in regular business updates.
We have established a Security Committee (the “SC”), comprised of senior departmental leadership including our Chief Financial Officer, Executive Vice President and General Counsel, Senior Vice President – Strategic Development and Investor Relations, Vice President – IT, Vice President – Internal Audit, and Vice President – Corporate Operations, each of whom has between 10 to 20 years of experience managing risks at the Company and at similar companies, including risks arising from cybersecurity threats. The SC meets quarterly to discuss and review cybersecurity concerns that arise during the
year. The SC also identifies areas that should be addressed and reviews and updates security policies, as necessary. The SC has primary management oversight responsibility for assessing and managing risks from cybersecurity threats.
Our senior IT leadership is responsible for the day-to-day management and development of appropriate cybersecurity programs, including as may be required by applicable law or regulation. Our senior IT leadership monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents as part of the cybersecurity programs described above, works closely with the SC, and reports regular updates to the Audit Committee. Our IT team is led by our Vice President – IT, who has over 13 years of experience managing global IT operations, including strategy, applications, infrastructure, information security, support, and execution.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] We have established a Security Committee (the “SC”), comprised of senior departmental leadership including our Chief Financial Officer, Executive Vice President and General Counsel, Senior Vice President – Strategic Development and Investor Relations, Vice President – IT, Vice President – Internal Audit, and Vice President – Corporate Operations, each of whom has between 10 to 20 years of experience managing risks at the Company and at similar companies, including risks arising from cybersecurity threats.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] The Audit Committee regularly receives reports from our management, including the SC (defined below) and our senior IT leadership and third parties on cybersecurity matters. The Audit Committee reports to the Board regarding its activities, including those related to cybersecurity.
Cybersecurity Risk Role of Management [Text Block]
Our Board of Directors (the “Board”) considers cybersecurity risk as part of its risk oversight function and has assigned oversight of cybersecurity risk management to the Audit Committee. The Audit Committee regularly receives reports from our management, including the SC (defined below) and our senior IT leadership and third parties on cybersecurity matters. The Audit Committee reports to the Board regarding its activities, including those related to cybersecurity. In addition, the Board receives reports addressing cybersecurity as part of our overall enterprise risk management program and to the extent cybersecurity matters are addressed therein, in regular business updates.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
Our senior IT leadership is responsible for the day-to-day management and development of appropriate cybersecurity programs, including as may be required by applicable law or regulation. Our senior IT leadership monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents as part of the cybersecurity programs described above, works closely with the SC, and reports regular updates to the Audit Committee. Our IT team is led by our Vice President – IT, who has over 13 years of experience managing global IT operations, including strategy, applications, infrastructure, information security, support, and execution.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
We have established a Security Committee (the “SC”), comprised of senior departmental leadership including our Chief Financial Officer, Executive Vice President and General Counsel, Senior Vice President – Strategic Development and Investor Relations, Vice President – IT, Vice President – Internal Audit, and Vice President – Corporate Operations, each of whom has between 10 to 20 years of experience managing risks at the Company and at similar companies, including risks arising from cybersecurity threats. The SC meets quarterly to discuss and review cybersecurity concerns that arise during the
year. The SC also identifies areas that should be addressed and reviews and updates security policies, as necessary. The SC has primary management oversight responsibility for assessing and managing risks from cybersecurity threats.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
Our senior IT leadership is responsible for the day-to-day management and development of appropriate cybersecurity programs, including as may be required by applicable law or regulation. Our senior IT leadership monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents as part of the cybersecurity programs described above, works closely with the SC, and reports regular updates to the Audit Committee. Our IT team is led by our Vice President – IT, who has over 13 years of experience managing global IT operations, including strategy, applications, infrastructure, information security, support, and execution.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true