|
Cybersecurity Risk Management Strategy And Governance
|12 Months Ended
Dec. 28, 2024
|Cybersecurity Risk Management Strategy And Governance [Line Items]
|Cybersecurity Risk Management Processes For Assessing Identifying And Managing Threats [Text Block]
|
Cybersecurity Risk Management and Strategy
We have developed and implemented a cybersecurity risk mitigation strategy intended to protect our information
systems.
aligned with generally accepted cybersecurity standards and frameworks,
Framework, or “NIST CSF,” and our Company is externally audited, or certified, with ISO27001 partial scope.
We maintain an Office of Cybersecurity (“OCS”), led by our Chief Information Security Officer (“CISO”), which
oversees
management team, which continuously evaluates our global cybersecurity
on maintaining and protecting our information systems.
strategy, the OCS partners with our Global Technology Solutions team, which is led by our Chief Technology
Officer (“CTO”) and is comprised of over one hundred professionals that support our information
operations.
monitoring
the Company’s information systems, as well as at our
third-party
partners.
Our CISO reports to our CTO.
experience leading large-scale global IT organizations and received a Bachelor of Business Administration
Business Computer Information Systems and a Master of Business Administration
Our Vice President, Global CISO, who also serves as Vice
President and Head of the Office of Cyber Security, has over 30 years of experience leading global cybersecurity
and technology programs in large and complex corporations, and holds a Certified
Professional and a Certified Information Systems Auditor certification.
Technology and Security from Baker College.
managers who are members of our Executive Steering Committee, comprised
technology, legal and internal auditing officers.
developments, and our Board oversees our risk mitigation strategy principally
Regulatory, Compliance and Cybersecurity Committee, as described in more detail below.
Our cybersecurity risk management program includes, among other
•
risk assessments designed to help identify material cybersecurity risks
•
a security team principally responsible for managing our (i) cybersecurity
(ii) defining cybersecurity control standards;
•
the use of expert external service providers to assess, test or otherwise assist
cybersecurity controls, and to respond to specific cybersecurity threats;
•
the review and assessment of past cybersecurity incidents with a view to
further strengthen our cyber risk mitigation strategy;
•
a written cybersecurity incident response plan that includes procedures
incidents; and
•
a Global Information Security Policy, together with more detailed information security policies,
procedures, standards, and guidelines.
In addition, all employees with systems access are required to participate
anti-phishing courses, along with compliance programs.
also receive additional mandatory annual data security training specific
security threats.
Our cybersecurity risk strategy is integrated into our overall enterprise
cybersecurity team is supported by and connected with the enterprise risk
Prior Cyber Incidents
In addition to immaterial and unrelated prior incidents at certain of
experienced a cyber incident that primarily affected the operations of our North American
medical distribution businesses.
and patient relationship management solutions business was not affected, and
mostly unaffected.
financial results for the fourth quarter and full year 2023, diverted
Company to incur significant remediation costs.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
We have developed and implemented a cybersecurity risk mitigation strategy intended to protect our information
systems.
aligned with generally accepted cybersecurity standards and frameworks,
Framework, or “NIST CSF,” and our Company is externally audited, or certified, with ISO27001 partial scope.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight And Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected Or Reasonably Likely To Materially Affect Registrant [Flag]
|true
|Cybersecurity Risk Materially Affected Or Reasonably Likely To Materially Affect Registrant [Text Block]
|
In addition to immaterial and unrelated prior incidents at certain of
experienced a cyber incident that primarily affected the operations of our North American
medical distribution businesses.
and patient relationship management solutions business was not affected, and
mostly unaffected.
financial results for the fourth quarter and full year 2023, diverted
Company to incur significant remediation costs.
|Cybersecurity Risk Board Of Directors Oversight [Text Block]
|
Cybersecurity Governance
Our Board has a Regulatory, Compliance and Cybersecurity Committee that focuses on cybersecurity oversight,
together with other board committees, principally the Audit Committee.
The purpose of the Regulatory,
Compliance and Cybersecurity Committee is to assist the Board by providing
Company’s senior management responsible for assessing and managing Company-wide regulatory, corporate
compliance and cybersecurity risk management programs.
Compliance and Cybersecurity Committee are to (i) discuss cybersecurity
opportunities relating thereto, (ii) provide expertise to guide assessment
regulatory, corporate compliance and cybersecurity risk management budgeting, spending and capital investment,
(iii) monitor progress and status of the Company’s regulatory, corporate compliance and cybersecurity risk
management programs, (iv) review and evaluate major regulatory, corporate compliance and cybersecurity risk
management initiatives to identify emerging and future opportunities for synergy or to
corporate compliance and cybersecurity risk management investments
(v) report to the Audit Committee on regulatory, corporate compliance and cybersecurity risk management matters
reviewed by the Regulatory, Compliance and Cybersecurity Committee that may impact the Company’s financial
reporting and (vi) be generally available to, and communicate with,
inform the Board in the areas described above.
Our CISO and CTO, along with other key executives who are part of our Executive
strategy, policy,
Board’s Regulatory,
Committee on at least a bi-annual basis.
meets
regular basis as well as in connection with specific cybersecurity issues or
|Cybersecurity Risk Board Committee Or Subcommittee Responsible For Oversight [Text Block]
|
The purpose of the Regulatory,
Compliance and Cybersecurity Committee is to assist the Board by providing
Company’s senior management responsible for assessing and managing Company-wide regulatory, corporate
compliance and cybersecurity risk management programs.
|Cybersecurity Risk Process For Informing Board Committee Or Subcommittee Responsible For Oversight [Text Block]
|
Our Board has a Regulatory, Compliance and Cybersecurity Committee that focuses on cybersecurity oversight,
together with other board committees, principally the Audit Committee.
The purpose of the Regulatory,
Compliance and Cybersecurity Committee is to assist the Board by providing
Company’s senior management responsible for assessing and managing Company-wide regulatory, corporate
compliance and cybersecurity risk management programs.
Compliance and Cybersecurity Committee are to (i) discuss cybersecurity
opportunities relating thereto, (ii) provide expertise to guide assessment
regulatory, corporate compliance and cybersecurity risk management budgeting, spending and capital investment,
(iii) monitor progress and status of the Company’s regulatory, corporate compliance and cybersecurity risk
management programs, (iv) review and evaluate major regulatory, corporate compliance and cybersecurity risk
management initiatives to identify emerging and future opportunities for synergy or to
corporate compliance and cybersecurity risk management investments
(v) report to the Audit Committee on regulatory, corporate compliance and cybersecurity risk management matters
reviewed by the Regulatory, Compliance and Cybersecurity Committee that may impact the Company’s financial
reporting and (vi) be generally available to, and communicate with,
inform the Board in the areas described above.
|Cybersecurity Risk Role Of Management [Text Block]
|
We maintain an Office of Cybersecurity (“OCS”), led by our Chief Information Security Officer (“CISO”), which
oversees
management team, which continuously evaluates our global cybersecurity
on maintaining and protecting our information systems.
strategy, the OCS partners with our Global Technology Solutions team, which is led by our Chief Technology
Officer (“CTO”) and is comprised of over one hundred professionals that support our information
operations.
monitoring
the Company’s information systems, as well as at our
third-party
partners.
|Cybersecurity Risk Management Positions Or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions Or Committees Responsible [Text Block]
|
We maintain an Office of Cybersecurity (“OCS”), led by our Chief Information Security Officer (“CISO”), which
oversees
|Cybersecurity Risk Management Expertise Of Management Responsible [Text Block]
|
Our CISO reports to our CTO.
experience leading large-scale global IT organizations and received a Bachelor of Business Administration
Business Computer Information Systems and a Master of Business Administration
Our Vice President, Global CISO, who also serves as Vice
President and Head of the Office of Cyber Security, has over 30 years of experience leading global cybersecurity
and technology programs in large and complex corporations, and holds a Certified
Professional and a Certified Information Systems Auditor certification.
Technology and Security from Baker College.
managers who are members of our Executive Steering Committee, comprised
technology, legal and internal auditing officers.
developments, and our Board oversees our risk mitigation strategy principally
Regulatory, Compliance and Cybersecurity Committee, as described in more detail below.
|Cybersecurity Risk Process For Informing Management Or Committees Responsible [Text Block]
|
Our CISO and CTO, along with other key executives who are part of our Executive
strategy, policy,
Board’s Regulatory,
Committee on at least a bi-annual basis.
meets
regular basis as well as in connection with specific cybersecurity issues or
|Cybersecurity Risk Management Positions Or Committees Responsible Report To Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef