|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Cybersecurity forms an integral part of our risk management practices. We have established and maintain a Cybersecurity Risk Program which has been developed to assess, identify and manage material risks from cybersecurity threats. Our program is inclusive of related information security policies and procedures to protect the confidentiality, integrity, and availability of the information contained within our systems, products, and services, and to assess, identify, manage, and address cybersecurity risks. Our internal cybersecurity policies and procedures incorporate industry best practices and are assessed annually as part of our Cybersecurity Risk Program review. These policies and procedures include information security policies, incident response procedure, risk assessment procedures and a vendor management policy.
We have verified our information security management policies and procedures and received certifications in accordance with the ISO 27001:2022 information security management standard and ISO 27701:2019 privacy management standard as well as other certifications such as FedRAMP, SOC 2 Type II Applications, PCI DSS, and HITRUST for specific business lines.
We utilize multiple third-party experts to support our program, to advise us on best practices and assist us in evaluating and enhancing our cybersecurity practices. These experts include threat monitoring service providers, cyber software and managed service providers, penetration testing firms, forensic investigators, cybersecurity consultants, and legal counsel specializing in the cyber domain.
We regularly conduct cybersecurity risk assessments and audits, both internally and through the engagement of third parties. These processes include regular scanning of our information systems for vulnerabilities, including by conducting penetration testing, and we maintain tools to detect unusual or unauthorized activities that may affect our systems, products, and services. We also retain the services of a reputable third-party firm for threat monitoring and detection.
We require that employees, contractors, partners, and vendors understand their cybersecurity responsibilities. All of our employees conduct an annual cybersecurity training and other on-going cybersecurity awareness exercises.
We maintain third party risk management process in order to identify, assess and mitigate the risks associated with our third-party service providers. As part of this process, we impose contractual obligations related to information security and require that our third-party partners maintain adequate security measures and controls to ensure the security of our data.Our incident response policy provides guidelines for the handling and reporting of cybersecurity incidents. In the event of a potential cybersecurity incident, our Security Operations Center (SOC) conducts an initial assessment and, depending on the severity of the incident, provides a report regarding the incident to our Corporate VP Information Security. The Corporate VP Information Security then consults with other internal and external parties, depending upon the nature and/or severity of the incident, including members of our Cyber Incident Response Team (CIRT) and our General Counsel. Depending on the assessed potential materiality of an incident, notification may be given to our Chief Financial Officer, Chief Executive Officer, the Chair of the Board’s Internal Audit Committee, and the Chairman of our Board of Directors. Additional guidelines covered under our incident response policy include steps for incident identification, containment, eradication, recovery, and lessons learned activities.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|Cybersecurity forms an integral part of our risk management practices. We have established and maintain a Cybersecurity Risk Program which has been developed to assess, identify and manage material risks from cybersecurity threats. Our program is inclusive of related information security policies and procedures to protect the confidentiality, integrity, and availability of the information contained within our systems, products, and services, and to assess, identify, manage, and address cybersecurity risks. Our internal cybersecurity policies and procedures incorporate industry best practices and are assessed annually as part of our Cybersecurity Risk Program review. These policies and procedures include information security policies, incident response procedure, risk assessment procedures and a vendor management policy.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|Cybersecurity risks and controls are evaluated and reviewed regularly by our senior management, including as part of our internal audits that are presented to the Internal Audit Committee of the Board of Directors. Our Board of Directors has ultimate oversight of cybersecurity risk management as part of its general oversight function. Our Board of Directors receives and reviews updates, reports and presentations related to cybersecurity threats and trends as well as to our cybersecurity program.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Cybersecurity risks and controls are evaluated and reviewed regularly by our senior management, including as part of our internal audits that are presented to the Internal Audit Committee of the Board of Directors. Our Board of Directors has ultimate oversight of cybersecurity risk management as part of its general oversight function. Our Board of Directors receives and reviews updates, reports and presentations related to cybersecurity threats and trends as well as to our cybersecurity program.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Cybersecurity risks and controls are evaluated and reviewed regularly by our senior management, including as part of our internal audits that are presented to the Internal Audit Committee of the Board of Directors. Our Board of Directors has ultimate oversight of cybersecurity risk management as part of its general oversight function. Our Board of Directors receives and reviews updates, reports and presentations related to cybersecurity threats and trends as well as to our cybersecurity program.
|Cybersecurity Risk Role of Management [Text Block]
|
Our incident response policy provides guidelines for the handling and reporting of cybersecurity incidents. In the event of a potential cybersecurity incident, our Security Operations Center (SOC) conducts an initial assessment and, depending on the severity of the incident, provides a report regarding the incident to our Corporate VP Information Security. The Corporate VP Information Security then consults with other internal and external parties, depending upon the nature and/or severity of the incident, including members of our Cyber Incident Response Team (CIRT) and our General Counsel. Depending on the assessed potential materiality of an incident, notification may be given to our Chief Financial Officer, Chief Executive Officer, the Chair of the Board’s Internal Audit Committee, and the Chairman of our Board of Directors. Additional guidelines covered under our incident response policy include steps for incident identification, containment, eradication, recovery, and lessons learned activities.
Our Cybersecurity Risk Program is run by our Corporate VP Information Security who reports to our Chief Financial Officer. Our Corporate VP Information Security has significant experience assessing and managing cybersecurity programs and risks and has extensive cybersecurity knowledge. Members of the corporate cybersecurity team are responsible for implementing and maintaining the cybersecurity program and practices for the Company. Other cybersecurity teams and professionals within our Company have the responsibility to implement and maintain cybersecurity processes within their business lines. Such teams and individuals work in coordination with our corporate cybersecurity team and under the guidance of our Corporate VP Information Security. The corporate cybersecurity team works closely with the SOC team, which serves as the central hub for monitoring and responding to security incidents and is trained to support our management in incident related matters.Our management is committed to maintaining a robust cybersecurity program, which includes supplying the necessary resources to sustain the program, including people, tools, processes, procedures, and education. Cybersecurity risks and controls are evaluated and reviewed regularly by our senior management, including as part of our internal audits that are presented to the Internal Audit Committee of the Board of Directors. Our Board of Directors has ultimate oversight of cybersecurity risk management as part of its general oversight function. Our Board of Directors receives and reviews updates, reports and presentations related to cybersecurity threats and trends as well as to our cybersecurity program.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|Our Cybersecurity Risk Program is run by our Corporate VP Information Security who reports to our Chief Financial Officer.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Our Corporate VP Information Security has significant experience assessing and managing cybersecurity programs and risks and has extensive cybersecurity knowledge.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|
Our incident response policy provides guidelines for the handling and reporting of cybersecurity incidents. In the event of a potential cybersecurity incident, our Security Operations Center (SOC) conducts an initial assessment and, depending on the severity of the incident, provides a report regarding the incident to our Corporate VP Information Security. The Corporate VP Information Security then consults with other internal and external parties, depending upon the nature and/or severity of the incident, including members of our Cyber Incident Response Team (CIRT) and our General Counsel. Depending on the assessed potential materiality of an incident, notification may be given to our Chief Financial Officer, Chief Executive Officer, the Chair of the Board’s Internal Audit Committee, and the Chairman of our Board of Directors. Additional guidelines covered under our incident response policy include steps for incident identification, containment, eradication, recovery, and lessons learned activities.
Our Cybersecurity Risk Program is run by our Corporate VP Information Security who reports to our Chief Financial Officer. Our Corporate VP Information Security has significant experience assessing and managing cybersecurity programs and risks and has extensive cybersecurity knowledge. Members of the corporate cybersecurity team are responsible for implementing and maintaining the cybersecurity program and practices for the Company. Other cybersecurity teams and professionals within our Company have the responsibility to implement and maintain cybersecurity processes within their business lines. Such teams and individuals work in coordination with our corporate cybersecurity team and under the guidance of our Corporate VP Information Security. The corporate cybersecurity team works closely with the SOC team, which serves as the central hub for monitoring and responding to security incidents and is trained to support our management in incident related matters.Our management is committed to maintaining a robust cybersecurity program, which includes supplying the necessary resources to sustain the program, including people, tools, processes, procedures, and education. Cybersecurity risks and controls are evaluated and reviewed regularly by our senior management, including as part of our internal audits that are presented to the Internal Audit Committee of the Board of Directors.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef