XML 49 R33.htm IDEA: XBRL DOCUMENT v3.25.0.1
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Dec. 28, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Risk Management and Strategy

Our information security program covers a wide range of cybersecurity activities, with the primary objective of maintaining the confidentiality, integrity, and availability of information for both our business and customers. The program and our systems are designed to identify and mitigate information security risks and data privacy breaches. Our risk mitigation processes include a cybersecurity incident response plan, which is regularly exercised through tabletop exercises, security awareness training with attack simulations to reinforce the training, cybersecurity risk assessments integrated with technology acquisition processes, and the utilization of third-party partnerships for threat intelligence, incident response and escalation, and attack surface monitoring.

We measure our security performance using the International Organization for Standardization 27001 Framework and Enterprise Risk Management strategies. We implement policies and practices to mitigate risks to organizational data and operational processes.

Our Global Data Privacy Program continues to align with environmental, social, and corporate governance standards, taking into account both the risks and benefits of privacy-driven spending. The program’s operating model is based on the General Data Protection Regulation, adjusted to meet specific local requirements. This scalable model manages strategic, operational, legal, compliance, and financial risks and benefits, and utilizes technology to automate portions of the program, such as data subject access requests and consent and preference management.

Our membership in the Data Privacy Board, a group comprised of some of the world’s largest companies with the mission of engaging in confidential, leader-level discussions, offers opportunities for unbiased benchmarking and support from peers across various industries. We continue to build privacy resilience across international operating environments.

We collaborate with third-party vendors to enhance our processes against unauthorized access to our network, computers, programs, and data. Risk is inherent in risk management and cybersecurity strategy. See “Our operations could be adversely affected if our information technology systems and networks are compromised or targeted by cyberattacks” under Risk Factors in Part I, Item 1A of this report, which we incorporate here by reference.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block]

Our information security program covers a wide range of cybersecurity activities, with the primary objective of maintaining the confidentiality, integrity, and availability of information for both our business and customers. The program and our systems are designed to identify and mitigate information security risks and data privacy breaches. Our risk mitigation processes include a cybersecurity incident response plan, which is regularly exercised through tabletop exercises, security awareness training with attack simulations to reinforce the training, cybersecurity risk assessments integrated with technology acquisition processes, and the utilization of third-party partnerships for threat intelligence, incident response and escalation, and attack surface monitoring.

We measure our security performance using the International Organization for Standardization 27001 Framework and Enterprise Risk Management strategies. We implement policies and practices to mitigate risks to organizational data and operational processes.

Our Global Data Privacy Program continues to align with environmental, social, and corporate governance standards, taking into account both the risks and benefits of privacy-driven spending. The program’s operating model is based on the General Data Protection Regulation, adjusted to meet specific local requirements. This scalable model manages strategic, operational, legal, compliance, and financial risks and benefits, and utilizes technology to automate portions of the program, such as data subject access requests and consent and preference management.

Our membership in the Data Privacy Board, a group comprised of some of the world’s largest companies with the mission of engaging in confidential, leader-level discussions, offers opportunities for unbiased benchmarking and support from peers across various industries. We continue to build privacy resilience across international operating environments.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block]

The Board of Directors has oversight responsibility for cyber risks affecting the Company. The Board has delegated risk oversight of operational, compliance, and financial matters, including cybersecurity and information technology risk, to the Audit Committee.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] Audit Committee
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]

The Board of Directors has oversight responsibility for cyber risks affecting the Company. The Board has delegated risk oversight of operational, compliance, and financial matters, including cybersecurity and information technology risk, to the Audit Committee.
Cybersecurity Risk Role of Management [Text Block]

Our Director of Security has extensive experience implementing and managing cybersecurity policies, including overseeing investments in tools, resources, and processes that enables the continued maturity of our cybersecurity program. Team members supporting our information security program possess relevant educational backgrounds and industry experience. Our CEO, Chief Financial Officer, and Audit Committee receive regular reports from our Director of Security on the Company’s risk and compliance with cybersecurity matters, including data privacy, incidents, industry trends, and the prevention, detection, mitigation, and remediation of cyber incidents.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] CEO, Chief Financial Officer, and Audit Committee
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] Our Director of Security has extensive experience implementing and managing cybersecurity policies, including overseeing investments in tools, resources, and processes that enables the continued maturity of our cybersecurity program. Team members supporting our information security program possess relevant educational backgrounds and industry experience.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] Our risk mitigation processes include a cybersecurity incident response plan, which is regularly exercised through tabletop exercises, security awareness training with attack simulations to reinforce the training, cybersecurity risk assessments integrated with technology acquisition processes, and the utilization of third-party partnerships for threat intelligence, incident response and escalation, and attack surface monitoring.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true