|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
CYBERSECURITY RISK MANAGEMENT
Sempra, SDG&E and SoCalGas have cybersecurity risk management processes in place that are intended to protect the confidentiality, integrity, and availability of our critical infrastructure, systems and information. These cybersecurity risk management processes include cybersecurity incident response plans that are integrated into each entity’s respective enterprise risk management and emergency management programs.
Our cybersecurity processes are largely designed and assessed based on the National Institute of Standards and Technology Cybersecurity Framework and the DOE’s Cybersecurity Capability Maturity Model standards. This does not imply that we meet any technical standards, specifications, or requirements, only that we use these standards as a guide to help us identify, assess, and manage cybersecurity risks relevant to our business.
Our cybersecurity risk management processes include:
▪risk assessments performed by internal personnel and third-party advisors designed to help identify material cybersecurity risks to our critical systems, information, services, and our broader enterprise information technology environments
▪information security teams principally responsible for developing and implementing (1) cybersecurity risk assessment processes, (2) information security controls, and (3) response plans to cybersecurity incidents
▪the use of external service providers, where appropriate, to assess, test or otherwise assist with aspects of our information security controls
▪cybersecurity awareness training and policies designed to address social engineering attacks targeting employees and contractors
▪cybersecurity incident response plans that include procedures for responding to and reporting, if applicable, certain cybersecurity incidents
▪risk management processes for third-party service providers, suppliers, and vendors
We have not identified risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents, that have materially affected or are reasonably likely to materially affect our results of operations, financial condition, cash flows and/or prospects.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|Sempra, SDG&E and SoCalGas have cybersecurity risk management processes in place that are intended to protect the confidentiality, integrity, and availability of our critical infrastructure, systems and information. These cybersecurity risk management processes include cybersecurity incident response plans that are integrated into each entity’s respective enterprise risk management and emergency management programs.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|Sempra’s, SDG&E’s and SoCalGas’ respective boards of directors consider cybersecurity risk as part of their risk oversight function. The Sempra board of directors has delegated to its SST Committee, which is entirely composed of independent directors under the independence standards established by the NYSE, oversight of cybersecurity and other information and operational technology risks. The SST Committee reports to the Sempra board of directors regarding the Committee’s activities, including those related to cybersecurity. The SST Committee receives briefings on cybersecurity topics from Sempra’s chief information security officer, internal information security staff or external experts in part for continuing education on topics that impact public companies. The SST Committee as well as the SDG&E and SoCalGas boards of directors oversee management’s implementation of our cybersecurity risk management processes and receive regular reports from management on our material cybersecurity risks. In addition, management updates the SST Committee and SDG&E and SoCalGas boards of directors about certain cybersecurity incidents. The SDG&E and SoCalGas boards of directors receive briefings from SDG&E’s and SoCalGas’ chief information officer and internal information security staff. SDG&E’s and SoCalGas’ boards of directors also have safety committees that, at times, may oversee the matters described above on behalf of those companies’ respective boards of directors.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Sempra board of directors has delegated to its SST Committee, which is entirely composed of independent directors under the independence standards established by the NYSE, oversight of cybersecurity and other information and operational technology risks. The SST Committee reports to the Sempra board of directors regarding the Committee’s activities, including those related to cybersecurity. The SST Committee receives briefings on cybersecurity topics from Sempra’s chief information security officer, internal information security staff or external experts in part for continuing education on topics that impact public companies. The SST Committee as well as the SDG&E and SoCalGas boards of directors oversee management’s implementation of our cybersecurity risk management processes and receive regular reports from management on our material cybersecurity risks. In addition, management updates the SST Committee and SDG&E and SoCalGas boards of directors about certain cybersecurity incidents. The SDG&E and SoCalGas boards of directors receive briefings from SDG&E’s and SoCalGas’ chief information officer and internal information security staff. SDG&E’s and SoCalGas’ boards of directors also have safety committees that, at times, may oversee the matters described above on behalf of those companies’ respective boards of directors.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Sempra’s, SDG&E’s and SoCalGas’ respective boards of directors consider cybersecurity risk as part of their risk oversight function. The Sempra board of directors has delegated to its SST Committee, which is entirely composed of independent directors under the independence standards established by the NYSE, oversight of cybersecurity and other information and operational technology risks. The SST Committee reports to the Sempra board of directors regarding the Committee’s activities, including those related to cybersecurity. The SST Committee receives briefings on cybersecurity topics from Sempra’s chief information security officer, internal information security staff or external experts in part for continuing education on topics that impact public companies. The SST Committee as well as the SDG&E and SoCalGas boards of directors oversee management’s implementation of our cybersecurity risk management processes and receive regular reports from management on our material cybersecurity risks. In addition, management updates the SST Committee and SDG&E and SoCalGas boards of directors about certain cybersecurity incidents. The SDG&E and SoCalGas boards of directors receive briefings from SDG&E’s and SoCalGas’ chief information officer and internal information security staff. SDG&E’s and SoCalGas’ boards of directors also have safety committees that, at times, may oversee the matters described above on behalf of those companies’ respective boards of directors.
|Cybersecurity Risk Role of Management [Text Block]
|
Sempra’s, SDG&E’s and SoCalGas’ respective boards of directors consider cybersecurity risk as part of their risk oversight function. The Sempra board of directors has delegated to its SST Committee, which is entirely composed of independent directors under the independence standards established by the NYSE, oversight of cybersecurity and other information and operational technology risks. The SST Committee reports to the Sempra board of directors regarding the Committee’s activities, including those related to cybersecurity. The SST Committee receives briefings on cybersecurity topics from Sempra’s chief information security officer, internal information security staff or external experts in part for continuing education on topics that impact public companies. The SST Committee as well as the SDG&E and SoCalGas boards of directors oversee management’s implementation of our cybersecurity risk management processes and receive regular reports from management on our material cybersecurity risks. In addition, management updates the SST Committee and SDG&E and SoCalGas boards of directors about certain cybersecurity incidents. The SDG&E and SoCalGas boards of directors receive briefings from SDG&E’s and SoCalGas’ chief information officer and internal information security staff. SDG&E’s and SoCalGas’ boards of directors also have safety committees that, at times, may oversee the matters described above on behalf of those companies’ respective boards of directors.
We have formed cybersecurity councils to provide overall corporate oversight for managing material risks from cybersecurity threats. The cybersecurity councils meet regularly to receive updates on cybersecurity developments at Sempra and our consolidated entities from their cybersecurity management teams.
Our cybersecurity management teams supervise efforts designed to prevent, detect, mitigate, and remediate cybersecurity risks and incidents through various means, which may include briefings from internal information security personnel; threat intelligence and other information obtained from governmental, public or private sources, including external consultants engaged by us; and alerts and reports produced by information security tools deployed in the information technology environment. Cybersecurity management also supervises both our internal cybersecurity personnel and our retained external cybersecurity consultants. Sempra’s director of cybersecurity governance & chief information security officer provides additional oversight and support for the operational cybersecurity activities at our consolidated entities.Our cybersecurity materiality assessment teams, which include chief information security officers, chief information officers, chief risk officers, chief accounting officers or chief financial officers, and general counsels, help assess the materiality of certain cybersecurity incidents.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|
We have formed cybersecurity councils to provide overall corporate oversight for managing material risks from cybersecurity threats. The cybersecurity councils meet regularly to receive updates on cybersecurity developments at Sempra and our consolidated entities from their cybersecurity management teams.
Our cybersecurity management teams supervise efforts designed to prevent, detect, mitigate, and remediate cybersecurity risks and incidents through various means, which may include briefings from internal information security personnel; threat intelligence and other information obtained from governmental, public or private sources, including external consultants engaged by us; and alerts and reports produced by information security tools deployed in the information technology environment. Cybersecurity management also supervises both our internal cybersecurity personnel and our retained external cybersecurity consultants. Sempra’s director of cybersecurity governance & chief information security officer provides additional oversight and support for the operational cybersecurity activities at our consolidated entities.
Our cybersecurity materiality assessment teams, which include chief information security officers, chief information officers, chief risk officers, chief accounting officers or chief financial officers, and general counsels, help assess the materiality of certain cybersecurity incidents.
The cybersecurity councils, cybersecurity management teams and materiality assessment teams include members with decades of operational experience as cybersecurity professionals as well as management with decades of service in the areas of information and operational technology and legal, compliance, financial reporting and enterprise risk management. Some of these members hold relevant degrees and certifications that we believe enhance our ability to manage and respond to cybersecurity risks, including, among others, bachelor’s and/or master’s degrees in cybersecurity and computer science as well as certified information systems security professional, certified incident handler, and certified information security manager certifications.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|The cybersecurity councils, cybersecurity management teams and materiality assessment teams include members with decades of operational experience as cybersecurity professionals as well as management with decades of service in the areas of information and operational technology and legal, compliance, financial reporting and enterprise risk management. Some of these members hold relevant degrees and certifications that we believe enhance our ability to manage and respond to cybersecurity risks, including, among others, bachelor’s and/or master’s degrees in cybersecurity and computer science as well as certified information systems security professional, certified incident handler, and certified information security manager certifications
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|
We have formed cybersecurity councils to provide overall corporate oversight for managing material risks from cybersecurity threats. The cybersecurity councils meet regularly to receive updates on cybersecurity developments at Sempra and our consolidated entities from their cybersecurity management teams.
Our cybersecurity management teams supervise efforts designed to prevent, detect, mitigate, and remediate cybersecurity risks and incidents through various means, which may include briefings from internal information security personnel; threat intelligence and other information obtained from governmental, public or private sources, including external consultants engaged by us; and alerts and reports produced by information security tools deployed in the information technology environment. Cybersecurity management also supervises both our internal cybersecurity personnel and our retained external cybersecurity consultants. Sempra’s director of cybersecurity governance & chief information security officer provides additional oversight and support for the operational cybersecurity activities at our consolidated entities.Our cybersecurity materiality assessment teams, which include chief information security officers, chief information officers, chief risk officers, chief accounting officers or chief financial officers, and general counsels, help assess the materiality of certain cybersecurity incidents.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef