XML 17 R7.htm IDEA: XBRL DOCUMENT v3.25.0.1
Cybersecurity Risk Management, Strategy and Governance
 12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Item 1C. Cybersecurity

Cybersecurity Risk Management

The Company has systems and processes for identification, assessment, and management of material risks from cybersecurity threats, as such term is defined in Item 106(a) of Regulation S-K. The Company’s multi-faceted approach includes deploying applications and control activities to actively monitor and mitigate potential threats to the Company’s IT environment.

These activities include, but are not limited to, engaging an external third-party to monitor information systems security events, conducting annual security training of employees, testing employees via periodic phishing campaigns, conducting system vulnerability scanning, utilizing a patching program to remediate critical patches, and utilizing an external third-party to perform testing to identify gaps in the Company’s security program. The Company also performs third-party risk management to identify and mitigate risks from third parties such as vendors, suppliers, and other business partners. Additionally, for providers of software-as-a-service and other services that hold Company data, the Company reviews and assesses industry standard certifications such as System and Organization Controls (SOC) 1 or SOC 2 reports and cybersecurity preparedness questionnaires. Mitigation of risk efforts are coordinated by the Company’s Director of Information Security, utilizing internal resources and third-party providers.

The Company has not had any cybersecurity risks that have materially affected the Company, including its business strategy, results of operations, or financial condition. Cybersecurity risks are disclosed in Part I Item 1A. Risk Factors, incorporated herein by reference.

Cybersecurity Governance

Our cybersecurity programs, including the cross-functional management committees responsible for identifying, assessing, and mitigating cybersecurity risks and incidents, are overseen by our Vice President and Chief Information Officer. Day-to-day administration of the cybersecurity programs are led by our Director of Information Security, a direct report to the Vice President and Chief Information Officer. Our Vice President and Chief Information Officer has 27 years of technology leadership experience and a Doctor of Business Administration. Our Director of Information Security has 27 years of experience in infrastructure and security operations and a degree in Information Technology Management. Our Director of Information Security is the chair of the Company’s Information Security Committee. The activities of the Information Security Committee are reviewed by the Executive Information Security Oversight Committee, which is comprised of members of our senior leadership team including our Vice President and Chief Information Officer, Senior Vice President, Chief Financial Officer, Senior Vice President, Chief Legal Officer and Secretary and Senior Vice President, Chief Human Resources Officer. The Executive Information Security Oversight Committee facilitates notification to the Audit Committee of emerging cybersecurity risks, and threats, the status of projects to strengthen the Company’s information security systems, and updates on any cybersecurity incidents.

The Audit Committee of the Board of Directors oversees cybersecurity related risks. Members of the Audit Committee receive the above referenced notifications and updates on a quarterly basis from the Company’s Chief Information Officer as the designated representative of the Executive Information Security Oversight Committee.

Additionally, the Company has a written Information Security Policy and a Cybersecurity Incident Response Plan that provides the above-referenced processes by which such committees are informed of and monitor the prevention, detection, mitigation, and remediation of cybersecurity incidents and material risks from cybersecurity threats.

Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block] The Company has not had any cybersecurity risks that have materially affected the Company, including its business strategy, results of operations, or financial condition.
Cybersecurity Risk Board of Directors Oversight [Text Block]

Cybersecurity Governance

Our cybersecurity programs, including the cross-functional management committees responsible for identifying, assessing, and mitigating cybersecurity risks and incidents, are overseen by our Vice President and Chief Information Officer. Day-to-day administration of the cybersecurity programs are led by our Director of Information Security, a direct report to the Vice President and Chief Information Officer. Our Vice President and Chief Information Officer has 27 years of technology leadership experience and a Doctor of Business Administration. Our Director of Information Security has 27 years of experience in infrastructure and security operations and a degree in Information Technology Management. Our Director of Information Security is the chair of the Company’s Information Security Committee. The activities of the Information Security Committee are reviewed by the Executive Information Security Oversight Committee, which is comprised of members of our senior leadership team including our Vice President and Chief Information Officer, Senior Vice President, Chief Financial Officer, Senior Vice President, Chief Legal Officer and Secretary and Senior Vice President, Chief Human Resources Officer. The Executive Information Security Oversight Committee facilitates notification to the Audit Committee of emerging cybersecurity risks, and threats, the status of projects to strengthen the Company’s information security systems, and updates on any cybersecurity incidents.

The Audit Committee of the Board of Directors oversees cybersecurity related risks. Members of the Audit Committee receive the above referenced notifications and updates on a quarterly basis from the Company’s Chief Information Officer as the designated representative of the Executive Information Security Oversight Committee.

Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] Our cybersecurity programs, including the cross-functional management committees responsible for identifying, assessing, and mitigating cybersecurity risks and incidents, are overseen by our Vice President and Chief Information Officer. Day-to-day administration of the cybersecurity programs are led by our Director of Information Security, a direct report to the Vice President and Chief Information Officer.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] Day-to-day administration of the cybersecurity programs are led by our Director of Information Security, a direct report to the Vice President and Chief Information Officer. Our Vice President and Chief Information Officer has 27 years of technology leadership experience and a Doctor of Business Administration. Our Director of Information Security has 27 years of experience in infrastructure and security operations and a degree in Information Technology Management. Our Director of Information Security is the chair of the Company’s Information Security Committee.
Cybersecurity Risk Role of Management [Text Block]

Cybersecurity Governance

Our cybersecurity programs, including the cross-functional management committees responsible for identifying, assessing, and mitigating cybersecurity risks and incidents, are overseen by our Vice President and Chief Information Officer. Day-to-day administration of the cybersecurity programs are led by our Director of Information Security, a direct report to the Vice President and Chief Information Officer. Our Vice President and Chief Information Officer has 27 years of technology leadership experience and a Doctor of Business Administration. Our Director of Information Security has 27 years of experience in infrastructure and security operations and a degree in Information Technology Management. Our Director of Information Security is the chair of the Company’s Information Security Committee. The activities of the Information Security Committee are reviewed by the Executive Information Security Oversight Committee, which is comprised of members of our senior leadership team including our Vice President and Chief Information Officer, Senior Vice President, Chief Financial Officer, Senior Vice President, Chief Legal Officer and Secretary and Senior Vice President, Chief Human Resources Officer. The Executive Information Security Oversight Committee facilitates notification to the Audit Committee of emerging cybersecurity risks, and threats, the status of projects to strengthen the Company’s information security systems, and updates on any cybersecurity incidents.

Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] The activities of the Information Security Committee are reviewed by the Executive Information Security Oversight Committee, which is comprised of members of our senior leadership team including our Vice President and Chief Information Officer, Senior Vice President, Chief Financial Officer, Senior Vice President, Chief Legal Officer and Secretary and Senior Vice President, Chief Human Resources Officer.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] Vice President and Chief Information Officer has 27 years of technology leadership experience and a Doctor of Business Administration. Our Director of Information Security has 27 years of experience in infrastructure and security operations and a degree in Information Technology Management. Our Director of Information Security is the chair of the Company’s Information Security Committee. The activities of the Information Security Committee are reviewed by the Executive Information Security Oversight Committee, which is comprised of members of our senior leadership team including our Vice President and Chief Information Officer, Senior Vice President, Chief Financial Officer, Senior Vice President, Chief Legal Officer and Secretary and Senior Vice President, Chief Human Resources Officer.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]

The Audit Committee of the Board of Directors oversees cybersecurity related risks. Members of the Audit Committee receive the above referenced notifications and updates on a quarterly basis from the Company’s Chief Information Officer as the designated representative of the Executive Information Security Oversight Committee.

Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true