|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Risk Management and Strategy
We have an established security program and framework based on ISO/IEC 27001 (“Security Program”) and maintain ISO/IEC 27001:2013, SOC 1 Type 2, and SOC 2 Type 2 certifications. The Security Program has been established to allow management oversight of cybersecurity risks, institute directives and principles for information security, ensure alignment to regulatory and contractual cybersecurity obligations, and enable timely incident response and remediation.
Our information security team has implemented and continues to maintain various technical, physical, and administrative controls as the foundation of our Security Program, which are designed to help us identify, manage, prevent, and mitigate risks from cybersecurity threats, including, but not limited to, incident detection systems and response plans, vulnerability management tools and processes, risk assessments, disaster recovery and business continuity plans, access controls, asset management, logging and monitoring, security awareness training, and third-party risk management programs.
Our information security team actively monitor and evaluate our networks, systems, data, and security risk profile to identify and assess cybersecurity risks. We use a variety of methods to identify and evaluate these risks using manual and automated tools and processes, including, network scans, vulnerability and maturity assessments, and subscribing to services and reports providing threat intelligence. In doing so, risks are assessed for criticality, prioritized in context of our business, and communicated to stakeholders for engagement as needed.
We use a variety of third-party service providers to support and execute on our Security Program. These third parties provide cybersecurity consulting services, cybersecurity software, penetration testing, audits, and other professional services to aid us in identifying, assessing, and managing risks from cybersecurity threats.
The Security Program is led by our Chief Information Security Officer ("CISO"), who has served in the role since 2023, has over 10 years of experience leading cybersecurity programs in a large, publicly traded, international enterprise, and is a Certified Information Systems Security Professional ("CISSP"). Our Executive Security Steering Committee ("ESSC"), comprised of selected members of leadership, assesses and manages any material risks from cybersecurity threats and manages our Security Program. The CISO and information security team provide regular updates to the ESSC on our Security Program and, in accordance with our security incident response plan, escalate applicable cybersecurity threats or incidents to the ESSC for review and management.
While we have experienced cybersecurity incidents and expect to continue to be subject to such incidents, to date, we have not experienced any cybersecurity incidents that have materially affected our business, financial condition, or results of operations. However, we are subject to ongoing risks from cybersecurity threats that could materially affect us, including our business, financial condition, or results of operations, as further described in Part I, Item 1A, “Risk Factors” of this Annual Report on Form 10-K.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|The Security Program has been established to allow management oversight of cybersecurity risks, institute directives and principles for information security, ensure alignment to regulatory and contractual cybersecurity obligations, and enable timely incident response and remediation.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Our Audit Committee of our board of directors oversees our risk management processes related to cybersecurity risks and is regularly informed of such risks through presentations or reports from our CISO. Through committee reports, the Audit Committee apprises the full board of directors of any significant cybersecurity updates. In addition, our security incident response plan includes reporting certain cybersecurity incidents to our Audit Committee. Finally, our board of directors reviews cybersecurity risks on an annual basis, including discussing with management, our CISO, and members of the ESSC our strategy surrounding prevention, detection, mitigation, and remediation of potential security threats.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
The Security Program is led by our Chief Information Security Officer ("CISO"), who has served in the role since 2023, has over 10 years of experience leading cybersecurity programs in a large, publicly traded, international enterprise, and is a Certified Information Systems Security Professional ("CISSP"). Our Executive Security Steering Committee ("ESSC"), comprised of selected members of leadership, assesses and manages any material risks from cybersecurity threats and manages our Security Program. The CISO and information security team provide regular updates to the ESSC on our Security Program and, in accordance with our security incident response plan, escalate applicable cybersecurity threats or incidents to the ESSC for review and management.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Our Executive Security Steering Committee ("ESSC"), comprised of selected members of leadership, assesses and manages any material risks from cybersecurity threats and manages our Security Program. The CISO and information security team provide regular updates to the ESSC on our Security Program and, in accordance with our security incident response plan, escalate applicable cybersecurity threats or incidents to the ESSC for review and management.
|Cybersecurity Risk Role of Management [Text Block]
|
The Security Program is led by our Chief Information Security Officer ("CISO"), who has served in the role since 2023, has over 10 years of experience leading cybersecurity programs in a large, publicly traded, international enterprise, and is a Certified Information Systems Security Professional ("CISSP"). Our Executive Security Steering Committee ("ESSC"), comprised of selected members of leadership, assesses and manages any material risks from cybersecurity threats and manages our Security Program. The CISO and information security team provide regular updates to the ESSC on our Security Program and, in accordance with our security incident response plan, escalate applicable cybersecurity threats or incidents to the ESSC for review and management.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|
The Security Program is led by our Chief Information Security Officer ("CISO"), who has served in the role since 2023, has over 10 years of experience leading cybersecurity programs in a large, publicly traded, international enterprise, and is a Certified Information Systems Security Professional ("CISSP"). Our Executive Security Steering Committee ("ESSC"), comprised of selected members of leadership, assesses and manages any material risks from cybersecurity threats and manages our Security Program. The CISO and information security team provide regular updates to the ESSC on our Security Program and, in accordance with our security incident response plan, escalate applicable cybersecurity threats or incidents to the ESSC for review and management.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|The Security Program is led by our Chief Information Security Officer ("CISO"), who has served in the role since 2023, has over 10 years of experience leading cybersecurity programs in a large, publicly traded, international enterprise, and is a Certified Information Systems Security Professional ("CISSP").
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|The CISO and information security team provide regular updates to the ESSC on our Security Program and, in accordance with our security incident response plan, escalate applicable cybersecurity threats or incidents to the ESSC for review and management.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef