|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
We have implemented a number of technical and organizational safeguards designed to manage our risks from cybersecurity threats and to protect against, detect and prepare to respond to cybersecurity incidents. These include employee training, incident response capability reviews and exercises, cybersecurity insurance and business continuity mechanisms. Additionally, we engage a third-party cybersecurity firm to assist with security features such as network and endpoint monitoring, cloud system monitoring and assessment of our incident response procedures.
Our incident response plan coordinates the activities that we and our third-party cybersecurity provider take to prepare, to respond and to recover from cybersecurity incidents. We have processes designed to triage, assess severity, investigate, escalate, contain and remediate an incident. We also have processes to comply with potentially applicable legal obligations and mitigate brand and reputational damage. As part of the above processes, we engage with consultants to review our cybersecurity program to help identify areas for continued focus, improvement, and compliance.
We have adopted cybersecurity control principles based on the National Institute of Standards and Technology Cybersecurity Framework (NIST), the Center for Internet Security (CIS) and ISO 27001. Further, our cybersecurity controls are designed to comply with applicable laws concerning protection of private information, including the EU General Data Protection Regulation (GDPR), Brazil’s Lei General de Proteção de Dados Pessoais (LGPD) and the California Consumer Privacy Act of 2018 (CCPA).
Our processes include assessing cybersecurity risks associated with our use of third-party service providers in the normal course of business, including those in our supply chain or who have access to our customer and employee data or our systems. Additionally, we assess cybersecurity considerations in the selection and oversight of our third-party service providers, including due diligence on the third parties that have access to our systems and facilities that house systems and data.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
We have implemented a number of technical and organizational safeguards designed to manage our risks from cybersecurity threats and to protect against, detect and prepare to respond to cybersecurity incidents. These include employee training, incident response capability reviews and exercises, cybersecurity insurance and business continuity mechanisms. Additionally, we engage a third-party cybersecurity firm to assist with security features such as network and endpoint monitoring, cloud system monitoring and assessment of our incident response procedures.
Our incident response plan coordinates the activities that we and our third-party cybersecurity provider take to prepare, to respond and to recover from cybersecurity incidents. We have processes designed to triage, assess severity, investigate, escalate, contain and remediate an incident. We also have processes to comply with potentially applicable legal obligations and mitigate brand and reputational damage. As part of the above processes, we engage with consultants to review our cybersecurity program to help identify areas for continued focus, improvement, and compliance.
We have adopted cybersecurity control principles based on the National Institute of Standards and Technology Cybersecurity Framework (NIST), the Center for Internet Security (CIS) and ISO 27001. Further, our cybersecurity controls are designed to comply with applicable laws concerning protection of private information, including the EU General Data Protection Regulation (GDPR), Brazil’s Lei General de Proteção de Dados Pessoais (LGPD) and the California Consumer Privacy Act of 2018 (CCPA).
Our processes include assessing cybersecurity risks associated with our use of third-party service providers in the normal course of business, including those in our supply chain or who have access to our customer and employee data or our systems. Additionally, we assess cybersecurity considerations in the selection and oversight of our third-party service providers, including due diligence on the third parties that have access to our systems and facilities that house systems and data.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|Our Board of Directors (the "Board") is responsible for overseeing our enterprise risk management activities in general, and each of our Board committees assists the Board in the role of risk oversight.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
The Company’s Global Director, Information Security (Security Director) directs the Company’s cybersecurity team. He reports to the Company’s Global Director of Information Technologies (IT Director), who reports to the Chief Executive Officer of the Company. The Security Director is responsible for assessing and managing the Company’s cyber risk management program, informing senior management, as appropriate, regarding the prevention, detection, mitigation and remediation of cybersecurity incidents and supervising such efforts generally by the cybersecurity team. Our Security Director is a Certified Information Systems Security Professional (CISSP) and has over 20 years of experience in cybersecurity in a broad range of industries. Our IT Director has a master’s degree in information systems and has prior experience managing global security efforts. Our Security Director manages a team of cybersecurity professionals with relevant experience and expertise, including in cybersecurity threat assessments and detection, mitigation technologies, cybersecurity training, incident response, cyber forensics, insider threats and regulatory compliance.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
The Company’s Global Director, Information Security (Security Director) directs the Company’s cybersecurity team. He reports to the Company’s Global Director of Information Technologies (IT Director), who reports to the Chief Executive Officer of the Company. The Security Director is responsible for assessing and managing the Company’s cyber risk management program, informing senior management, as appropriate, regarding the prevention, detection, mitigation and remediation of cybersecurity incidents and supervising such efforts generally by the cybersecurity team. Our Security Director is a Certified Information Systems Security Professional (CISSP) and has over 20 years of experience in cybersecurity in a broad range of industries. Our IT Director has a master’s degree in information systems and has prior experience managing global security efforts. Our Security Director manages a team of cybersecurity professionals with relevant experience and expertise, including in cybersecurity threat assessments and detection, mitigation technologies, cybersecurity training, incident response, cyber forensics, insider threats and regulatory compliance.
|Cybersecurity Risk Role of Management [Text Block]
|
The Company’s Global Director, Information Security (Security Director) directs the Company’s cybersecurity team. He reports to the Company’s Global Director of Information Technologies (IT Director), who reports to the Chief Executive Officer of the Company. The Security Director is responsible for assessing and managing the Company’s cyber risk management program, informing senior management, as appropriate, regarding the prevention, detection, mitigation and remediation of cybersecurity incidents and supervising such efforts generally by the cybersecurity team. Our Security Director is a Certified Information Systems Security Professional (CISSP) and has over 20 years of experience in cybersecurity in a broad range of industries. Our IT Director has a master’s degree in information systems and has prior experience managing global security efforts. Our Security Director manages a team of cybersecurity professionals with relevant experience and expertise, including in cybersecurity threat assessments and detection, mitigation technologies, cybersecurity training, incident response, cyber forensics, insider threats and regulatory compliance.
In addition, the Company’s IT Steering Committee (ITSC) considers, among other IT matters, risks relating to cybersecurity and applicable mitigation plans to address such risks. The ITSC is comprised of certain members of the Company’s senior management. The IT Director and Security Director attend each ITSC meeting. The ITSC generally meets quarterly during the year with the IT Director and Security Director to review risk mitigation activities as well as updated status of global security operations and metrics, including the prevention, detection, mitigation and remediation of cyber incidents. The IT Director, Security Director and ITSC monitor the prevention, mitigation, detection and remediation of cybersecurity incidents through their management of, and participation in the cybersecurity risk management and strategy processes, including the operation of the Company’s incident response plan. The Company has an established process led by our Security Director governing our assessment, response and notifications internally and externally upon the occurrence of a cybersecurity incident.
Our Board of Directors (the "Board") is responsible for overseeing our enterprise risk management activities in general, and each of our Board committees assists the Board in the role of risk oversight. The full Board receives an update on the Company’s risks, risk management process and the risk trends related to cybersecurity at least annually, which includes a
review of key performance indicators, recent threats and the Company’s management of such threats. The Audit Committee specifically assists the Board in its oversight of risks related to cybersecurity. The Security Director and IT Director brief the Audit Committee on information security and cybersecurity annually and as necessary in response to certain incidents.
Although risks from cybersecurity incidents and threats have to date not materially impacted us, our business strategy, results of operations or financial condition, we have from time to time and will continue to experience threats to and security incidents related to our and our third party vendors’ data and systems. For more information, please see “Item 1A, Risk Factors.”
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|The Company’s Global Director, Information Security (Security Director) directs the Company’s cybersecurity team. He reports to the Company’s Global Director of Information Technologies (IT Director), who reports to the Chief Executive Officer of the Company. The Security Director is responsible for assessing and managing the Company’s cyber risk management program, informing senior management, as appropriate, regarding the prevention, detection, mitigation and remediation of cybersecurity incidents and supervising such efforts generally by the cybersecurity team. Our Security Director is a Certified Information Systems Security Professional (CISSP) and has over 20 years of experience in cybersecurity in a broad range of industries
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Our Board of Directors (the "Board") is responsible for overseeing our enterprise risk management activities in general, and each of our Board committees assists the Board in the role of risk oversight.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|The Company’s Global Director, Information Security (Security Director) directs the Company’s cybersecurity team. He reports to the Company’s Global Director of Information Technologies (IT Director), who reports to the Chief Executive Officer of the Company. The Security Director is responsible for assessing and managing the Company’s cyber risk management program, informing senior management, as appropriate, regarding the prevention, detection, mitigation and remediation of cybersecurity incidents and supervising such efforts generally by the cybersecurity team. Our Security Director is a Certified Information Systems Security Professional (CISSP) and has over 20 years of experience in cybersecurity in a broad range of industries.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef