|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Risk Management and Strategy
We have implemented a systematic approach to managing our cybersecurity risks and have adopted a comprehensive set of cybersecurity policies that include best practices based on recognized industry standards and guidelines. These policies provide guidance on roles and responsibilities of key stakeholders and promote awareness. These policies also cover cyber education and training as well as help us to align with applicable laws and regulations to meet our compliance requirements. The primary responsibility for assessing, monitoring and managing our cybersecurity risks rests with our Chief Information Security Officer (CISO) within our GIS organization, who reports to our Chief Technology Officer. The CISO is also responsible for managing the risk assessment and mitigation process. Our CISO has over 10 years of experience serving in various roles in risk management as well as enterprise and cybersecurity, including serving as the project lead and founder of the Open Worldwide Application Security Project (OWASP) flagship project Security Shepherd, a web and mobile application security training program, and leading IBM’s ethical hacking team. He was also a principal security engineer at Axway prior to joining Synchronoss where he served as product security architect and a director of product security prior to accepting the role as our CISO. Our Chief Technology Officer has over 20 years of experience in the telecommunications industry, including serving as our Chief Architect and Senior Software Engineer, during which he oversaw our GIS program, including the governance, risk and compliance management related thereto. We also engage consultants, and other service providers, to help us implement our cybersecurity policies and procedures. These service providers assist us with monitoring security threats and vulnerabilities as well as responding to identified cybersecurity incidents, including prompt escalation and timely communication of major security incidents to senior business leadership and the Audit Committee.
As part of our cybersecurity policies, we conduct risk assessments designed to identify and prioritize potential cybersecurity threats, assess the likelihood and impact of those threats, and develop strategies for mitigating or managing cybersecurity risks. This involves assessing, evaluating and monitoring our vulnerabilities, as well as conducting impact analysis. Additionally, we provide ongoing cybersecurity awareness training to educate employees about the potential cybersecurity threats and how employees can identify potential threats and protect our data.
We have an Information Security Third Party Risk Management Policy, as well as a Vendor Code of Conduct, which contractually requires each third-party service provider accessing our or our customers’ information systems to comply with our information security policies, as well as to meet a minimum set of information security and data privacy and protection standards in connection with their delivery of products and/or services to us. We also engage a third-party service provider to assess our third-party suppliers for potential risks and effectiveness of controls related to information security and data privacy protection that are relevant in the context of their delivery of services.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
All companies utilizing technology are subject to threats of breaches of their cybersecurity programs. To mitigate the threat to our business and address regulatory requirements, we take a comprehensive approach to cybersecurity risk management and have developed and implemented a cybersecurity risk management program intended to protect the confidentiality, integrity, and availability of our critical systems and information. We continue to make significant investments to augment the capabilities of our people, process, and technologies in order to address our cybersecurity risks. Our cybersecurity risks, and the controls designed to mitigate those risks, are integrated into our overall risk management governance within our Global Information Security (GIS) organization. Pursuant to our current policies an update on the operations of the cybersecurity program and the risks and trends in cybersecurity are reviewed, at a minimum, annually by our Board of Directors and periodically by the Audit Committee of our Board of Directors (Audit Committee).
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Our CISO and GIS team meets regularly with our information technology (IT) and cybersecurity service providers and internal teams, such as the Risk Advisory Board (RAB), about our Company’s ongoing compliance and risk management. GIS also drives business continuity and crisis management by coordinating and communicating with all levels of the organization and seeks to ensure that trends and emerging issues that could impact the business are considered and communicated as appropriate. Pursuant to our current policies the GIS team also provides, at the minimum, annual briefings to our Board of Directors and periodic briefings to the Audit Committee regarding our cybersecurity risks and activities, including any recent cybersecurity incidents and related responses, cybersecurity systems testing, and activities of third parties, among other relevant topics. The RAB convenes periodically or as needed to review the cybersecurity risks in the business. The RAB consists of individuals from GIS as well as the Chief Technology Officer.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Our CISO and GIS team meets regularly with our information technology (IT) and cybersecurity service providers and internal teams, such as the Risk Advisory Board (RAB), about our Company’s ongoing compliance and risk management. GIS also drives business continuity and crisis management by coordinating and communicating with all levels of the organization and seeks to ensure that trends and emerging issues that could impact the business are considered and communicated as appropriate.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Pursuant to our current policies the GIS team also provides, at the minimum, annual briefings to our Board of Directors and periodic briefings to the Audit Committee regarding our cybersecurity risks and activities, including any recent cybersecurity incidents and related responses, cybersecurity systems testing, and activities of third parties, among other relevant topics.
|Cybersecurity Risk Role of Management [Text Block]
|
We have implemented a systematic approach to managing our cybersecurity risks and have adopted a comprehensive set of cybersecurity policies that include best practices based on recognized industry standards and guidelines. These policies provide guidance on roles and responsibilities of key stakeholders and promote awareness. These policies also cover cyber education and training as well as help us to align with applicable laws and regulations to meet our compliance requirements. The primary responsibility for assessing, monitoring and managing our cybersecurity risks rests with our Chief Information Security Officer (CISO) within our GIS organization, who reports to our Chief Technology Officer. The CISO is also responsible for managing the risk assessment and mitigation process. Our CISO has over 10 years of experience serving in various roles in risk management as well as enterprise and cybersecurity, including serving as the project lead and founder of the Open Worldwide Application Security Project (OWASP) flagship project Security Shepherd, a web and mobile application security training program, and leading IBM’s ethical hacking team. He was also a principal security engineer at Axway prior to joining Synchronoss where he served as product security architect and a director of product security prior to accepting the role as our CISO. Our Chief Technology Officer has over 20 years of experience in the telecommunications industry, including serving as our Chief Architect and Senior Software Engineer, during which he oversaw our GIS program, including the governance, risk and compliance management related thereto. We also engage consultants, and other service providers, to help us implement our cybersecurity policies and procedures. These service providers assist us with monitoring security threats and vulnerabilities as well as responding to identified cybersecurity incidents, including prompt escalation and timely communication of major security incidents to senior business leadership and the Audit Committee.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|The primary responsibility for assessing, monitoring and managing our cybersecurity risks rests with our Chief Information Security Officer (CISO) within our GIS organization, who reports to our Chief Technology Officer. The CISO is also responsible for managing the risk assessment and mitigation process.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Our CISO has over 10 years of experience serving in various roles in risk management as well as enterprise and cybersecurity, including serving as the project lead and founder of the Open Worldwide Application Security Project (OWASP) flagship project Security Shepherd, a web and mobile application security training program, and leading IBM’s ethical hacking team. He was also a principal security engineer at Axway prior to joining Synchronoss where he served as product security architect and a director of product security prior to accepting the role as our CISO. Our Chief Technology Officer has over 20 years of experience in the telecommunications industry, including serving as our Chief Architect and Senior Software Engineer, during which he oversaw our GIS program, including the governance, risk and compliance management related thereto.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|We also engage consultants, and other service providers, to help us implement our cybersecurity policies and procedures. These service providers assist us with monitoring security threats and vulnerabilities as well as responding to identified cybersecurity incidents, including prompt escalation and timely communication of major security incidents to senior business leadership and the Audit Committee.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef