|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 28, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Infinera has comprehensive and integrated enterprise risk management and cybersecurity risk management programs that use structured, proactive, and continuous processes to identify, understand, assess, mitigate, and report on enterprise and cybersecurity risks in alignment with business objectives. Our risk management program is used to guide and strengthen our cybersecurity posture to engender trust with customers, employees, and stockholders and to help protect the confidentiality, integrity, and availability of our systems and data.
We have established a risk assessment methodology that includes requirements for treatment plans, risk acceptance thresholds, prioritization, and control analysis, as well as likelihood and impact analysis. A risk assessment is performed annually. Treatment plans are monitored and reported to management on a quarterly basis.
Engaging Third Parties
Companies, especially in the technology industry, have been subject to an increasing number of complex cybersecurity risks. Infinera has engaged with a range of external service providers, including consultants, auditors, and cybersecurity service providers, to help Infinera understand, manage, and mitigate cybersecurity risks. These engagements help Infinera drive improvements in its processes, identify new and emerging threats, and respond rapidly to the ever-evolving cybersecurity risk landscape.
Third-Party Risk Management
Infinera has implemented a robust third-party risk management program to identify and manage risks to the confidentiality, availability, and integrity of its systems and data. This includes contractual requirements related to data privacy and confidentiality, contractual commitments of third parties to maintain comprehensive security programs, and code of conduct requirements designed to ensure such third parties act ethically, responsibly, and safely. Infinera has also implemented processes to assess the effectiveness of third-party security programs and adherence to Infinera’s standards prior to engaging with a new service provider and to monitor performance on an ongoing basis.
Cybersecurity Incident Response
Infinera has implemented a cybersecurity incident response plan in line with industry standards. The plan defines roles and responsibilities regarding potential cybersecurity incidents, establishes processes regarding identification, containment, and eradication of, and recovery from, potential cybersecurity incidents and clarifies communication and notification policies regarding such potential cybersecurity incidents. The plan also captures lessons learned to drive continuous improvement. The plan is evaluated, tested, and enhanced through training, table-top exercises, and by engaging with third-party service providers.
As of the date of this report, Infinera has not experienced any cybersecurity incidents it has determined to be material. For additional information regarding whether any risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, have materially affected or are reasonably likely to materially affect our company, including our business strategy, results of operations, or financial condition, please refer to the section titled “Risk Factors” included in Part I, Item 1A of this Annual Report on Form 10-K.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|Infinera has comprehensive and integrated enterprise risk management and cybersecurity risk management programs that use structured, proactive, and continuous processes to identify, understand, assess, mitigate, and report on enterprise and cybersecurity risks in alignment with business objectives. Our risk management program is used to guide and strengthen our cybersecurity posture to engender trust with customers, employees, and stockholders and to help protect the confidentiality, integrity, and availability of our systems and data
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Cybersecurity and risk management are shared responsibilities that apply to the Infinera team across all levels of the organization.
•The Board of Directors conducts informed oversight of our risk management processes. The Audit Committee of the Board of Directors has primary responsibility for oversight of enterprise risk management and cybersecurity risk management. Reports on enterprise and cybersecurity risk, risk treatment plans, and key performance indicators of our cybersecurity program are provided to the Audit Committee by management, including our Chief Information Security Officer (CISO), on a quarterly basis and are provided to the Board of Directors as requested and as part of routine Audit Committee updates to the Board of Directors.
•The Executive Leadership Team (ELT), a cross-functional leadership group that includes our Senior Vice President, Information Systems, is responsible for assessing and managing enterprise risks, including cybersecurity risks. The ELT reviews enterprise and cybersecurity risks, risk treatment plans, and key performance indicators regarding the Company’s enterprise risk and cybersecurity risk management programs quarterly.
•The CISO is responsible for cybersecurity strategy and reporting on cybersecurity risks to the ELT, Audit Committee, and Board of Directors. The CISO collaborates with a cross-functional group of the Company’s business leaders to assess cybersecurity risk, establish and monitor cybersecurity processes, and report program effectiveness. Our CISO has over 25 years of cybersecurity and information technology experience across multiple industries with expertise in governance, risk and compliance, cybersecurity operations and cybersecurity engineering.
•The Cybersecurity Advisory Committee supports cybersecurity risk assessment, advises on program enhancements, and acts as a cybersecurity advocate across the business. The committee is comprised of employees with extensive experience across a diverse range of disciplines.
•All employees are responsible for adherence to the Company’s cybersecurity processes and for remaining vigilant to potential cybersecurity threats. This responsibility is part of our employee commitment to operational excellence and is strengthened by ongoing cybersecurity education, training, and awareness programs.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Board of Directors conducts informed oversight of our risk management processes. The Audit Committee of the Board of Directors has primary responsibility for oversight of enterprise risk management and cybersecurity risk management. Reports on enterprise and cybersecurity risk, risk treatment plans, and key performance indicators of our cybersecurity program are provided to the Audit Committee by management, including our Chief Information Security Officer (CISO), on a quarterly basis and are provided to the Board of Directors as requested and as part of routine Audit Committee updates to the Board of Directors.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
Cybersecurity and risk management are shared responsibilities that apply to the Infinera team across all levels of the organization.
•The Board of Directors conducts informed oversight of our risk management processes. The Audit Committee of the Board of Directors has primary responsibility for oversight of enterprise risk management and cybersecurity risk management. Reports on enterprise and cybersecurity risk, risk treatment plans, and key performance indicators of our cybersecurity program are provided to the Audit Committee by management, including our Chief Information Security Officer (CISO), on a quarterly basis and are provided to the Board of Directors as requested and as part of routine Audit Committee updates to the Board of Directors.
•The Executive Leadership Team (ELT), a cross-functional leadership group that includes our Senior Vice President, Information Systems, is responsible for assessing and managing enterprise risks, including cybersecurity risks. The ELT reviews enterprise and cybersecurity risks, risk treatment plans, and key performance indicators regarding the Company’s enterprise risk and cybersecurity risk management programs quarterly.
•The CISO is responsible for cybersecurity strategy and reporting on cybersecurity risks to the ELT, Audit Committee, and Board of Directors. The CISO collaborates with a cross-functional group of the Company’s business leaders to assess cybersecurity risk, establish and monitor cybersecurity processes, and report program effectiveness. Our CISO has over 25 years of cybersecurity and information technology experience across multiple industries with expertise in governance, risk and compliance, cybersecurity operations and cybersecurity engineering.
•The Cybersecurity Advisory Committee supports cybersecurity risk assessment, advises on program enhancements, and acts as a cybersecurity advocate across the business. The committee is comprised of employees with extensive experience across a diverse range of disciplines.
•All employees are responsible for adherence to the Company’s cybersecurity processes and for remaining vigilant to potential cybersecurity threats. This responsibility is part of our employee commitment to operational excellence and is strengthened by ongoing cybersecurity education, training, and awareness programs.
|Cybersecurity Risk Role of Management [Text Block]
|
Cybersecurity and risk management are shared responsibilities that apply to the Infinera team across all levels of the organization.
•The Board of Directors conducts informed oversight of our risk management processes. The Audit Committee of the Board of Directors has primary responsibility for oversight of enterprise risk management and cybersecurity risk management. Reports on enterprise and cybersecurity risk, risk treatment plans, and key performance indicators of our cybersecurity program are provided to the Audit Committee by management, including our Chief Information Security Officer (CISO), on a quarterly basis and are provided to the Board of Directors as requested and as part of routine Audit Committee updates to the Board of Directors.
•The Executive Leadership Team (ELT), a cross-functional leadership group that includes our Senior Vice President, Information Systems, is responsible for assessing and managing enterprise risks, including cybersecurity risks. The ELT reviews enterprise and cybersecurity risks, risk treatment plans, and key performance indicators regarding the Company’s enterprise risk and cybersecurity risk management programs quarterly.
•The CISO is responsible for cybersecurity strategy and reporting on cybersecurity risks to the ELT, Audit Committee, and Board of Directors. The CISO collaborates with a cross-functional group of the Company’s business leaders to assess cybersecurity risk, establish and monitor cybersecurity processes, and report program effectiveness. Our CISO has over 25 years of cybersecurity and information technology experience across multiple industries with expertise in governance, risk and compliance, cybersecurity operations and cybersecurity engineering.
•The Cybersecurity Advisory Committee supports cybersecurity risk assessment, advises on program enhancements, and acts as a cybersecurity advocate across the business. The committee is comprised of employees with extensive experience across a diverse range of disciplines.
•All employees are responsible for adherence to the Company’s cybersecurity processes and for remaining vigilant to potential cybersecurity threats. This responsibility is part of our employee commitment to operational excellence and is strengthened by ongoing cybersecurity education, training, and awareness programs.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|The Executive Leadership Team (ELT), a cross-functional leadership group that includes our Senior Vice President, Information Systems, is responsible for assessing and managing enterprise risks, including cybersecurity risks. The ELT reviews enterprise and cybersecurity risks, risk treatment plans, and key performance indicators regarding the Company’s enterprise risk and cybersecurity risk management programs quarterly.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Our CISO has over 25 years of cybersecurity and information technology experience across multiple industries with expertise in governance, risk and compliance, cybersecurity operations and cybersecurity engineering.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|The CISO is responsible for cybersecurity strategy and reporting on cybersecurity risks to the ELT, Audit Committee, and Board of Directors.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef