|
Cybersecurity Risk Management, Strategy, and Governance
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Item 1C. Cybersecurity
The Company maintains a cybersecurity risk management program designed to identify, assess, manage, mitigate, and respond to cybersecurity threats. The program is integrated within the Company’s enterprise risk management framework and addresses both the corporate information technology environment and the external ecosystem.
The underlying controls of the cybersecurity risk management program are based on recognized best practices and standards for cybersecurity and information technology. The Company has a third party perform an annual assessment of the Company’s cybersecurity risk management program. The Company has a Cyber Security Operations Center monitoring our global cybersecurity environment and coordinates investigations and remediation of alerts. We are enhancing our programs for staging incident response drills to prepare support teams for a significant incident. The cybersecurity risk management program includes administrative, physical, and technical controls.
Our VP, Head of Information Technology is the Company’s designated Chief Information Security Officer (CISO) and is responsible for developing and implementing the cybersecurity risk management program, including and reporting on cybersecurity matters to the Board. The VP, Head of Information Technology has over twenty years of experience leading cybersecurity oversight. Additionally, members of the IT security team have cybersecurity experience and/or certifications, such as the Certified Information Systems Security Professional and Certified Information Systems Audit credential. The Company views cybersecurity as a shared responsibility across our management team and plans to periodically perform simulations and tabletop exercises at a management level and incorporate external resources and advisors as needed. All employees are required to complete cybersecurity training at least once annually and have access to more frequent cybersecurity training through online and live events. We also require employees in certain roles to complete additional role-based, specialized cybersecurity training that is documented in our quality management system. Employees outside of our corporate information security organization also have a role in our cybersecurity defenses and they are immersed in a corporate culture supportive of security, which we believe improves our cybersecurity.
Our Chief Information Security Officer is responsible for continuously monitoring and assessing the Company’s cybersecurity risk management program, informing senior management regarding the prevention, detection, mitigation, and remediation of cybersecurity incidents, and supervising such efforts. The cybersecurity team collectively has decades of experience selecting, deploying, and operating cybersecurity technologies, initiatives, and processes around the world, and relies on threat intelligence as well as information obtained from governmental, public, and private sources, including external consultants engaged by the Company on a real time basis. The Company is continuously enhancing its processes for oversight of third-party vendors, including appropriate due diligence for new providers and continuous monitoring, including ongoing direct contact with vendor personnel. Third-party vendors are re-evaluated at regular intervals as part of our supplier qualification process.
The Audit Committee, in addition to the Company’s Chief Financial Officer, General Counsel and Chief Compliance Officer, oversees the Company’s cybersecurity risk exposures and the steps taken by management to monitor and mitigate cybersecurity risks. The cybersecurity team briefs the Audit Committee, Chief Financial Officer, General Counsel and Chief Compliance Officer on the effectiveness of the Company’s cyber risk management program, generally on a quarterly basis. In addition, cybersecurity risks will be reviewed by the Board of Directors, at least annually, as part of the Company’s corporate risk mapping exercise.
We have not experienced any material cybersecurity incidents to date, and, by default, we believe no cybersecurity events have occurred that have materially affected the Company or its business strategy, results of operations or financial condition. We continue to invest in cybersecurity and the resilience of our infrastructure and the enhancement of our internal controls and processes, which are designed to help protect our systems and data, and the information they contain. For more information regarding the risks we face from cybersecurity threats, please see “Risk Factors.”
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|The Company maintains a cybersecurity risk management program designed to identify, assess, manage, mitigate, and respond to cybersecurity threats. The program is integrated within the Company’s enterprise risk management framework and addresses both the corporate information technology environment and the external ecosystem
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Our Chief Information Security Officer is responsible for continuously monitoring and assessing the Company’s cybersecurity risk management program, informing senior management regarding the prevention, detection, mitigation, and remediation of cybersecurity incidents, and supervising such efforts. The cybersecurity team collectively has decades of experience selecting, deploying, and operating cybersecurity technologies, initiatives, and processes around the world, and relies on threat intelligence as well as information obtained from governmental, public, and private sources, including external consultants engaged by the Company on a real time basis. The Company is continuously enhancing its processes for oversight of third-party vendors, including appropriate due diligence for new providers and continuous monitoring, including ongoing direct contact with vendor personnel. Third-party vendors are re-evaluated at regular intervals as part of our supplier qualification process.
The Audit Committee, in addition to the Company’s Chief Financial Officer, General Counsel and Chief Compliance Officer, oversees the Company’s cybersecurity risk exposures and the steps taken by management to monitor and mitigate cybersecurity risks. The cybersecurity team briefs the Audit Committee, Chief Financial Officer, General Counsel and Chief Compliance Officer on the effectiveness of the Company’s cyber risk management program, generally on a quarterly basis. In addition, cybersecurity risks will be reviewed by the Board of Directors, at least annually, as part of the Company’s corporate risk mapping exercise.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Our Chief Information Security Officer is responsible for continuously monitoring and assessing the Company’s cybersecurity risk management program, informing senior management regarding the prevention, detection, mitigation, and remediation of cybersecurity incidents, and supervising such efforts.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Company is continuously enhancing its processes for oversight of third-party vendors, including appropriate due diligence for new providers and continuous monitoring, including ongoing direct contact with vendor personnel. Third-party vendors are re-evaluated at regular intervals as part of our supplier qualification process.
|Cybersecurity Risk Role of Management [Text Block]
|
The underlying controls of the cybersecurity risk management program are based on recognized best practices and standards for cybersecurity and information technology. The Company has a third party perform an annual assessment of the Company’s cybersecurity risk management program. The Company has a Cyber Security Operations Center monitoring our global cybersecurity environment and coordinates investigations and remediation of alerts. We are enhancing our programs for staging incident response drills to prepare support teams for a significant incident. The cybersecurity risk management program includes administrative, physical, and technical controls.
Our VP, Head of Information Technology is the Company’s designated Chief Information Security Officer (CISO) and is responsible for developing and implementing the cybersecurity risk management program, including and reporting on cybersecurity matters to the Board. The VP, Head of Information Technology has over twenty years of experience leading cybersecurity oversight. Additionally, members of the IT security team have cybersecurity experience and/or certifications, such as the Certified Information Systems Security Professional and Certified Information Systems Audit credential. The Company views cybersecurity as a shared responsibility across our management team and plans to periodically perform simulations and tabletop exercises at a management level and incorporate external resources and advisors as needed. All employees are required to complete cybersecurity training at least once annually and have access to more frequent cybersecurity training through online and live events. We also require employees in certain roles to complete additional role-based, specialized cybersecurity training that is documented in our quality management system. Employees outside of our corporate information security organization also have a role in our cybersecurity defenses and they are immersed in a corporate culture supportive of security, which we believe improves our cybersecurity.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|The Audit Committee, in addition to the Company’s Chief Financial Officer, General Counsel and Chief Compliance Officer, oversees the Company’s cybersecurity risk exposures and the steps taken by management to monitor and mitigate cybersecurity risks. The cybersecurity team briefs the Audit Committee, Chief Financial Officer, General Counsel and Chief Compliance Officer on the effectiveness of the Company’s cyber risk management program, generally on a quarterly basis.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|The VP, Head of Information Technology has over twenty years of experience leading cybersecurity oversight. Additionally, members of the IT security team have cybersecurity experience and/or certifications, such as the Certified Information Systems Security Professional and Certified Information Systems Audit credential.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|Our VP, Head of Information Technology is the Company’s designated Chief Information Security Officer (CISO) and is responsible for developing and implementing the cybersecurity risk management program, including and reporting on cybersecurity matters to the Board. The VP, Head of Information Technology has over twenty years of experience leading cybersecurity oversight. Additionally, members of the IT security team have cybersecurity experience and/or certifications, such as the Certified Information Systems Security Professional and Certified Information Systems Audit credential. The Company views cybersecurity as a shared responsibility across our management team and plans to periodically perform simulations and tabletop exercises at a management level and incorporate external resources and advisors as needed.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef