|
Cybersecurity Risk Management, Strategy and Governance
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
ITEM 1C. CYBERSECURITY
Risk Management and Strategy
We are committed to our goal to protect sensitive business-related and personal information, as well as our information systems. We are subject to numerous and evolving cybersecurity risks that could adversely and materially affect our business, financial conditions and results of operations.
We have implemented a cybersecurity risk management program based on the National Institute of Standards and Technology (NIST) Cybersecurity Framework to assess, identify and manage cybersecurity risk that may result in material adverse effects on the confidentiality, integrity and availability of our business and information systems.
Our program includes regular risk assessments, penetration testing performed by the internal team and independent third parties, patch management, and vulnerability scanning to identify potential threats and vulnerabilities. We have also implemented a robust security awareness program that includes regular phishing tests and requires employees to undergo annual security awareness training. Our cybersecurity strategy is focused on establishing the zero-trust security model to protect our information assets' confidentiality, integrity, and availability. We also have an incident response process and various incident response plans that are designed to provide timely and effective actions in the event of a cybersecurity incident. Our incident response plan includes procedures for determining the root cause and impacts of the incident, containment actions to mitigate the impacts, and notifying affected parties.
With respect to third-party service providers, we perform information security assessments and due diligence reviews prior to entering into a contractual agreement.
Despite our efforts, we recognize that no system is completely secure, and our main material cybersecurity risks are related to ransomware attacks, phishing attacks, insider threats, and third-party attacks. We monitor our systems against these risks and adjust our cybersecurity strategy accordingly. Our IT systems have been, and will likely continue to be, subject to computer viruses or other malicious codes, unauthorized access attempts, phishing, and other cyber-incidents, none of which, to Domtar's knowledge, have had a material impact on its business information systems or operations. While we cannot guarantee that our security efforts will prevent breaches or breakdowns to our IT systems or those of our third-party providers, we have a robust disaster recovery process that is exercised annually. For more information about cybersecurity risks, see the Risk factors discussion in Item 1A of this Form 10-K.
Governance
Our Management Leadership Team reviews cybersecurity risks as part of their oversight and execution of the Company’s business operations and strategy. The Company’s Management Board, with the support of its committees, oversees risk management to ensure that the processes designed, implemented and maintained by our executives are functioning as intended and adapted when necessary to respond to changes in our Company’s strategy as well as emerging risks. We have established oversight mechanisms intended to provide effective cybersecurity governance, risk management, and timely incident response.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Our Management Leadership Team reviews cybersecurity risks as part of their oversight and execution of the Company’s business operations and strategy. The Company’s Management Board, with the support of its committees, oversees risk management to ensure that the processes designed, implemented and maintained by our executives are functioning as intended and adapted when necessary to respond to changes in our Company’s strategy as well as emerging risks. We have established oversight mechanisms intended to provide effective cybersecurity governance, risk management, and timely incident response.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Company’s Management Board, with the support of its committees, oversees risk management to ensure that the processes designed, implemented and maintained by our executives are functioning as intended and adapted when necessary to respond to changes in our Company’s strategy as well as emerging risks.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Company’s Management Board, with the support of its committees, oversees risk management to ensure that the processes designed, implemented and maintained by our executives are functioning as intended and adapted when necessary to respond to changes in our Company’s strategy as well as emerging risks.
|Cybersecurity Risk Role of Management [Text Block]
|Our Management Leadership Team reviews cybersecurity risks as part of their oversight and execution of the Company’s business operations and strategy.
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef