|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Jan. 31, 2025
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Our cybersecurity risk management program is informed by recognized industry standards and frameworks and incorporates elements of the same, including elements of the National Institute of Standards and Technology Cybersecurity Framework and The Health Information Trust Alliance (HITRUST) Common Security Framework. Additionally, we are certified as a PCI-DSS Level 1 Service Provider. The Company’s cybersecurity program utilizes a cross functional, multilayered defense-in-depth approach designed to: (i) identify, prevent and mitigate cybersecurity threats to the Company; (ii) preserve the confidentiality, security and availability of the information that we collect and store; (iii) protect the Company’s intellectual property; (iv) maintain the confidence of our customers, clients and business partners; and (v) provide appropriate public disclosure and required notices of cybersecurity risks and incidents when required.
Our cybersecurity program includes safeguards that are designed to protect the Company’s information systems from cybersecurity threats. Such safeguards include firewalls, automated intrusion detection systems, anti-malware functionality and access controls, which are evaluated and improved through periodic vulnerability assessments and ongoing cybersecurity threat intelligence. We have established and maintain an incident response plan that addresses the Company’s response to and recovery from a cybersecurity incident. The incident response plan is tested and evaluated on an annual basis.
The Company’s cybersecurity program is supported by engagement of third-party service providers who help identify, assess and respond to cybersecurity risks. For example, the Company regularly engages third parties to perform and facilitate assessments on our cybersecurity measures, including information security maturity assessments, audits, tabletop exercises, threat modeling and independent reviews of our information security control environment and operating effectiveness. The results of such assessments, audits and reviews are reported to leadership, the Audit Committee, and/or the Board, as appropriate, and the Company adjusts its cybersecurity policies, standards, processes and practices as appropriate based on the information provided by the assessments, audits and reviews.
As part of our cybersecurity risk management program, we maintain a risk-based approach to identifying and overseeing cybersecurity risks presented by third parties, including vendors, service providers and other external users of the Company’s systems, as well as the systems of third parties that could adversely impact our business. Further, all personnel are required to undergo cybersecurity training during onboarding and, thereafter, on an annual basis to reinforce the Company’s information security policies, standards and practices.We have not identified any cybersecurity incidents or threats that have materially affected us or are reasonably likely to materially affect us, including our business strategy, results of operations, or financial condition. However, like other companies in our industry, we and our third-party vendors have experienced and will likely experience threats and security incidents that could affect our information or systems. See Item 1A “Risk Factors” in this Annual Report on Form 10-K for more information.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
Our cybersecurity risk management program is informed by recognized industry standards and frameworks and incorporates elements of the same, including elements of the National Institute of Standards and Technology Cybersecurity Framework and The Health Information Trust Alliance (HITRUST) Common Security Framework. Additionally, we are certified as a PCI-DSS Level 1 Service Provider. The Company’s cybersecurity program utilizes a cross functional, multilayered defense-in-depth approach designed to: (i) identify, prevent and mitigate cybersecurity threats to the Company; (ii) preserve the confidentiality, security and availability of the information that we collect and store; (iii) protect the Company’s intellectual property; (iv) maintain the confidence of our customers, clients and business partners; and (v) provide appropriate public disclosure and required notices of cybersecurity risks and incidents when required.Our cybersecurity program includes safeguards that are designed to protect the Company’s information systems from cybersecurity threats. Such safeguards include firewalls, automated intrusion detection systems, anti-malware functionality and access controls, which are evaluated and improved through periodic vulnerability assessments and ongoing cybersecurity threat intelligence. We have established and maintain an incident response plan that addresses the Company’s response to and recovery from a cybersecurity incident. The incident response plan is tested and evaluated on an annual basis.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|The Company’s Board of Directors (the “Board”) maintains oversight responsibility over the Company’s enterprise risk management (“ERM”) program, which incorporates the Company’s cybersecurity risk management program.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Board’s oversight of cybersecurity risk management is supported by the Audit Committee of the Board (the “Audit Committee”), which regularly interacts with the Company’s ERM function, the Company’s Chief Technology Officer, along with other members of management including the Chief Information Security Officer, the Chief Privacy Officer, and the compliance, audit, and risk teams.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Board’s oversight of cybersecurity risk management is supported by the Audit Committee of the Board (the “Audit Committee”), which regularly interacts with the Company’s ERM function, the Company’s Chief Technology Officer, along with other members of management including the Chief Information Security Officer, the Chief Privacy Officer, and the compliance, audit, and risk teams.
The Board and the Audit Committee each receive quarterly presentations and reports from the Company’s Chief Technology Officer and/or General Counsel on cybersecurity risks, which address a wide range of topics including, among others, recent developments, evolving standards, vulnerability assessments, third-party and independent reviews, the threat environment, technological trends and information security considerations arising with respect to the Company’s peers and third party service providers. The Board and the Audit Committee also receive prompt and timely information regarding any cybersecurity incident that meets established reporting thresholds under the Company’s incident response plan.
|Cybersecurity Risk Role of Management [Text Block]
|The Board’s oversight of cybersecurity risk management is supported by the Audit Committee of the Board (the “Audit Committee”), which regularly interacts with the Company’s ERM function, the Company’s Chief Technology Officer, along with other members of management including the Chief Information Security Officer, the Chief Privacy Officer, and the compliance, audit, and risk teams.
The Company’s Chief Information Security Officer is principally responsible for day-to-day management of the Company’s cybersecurity risk management program and reports to the Chief Technology Officer. The Chief Information Security Officer has more than 15 years of cybersecurity experience, including leadership roles at four publicly traded companies. He is a Certified Information Systems Security Professional, holds a M.S. in Security Technologies from the University of Minnesota and is an alumnus of the FBI Citizen’s Academy. The Chief Technology Officer has served in various leadership roles in information technology and information security at the Company for over 14 years and holds a B.S. in computer science from Worcester Polytechnic Institute. The Chief Technology Officer reports directly to the Chief Executive Officer and works in coordination with the other members of the leadership team, which includes our General Counsel, Chief Operating Officer, and Chief Financial Officer. The Chief Technology Officer oversees a team of security professionals, which is led by the Chief Information
Security Officer. The security team includes approximately 36 security professionals, 25 of whom are security engineers. Other members of the team oversee and manage identity, risk, compliance and audit functions.
The Board and the Audit Committee each receive quarterly presentations and reports from the Company’s Chief Technology Officer and/or General Counsel on cybersecurity risks, which address a wide range of topics including, among others, recent developments, evolving standards, vulnerability assessments, third-party and independent reviews, the threat environment, technological trends and information security considerations arising with respect to the Company’s peers and third party service providers. The Board and the Audit Committee also receive prompt and timely information regarding any cybersecurity incident that meets established reporting thresholds under the Company’s incident response plan.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|
The Company’s Chief Information Security Officer is principally responsible for day-to-day management of the Company’s cybersecurity risk management program and reports to the Chief Technology Officer. The Chief Information Security Officer has more than 15 years of cybersecurity experience, including leadership roles at four publicly traded companies. He is a Certified Information Systems Security Professional, holds a M.S. in Security Technologies from the University of Minnesota and is an alumnus of the FBI Citizen’s Academy. The Chief Technology Officer has served in various leadership roles in information technology and information security at the Company for over 14 years and holds a B.S. in computer science from Worcester Polytechnic Institute. The Chief Technology Officer reports directly to the Chief Executive Officer and works in coordination with the other members of the leadership team, which includes our General Counsel, Chief Operating Officer, and Chief Financial Officer. The Chief Technology Officer oversees a team of security professionals, which is led by the Chief Information
Security Officer. The security team includes approximately 36 security professionals, 25 of whom are security engineers. Other members of the team oversee and manage identity, risk, compliance and audit functions.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|The Chief Information Security Officer has more than 15 years of cybersecurity experience, including leadership roles at four publicly traded companies.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|
The Board and the Audit Committee each receive quarterly presentations and reports from the Company’s Chief Technology Officer and/or General Counsel on cybersecurity risks, which address a wide range of topics including, among others, recent developments, evolving standards, vulnerability assessments, third-party and independent reviews, the threat environment, technological trends and information security considerations arising with respect to the Company’s peers and third party service providers. The Board and the Audit Committee also receive prompt and timely information regarding any cybersecurity incident that meets established reporting thresholds under the Company’s incident response plan.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef