|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Jan. 31, 2025
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
We have implemented the Three Lines of Defense Model as the foundation of our risk management approach. Our information security team serves as a First Line, working with our Enterprise Risk Management & Compliance functions as a Second Line, and our Internal Audit function as the Third Line.
Cybersecurity is integrated into our operations, including through team member engagement, technology infrastructure, data fabric, and product development. Due to the sensitive nature of our customers’ data that we hold, we have a heightened focus on data security and protection. We maintain administrative, technical, and physical safeguards designed to protect confidential data. Our security team seeks to identify security risks by working with state and federal law enforcement, security information-sharing organizations, and 24/7 system surveillance through internal and external detection and response teams. Additionally, to help ensure our approach to customer privacy and security is effective and in line with industry standards, we publish Service and SOC 2 attestation reports on our risk management standards established by the Statement on Standards for Attestation Engagements 18.
We regularly engage external and internal assessors and auditors to evaluate and audit our cybersecurity policies, procedures, standards, and practices. Results from these assessments are shared with management for remediation and with the Cybersecurity and Technology Committee of our board of directors on a regular basis. We have obtained, or are working toward obtaining, industry certifications and attestations and have aligned our cybersecurity program with the NIST Cybersecurity Framework and related controls.
As part of our Third Party Risk Management program, we perform initial risk assessments prior to engaging third-party service providers and ongoing risk assessments annually thereafter, which follow an established process designed to identify, assess, and periodically review our exposure to risk through our partners.During the fiscal year ended January 31, 2025, no known cybersecurity threats materially affected, or we believe are reasonably likely to materially affect, our business, our business strategy, financial reporting, or results of operations.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|Cybersecurity is integrated into our operations, including through team member engagement, technology infrastructure, data fabric, and product development.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
The Cybersecurity and Technology Committee of our board of directors provides oversight of the Company’s cybersecurity threat landscape, risks and data security programs, and the Company’s management and mitigation of cybersecurity risks and potential breach incidents. The Audit and Risk Committee of our board of directors provides an additional layer of cybersecurity oversight, as it provides oversight of the Company’s enterprise risk management program, which includes management of cybersecurity risks and the potential fraud and privacy risks that could arise from a cybersecurity incident.
The Chief Security Officer ("CSO") and his delegates meet with the Cybersecurity and Technology Committee at least quarterly to, among other items, review any cybersecurity incidents, review key risks and metrics on the Company’s cybersecurity program and related risk management programs, and discuss the Company’s cybersecurity programs and goals. The Cybersecurity and Technology Committee also participates in cybersecurity tabletop exercises with management and receives training on cybersecurity trends and developments. The Cybersecurity and Technology Committee updates the full board of directors at each quarterly board meeting, or more frequently if needed.
Our enterprise cybersecurity program is led by the CSO, who brings more than two decades of cybersecurity leadership experience and oversees both information technology and information security functions. In order to assess and manage our material risks from cybersecurity threats, our CSO works with cross-functional teams, which are staffed with subject matter experts and leaders from each of the following areas:
•Threat & Vulnerability Management: We follow a defense-in-depth security model with a Joint Security Operations Center, Attack Surface Management, and Data Protection team working with security architects and engineers deploying controls designed to prevent or limit the success of an attack.
•Governance, Risk, and Compliance: Our Security Governance, Risk, and Compliance team helps drive trust, compliance, and data protection by managing risks, including supply chain risks, to strengthen customer confidence, support innovation, and protect our reputation.
•Fraud Prevention: Our Fraud Strategy and Prevention team seeks to employ industry best practices of fraud prevention, identity and access management ("IAM"), and cybersecurity monitoring to protect the
transactions of our members and Clients. We continue to invest in people, processes, and technology solutions to enhance our fraud prevention program.
•Security Engineering & Architecture: Our Security Engineering & Architecture team designs and implements resilient security solutions, embedding security into cloud and on-premise environments while automating controls and integrating security into development lifecycles.
•Identity & Access Management: Our IAM team enforces zero trust principles, least privilege access, and adaptive authentication, managing multi-factor authentication, privileged access management, and just-in-time access to protect critical systems while ensuring seamless and compliant user access.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Cybersecurity and Technology Committee of our board of directors provides oversight of the Company’s cybersecurity threat landscape, risks and data security programs, and the Company’s management and mitigation of cybersecurity risks and potential breach incidents. The Audit and Risk Committee of our board of directors provides an additional layer of cybersecurity oversight, as it provides oversight of the Company’s enterprise risk management program, which includes management of cybersecurity risks and the potential fraud and privacy risks that could arise from a cybersecurity incident.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Cybersecurity and Technology Committee updates the full board of directors at each quarterly board meeting, or more frequently if needed.
|Cybersecurity Risk Role of Management [Text Block]
|
The Chief Security Officer ("CSO") and his delegates meet with the Cybersecurity and Technology Committee at least quarterly to, among other items, review any cybersecurity incidents, review key risks and metrics on the Company’s cybersecurity program and related risk management programs, and discuss the Company’s cybersecurity programs and goals. The Cybersecurity and Technology Committee also participates in cybersecurity tabletop exercises with management and receives training on cybersecurity trends and developments. The Cybersecurity and Technology Committee updates the full board of directors at each quarterly board meeting, or more frequently if needed.
Our enterprise cybersecurity program is led by the CSO, who brings more than two decades of cybersecurity leadership experience and oversees both information technology and information security functions. In order to assess and manage our material risks from cybersecurity threats, our CSO works with cross-functional teams, which are staffed with subject matter experts and leaders from each of the following areas:
•Threat & Vulnerability Management: We follow a defense-in-depth security model with a Joint Security Operations Center, Attack Surface Management, and Data Protection team working with security architects and engineers deploying controls designed to prevent or limit the success of an attack.
•Governance, Risk, and Compliance: Our Security Governance, Risk, and Compliance team helps drive trust, compliance, and data protection by managing risks, including supply chain risks, to strengthen customer confidence, support innovation, and protect our reputation.
•Fraud Prevention: Our Fraud Strategy and Prevention team seeks to employ industry best practices of fraud prevention, identity and access management ("IAM"), and cybersecurity monitoring to protect the
transactions of our members and Clients. We continue to invest in people, processes, and technology solutions to enhance our fraud prevention program.
•Security Engineering & Architecture: Our Security Engineering & Architecture team designs and implements resilient security solutions, embedding security into cloud and on-premise environments while automating controls and integrating security into development lifecycles.
•Identity & Access Management: Our IAM team enforces zero trust principles, least privilege access, and adaptive authentication, managing multi-factor authentication, privileged access management, and just-in-time access to protect critical systems while ensuring seamless and compliant user access.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|The Chief Security Officer ("CSO") and his delegates meet with the Cybersecurity and Technology Committee at least quarterly to, among other items, review any cybersecurity incidents, review key risks and metrics on the Company’s cybersecurity program and related risk management programs, and discuss the Company’s cybersecurity programs and goals. The Cybersecurity and Technology Committee also participates in cybersecurity tabletop exercises with management and receives training on cybersecurity trends and developments.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|
Our enterprise cybersecurity program is led by the CSO, who brings more than two decades of cybersecurity leadership experience and oversees both information technology and information security functions. In order to assess and manage our material risks from cybersecurity threats, our CSO works with cross-functional teams, which are staffed with subject matter experts and leaders from each of the following areas:
•Threat & Vulnerability Management: We follow a defense-in-depth security model with a Joint Security Operations Center, Attack Surface Management, and Data Protection team working with security architects and engineers deploying controls designed to prevent or limit the success of an attack.
•Governance, Risk, and Compliance: Our Security Governance, Risk, and Compliance team helps drive trust, compliance, and data protection by managing risks, including supply chain risks, to strengthen customer confidence, support innovation, and protect our reputation.
•Fraud Prevention: Our Fraud Strategy and Prevention team seeks to employ industry best practices of fraud prevention, identity and access management ("IAM"), and cybersecurity monitoring to protect the
transactions of our members and Clients. We continue to invest in people, processes, and technology solutions to enhance our fraud prevention program.
•Security Engineering & Architecture: Our Security Engineering & Architecture team designs and implements resilient security solutions, embedding security into cloud and on-premise environments while automating controls and integrating security into development lifecycles.
•Identity & Access Management: Our IAM team enforces zero trust principles, least privilege access, and adaptive authentication, managing multi-factor authentication, privileged access management, and just-in-time access to protect critical systems while ensuring seamless and compliant user access.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|The Chief Security Officer ("CSO") and his delegates meet with the Cybersecurity and Technology Committee at least quarterly to, among other items, review any cybersecurity incidents, review key risks and metrics on the Company’s cybersecurity program and related risk management programs, and discuss the Company’s cybersecurity programs and goals.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef