|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
We consider cybersecurity, along with other top risks, within our enterprise risk management framework. The enterprise risk management framework includes internal reporting at the business and enterprise levels, with consideration of key risk indicators, trends and countermeasures for cybersecurity and other types of significant risks. We have implemented a robust cybersecurity program that employs various controls and activities aimed at identifying, protecting against, detecting, and responding to cybersecurity threats. These controls, including endpoint and network monitoring, endpoint protection, and network security measures, safeguard our assets from unauthorized access and attacks. We prioritize data protection through data classification and access management designed to permit access only by authorized personnel. Our cybersecurity incident response plan, integrated into the enterprise risk management framework, outlines a structured process for handling cybersecurity incidents involving assets or data. It guides our cybersecurity incident response team in containing, eradicating, and recovering from incidents while minimizing damage and disruption. The plan includes a clearly defined notification framework for timely communication to relevant parties, that may include our management team, Board of Directors and Audit Committee, based on the incident’s severity and potential impact. Controls and related activities are designed taking into consideration recognized third party cybersecurity frameworks.
We utilize on-premises and cloud-based security solutions, with real-time monitoring provided by specialized managed security services providers. These external managed security service providers collect events generated by critical systems in real-time, filter non-security events, and then correlate the information using security data analytical engines so that personnel can identify and analyze threats.
Annual risk assessments of our Information Security Program are conducted to identify emerging information security and third party risks. In addition, periodic vulnerability assessments and penetration tests are conducted to support the identification of risks. We also conduct independent audits, including through the use of third-party assessors on both the design
and operational effectiveness of security controls and consult with external advisors on best practices to address new challenges.
An external vendor risk management platform is utilized to evaluate, rate, monitor, and track vendor risk pertaining to our critical vendors. The security practices and processes of the service providers are monitored regularly, and periodic assessments may be performed on the service providers’compliance with cybersecurity terms, based on the service providers’ risk. For any of our hosted applications we by default require the vendor to maintain a System and Organization Controls (“SOC”) 1 or SOC 2 report. If a third party vendor is not able to provide a SOC 1 or SOC 2 report, we take additional steps to assess their cybersecurity preparedness and assess our relationship on that basis. Our assessment of risks associated with the use of third party providers is part of our overall cybersecurity risk management framework.
We also periodically perform simulations and tabletop exercises at a management level and incorporate external resources and advisors as needed. All employees are required to complete a monthly computer-based Security Awareness Training Program that includes various topics on cybersecurity risk management best practices. This program educates users to identify information security threats and what actions should be taken. Additionally, employees are regularly tested with phishing campaigns reinforcing their awareness of email threats.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
We consider cybersecurity, along with other top risks, within our enterprise risk management framework. The enterprise risk management framework includes internal reporting at the business and enterprise levels, with consideration of key risk indicators, trends and countermeasures for cybersecurity and other types of significant risks. We have implemented a robust cybersecurity program that employs various controls and activities aimed at identifying, protecting against, detecting, and responding to cybersecurity threats. These controls, including endpoint and network monitoring, endpoint protection, and network security measures, safeguard our assets from unauthorized access and attacks. We prioritize data protection through data classification and access management designed to permit access only by authorized personnel. Our cybersecurity incident response plan, integrated into the enterprise risk management framework, outlines a structured process for handling cybersecurity incidents involving assets or data. It guides our cybersecurity incident response team in containing, eradicating, and recovering from incidents while minimizing damage and disruption. The plan includes a clearly defined notification framework for timely communication to relevant parties, that may include our management team, Board of Directors and Audit Committee, based on the incident’s severity and potential impact. Controls and related activities are designed taking into consideration recognized third party cybersecurity frameworks.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Oversight of cybersecurity is a joint responsibility of our Board of Directors and Audit Committee, with each receiving at least quarterly updates on our cybersecurity program, including measures taken to address cybersecurity risks and significant cybersecurity incidents. The Board and Audit Committee also may receive updates on topics such as the results of various cybersecurity assessments, third party risk management, and evolving risks.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Our Chief Information Officer leads our overall cybersecurity function and is responsible for developing and implementing our information security program and managing our response to threats.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Oversight of cybersecurity is a joint responsibility of our Board of Directors and Audit Committee, with each receiving at least quarterly updates on our cybersecurity program, including measures taken to address cybersecurity risks and significant cybersecurity incidents.
|Cybersecurity Risk Role of Management [Text Block]
|Our Chief Information Officer leads our overall cybersecurity function and is responsible for developing and implementing our information security program and managing our response to threats. In addition to our in-house cybersecurity capabilities, at times we also engage third parties to assist with assessing, identifying, and managing cybersecurity risks. Members of our IT security team, including the third party security firms we utilize as part of our program, have cybersecurity experience or certifications, such as the Certified Information Systems Security Professional certification.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|Our Chief Information Officer leads our overall cybersecurity function and is responsible for developing and implementing our information security program and managing our response to threats. In addition to our in-house cybersecurity capabilities, at times we also engage third parties to assist with assessing, identifying, and managing cybersecurity risks.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Members of our IT security team, including the third party security firms we utilize as part of our program, have cybersecurity experience or certifications, such as the Certified Information Systems Security Professional certification.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|
Oversight of cybersecurity is a joint responsibility of our Board of Directors and Audit Committee, with each receiving at least quarterly updates on our cybersecurity program, including measures taken to address cybersecurity risks and significant cybersecurity incidents. The Board and Audit Committee also may receive updates on topics such as the results of various cybersecurity assessments, third party risk management, and evolving risks.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef