|
Cybersecurity Risk Management, Strategy and Governance
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Item 1C. Cybersecurity
In the ordinary course of our business, we collect, use, store, and transmit digitally large amounts of confidential, financial, sensitive, proprietary, personal, and health-related information. The secure maintenance of this information and our information technology systems is important to our operations and business strategy. To this end, we have implemented processes designed to assess, identify, and manage risks from potential unauthorized occurrences on or through our information technology systems that may result in adverse effects on the confidentiality, integrity, and availability of these systems and the data residing therein. Our cybersecurity program is informed in part by industry standards and best practices, such as the National Institute of Standards and Technology (NIST) Cybersecurity Framework. This program is managed and monitored by a dedicated information technology team, including a Senior Director of Information Security, and is led by our Senior Vice President, Chief Information Officer, or CIO. Our processes include mechanisms, controls, technologies, and systems designed to prevent or mitigate data loss, theft, misuse, or other security incidents or vulnerabilities affecting the data and maintain a stable information technology environment. Our program includes, for example:
•
Regular penetration and vulnerability testing, data recovery testing, security audits, and ongoing risk assessments;
•
Engagement of external service providers, where appropriate, to assess, test or otherwise assist with aspects of our security controls as part of our operational security model;
•
Cybersecurity awareness training for our employees, contactors, incident response personnel, and senior management;
•
A cybersecurity incident response plan that includes procedures for responding to cybersecurity incidents and annual tabletop exercises with participants from cross functional teams;
•
A third-party risk management process for service providers, suppliers, and vendors including due diligence prior to engagement and ongoing periodic review of our key technology vendors, and other contractors and suppliers.
Our CIO, together with our Senior Director of Information Security and other members of the IT leadership team, are responsible for assessing and managing cybersecurity risks. Our CIO has over ten years of experience managing information technology and cybersecurity. Our Senior Director of Information Security has over 25 years of experience managing information technology and cybersecurity matters and is certified as a Certified Information Systems Security Professional (CISSP). We consider cybersecurity, along with other significant risks that we face, within our overall enterprise risk management framework.
Since the beginning of the last fiscal year, we have not identified any risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents, that have materially affected us, but we face certain ongoing cybersecurity risks or threats that, if realized, are reasonably likely to materially affect us. Additional information on cybersecurity risks we face is discussed in Part I, Item 1A, “Risk Factors,” under the heading “Our business and operations may be materially adversely affected in the event of computer system failures or security breaches.”
The Board of Directors, as a whole and at the committee level, has oversight for the most significant risks facing us and for our processes to identify, prioritize, assess, manage, and mitigate those risks. The Audit Committee, which is comprised solely of independent directors, has been designated by our Board to oversee cybersecurity risks. The Audit Committee receives regular updates on cybersecurity and information technology matters and related risk exposures from our CIO. The Board also receives updates from the Audit Committee on cybersecurity risks on a regular basis.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
The Board of Directors, as a whole and at the committee level, has oversight for the most significant risks facing us and for our processes to identify, prioritize, assess, manage, and mitigate those risks. The Audit Committee, which is comprised solely of independent directors, has been designated by our Board to oversee cybersecurity risks. The Audit Committee receives regular updates on cybersecurity and information technology matters and related risk exposures from our CIO. The Board also receives updates from the Audit Committee on cybersecurity risks on a regular basis.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Board of Directors, as a whole and at the committee level, has oversight for the most significant risks facing us and for our processes to identify, prioritize, assess, manage, and mitigate those risks. The Audit Committee, which is comprised solely of independent directors, has been designated by our Board to oversee cybersecurity risks.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Audit Committee receives regular updates on cybersecurity and information technology matters and related risk exposures from our CIO. The Board also receives updates from the Audit Committee on cybersecurity risks on a regular basis.
|Cybersecurity Risk Role of Management [Text Block]
|
Our CIO, together with our Senior Director of Information Security and other members of the IT leadership team, are responsible for assessing and managing cybersecurity risks. Our CIO has over ten years of experience managing information technology and cybersecurity. Our Senior Director of Information Security has over 25 years of experience managing information technology and cybersecurity matters and is certified as a Certified Information Systems Security Professional (CISSP). We consider cybersecurity, along with other significant risks that we face, within our overall enterprise risk management framework.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|This program is managed and monitored by a dedicated information technology team, including a Senior Director of Information Security, and is led by our Senior Vice President, Chief Information Officer, or CIO.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Our CIO has over ten years of experience managing information technology and cybersecurity. Our Senior Director of Information Security has over 25 years of experience managing information technology and cybersecurity matters and is certified as a Certified Information Systems Security Professional (CISSP).
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef