|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Trinseo’s business and production operations rely on secure access, processing, storage, and transmission of company confidential and personal identifiable information within various technology platforms. The Company has processes in place to monitor, identify, assess and respond to material risks from cybersecurity threats. We maintain a cyber risk management program to identify, protect, detect, respond and recover from cyber threats and incidents. Our cybersecurity risk management and internal controls programs are aligned to ISO27001 Standards and the National Institute of Standards and Technology (NIST) framework.
As part of our program management activities, we actively engage internal and prominent external experts, as well as industry participants, as part of our continuing efforts to evaluate and enhance the effectiveness of our cybersecurity policies and procedures. The Company has adopted a cybersecurity incident response plan (the “Incident Response Plan”) which defines our approach for prompt detection, analysis and determination of materiality, prioritization and mitigation of cybersecurity incidents. The Incident Response Plan also includes criteria for escalation to cross-functional committees, including executive management, and notification to our Board, as appropriate. Management also periodically performs tabletop exercises to simulate actual cyber threats to strengthen our policies, standards and related governance processes in response to cyber events. In addition, our internal audit function performs periodic audits or other evaluations to assess our cybersecurity program and compliance with policies and procedures.
Our cybersecurity program is managed by a dedicated Chief Information Security Officer (“CISO”). Our CISO has formal education in information technology and extensive cybersecurity program management experience with over three decades of diverse experience in the chemicals and manufacturing industries and maintains various information security certifications. Our CISO is accountable for the enterprise-wide cybersecurity strategy for both information technology (IT) and operations technology (OT), including significant third-party risks. The cybersecurity team, led by our CISO, is responsible for policies, standards, architecture, tools, training and processes to keep Trinseo secure. Our CISO provides regular updates to our Digital Steering or Cybersecurity Steering management committees.
Our Board of Directors has ultimate oversight of cybersecurity risk and our CISO provides periodic reports and updates concerning our cybersecurity program to the Board, as well as our Chief Executive Officer and other members of our senior management, as appropriate. Cybersecurity reports to the Board generally occur at least annually, with updates as deemed necessary by our CISO or, senior management. These reports include updates on the Company’s cyber risks and threats, the status of projects to strengthen our information network and data security, assessments of the information security program, and the emerging threat landscape.
The Audit Committee is responsible for oversight of the Company’s Incident Response Plan, including evaluation of material incidents, response and other related actions, and SEC reporting obligations, which is reviewed at least annually, or as circumstances warrant.
Trinseo faces risks from cybersecurity threats that could have a material adverse effect on our business strategy, results of operations, financial condition, cash flows or reputation. Trinseo has experienced, and will continue to experience, cyber incidents in the normal course of our business. Trinseo has not experienced any material cybersecurity incidents or incurred material expenses related to cybersecurity incidents. As of the date of this report, we are not aware of any material risks from cybersecurity incidents, that have materially affected or are reasonably likely to materially affect the Company, including our business strategy, results of operations, financial condition or reputation. See Item 1A Risk Factors for a discussion of cybersecurity risks.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|The Company has processes in place to monitor, identify, assess and respond to material risks from cybersecurity threats. We maintain a cyber risk management program to identify, protect, detect, respond and recover from cyber threats and incidents. Our cybersecurity risk management and internal controls programs are aligned to ISO27001 Standards and the National Institute of Standards and Technology (NIST) framework.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Our Board of Directors has ultimate oversight of cybersecurity risk and our CISO provides periodic reports and updates concerning our cybersecurity program to the Board, as well as our Chief Executive Officer and other members of our senior management, as appropriate. Cybersecurity reports to the Board generally occur at least annually, with updates as deemed necessary by our CISO or, senior management. These reports include updates on the Company’s cyber risks and threats, the status of projects to strengthen our information network and data security, assessments of the information security program, and the emerging threat landscape.
The Audit Committee is responsible for oversight of the Company’s Incident Response Plan, including evaluation of material incidents, response and other related actions, and SEC reporting obligations, which is reviewed at least annually, or as circumstances warrant.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Board of Directors
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|our CISO provides periodic reports and updates concerning our cybersecurity program to the Board, as well as our Chief Executive Officer and other members of our senior management, as appropriate. Cybersecurity reports to the Board generally occur at least annually, with updates as deemed necessary by our CISO or, senior management. These reports include updates on the Company’s cyber risks and threats, the status of projects to strengthen our information network and data security, assessments of the information security program, and the emerging threat landscape.
|Cybersecurity Risk Role of Management [Text Block]
|The cybersecurity team, led by our CISO, is responsible for policies, standards, architecture, tools, training and processes to keep Trinseo secure. Our CISO provides regular updates to our Digital Steering or Cybersecurity Steering management committees.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|Chief Information Security Officer
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Our CISO has formal education in information technology and extensive cybersecurity program management experience with over three decades of diverse experience in the chemicals and manufacturing industries and maintains various information security certifications.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|The Incident Response Plan also includes criteria for escalation to cross-functional committees, including executive management, and notification to our Board, as appropriate.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- Definition
+ References
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight.
+ Details
No definition available.
|X
- Definition
+ References
Cybersecurity Risk Board of Directors Oversight.
+ Details
No definition available.
|X
- Definition
+ References
Cybersecurity Risk Management Expertise of Management Responsible.
+ Details
No definition available.
|X
- Definition
+ References
Cybersecurity Risk Management Positions or Committees Responsible.
+ Details
No definition available.
|X
- Definition
+ References
Cybersecurity Risk Management Positions or Committees Responsible Report to Board.
+ Details
No definition available.
|X
- Definition
+ References
Cybersecurity Risk Management Positions or Committees Responsible.
+ Details
No definition available.
|X
- Definition
+ References
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats.
+ Details
No definition available.
|X
- Definition
+ References
Cybersecurity Risk Management Processes Integrated.
+ Details
No definition available.
|X
- Definition
+ References
Cybersecurity Risk Management Processes Integrated.
+ Details
No definition available.
|X
- Definition
+ References
Cybersecurity Risk Management Third Party Engaged.
+ Details
No definition available.
|X
- Definition
+ References
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant.
+ Details
No definition available.
|X
- Definition
+ References
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight.
+ Details
No definition available.
|X
- Definition
+ References
Cybersecurity Risk Process for Informing Management or Committees Responsible.
+ Details
No definition available.
|X
- Definition
+ References
Cybersecurity Risk Role of Management.
+ Details
No definition available.
|X
- Definition
+ References
Cybersecurity Risk Third Party Oversight and Identification Processes.
+ Details
No definition available.
|X
- References
+ Details
No definition available.