|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Our cybersecurity strategy, which is effected through our Cybersecurity Risk Management Model, prioritizes the security and protection of our information technology networks and systems, through the detection, analysis and response to known, anticipated or unexpected threats and effective management of security risks. Our Cybersecurity Risk Management Model provides for four levels of industry-standard response activities to protect the Company against cyber threats. These are:
1.Policy Framework: Our information security practices include development, implementation, and improvement of policies and procedures to safeguard information and ensure availability of critical data and systems, including our Information Security Policy, which establishes guidelines for the safe and secure use of the Company’s information systems and data, and our Electronic Communication Policy, which outlines the responsibilities of those using the Company’s network and IT equipment. Employees and third-party service providers are required to comply with our Information Security Policy and our Electronic Communication Policy.
2.Awareness Programs: All employees participate in an ongoing program of mandatory annual training and receive periodic communications regarding the cybersecurity environment to increase awareness throughout the Company. We also implemented an enhanced annual training program for specific specialized employee populations.
3.Security Engineering: We leverage a combination of the International Organization for Standardization (the “ISO”) best practice standards and other global standards, including Control Objectives for Information and Relevant Technology, to measure our security posture and manage risk. In addition, we completed several cybersecurity-related initiatives such as multifactor authentication and the ISO 27001 certification, which is globally recognized as one of the highest standards of compliance and control for information security management systems. We have also implemented critical preventive measures, such as monthly phishing simulations, email and endpoint
security and monitoring, database encryption, continuous patching, and network firewall security using both internal resources and independent third-party service providers.
4.IT Resiliency: Our IT Team has formalized disaster recovery processes, business continuity procedures and an incident response plan. These processes account for risks associated with third parties that provide IT services, process information on our behalf, or have access to our information systems.
Our Data Privacy Officer is responsible for leadership, compliance, and oversight of applicable cyber and privacy laws and policies, which are designed to protect data belonging to our employees and customers and the Company’s information security; while our IT Cyber Incident Management Team oversees Bristow’s cyber incident response and remains in close contact with the Executive Leadership Team and the Audit Committee throughout the cyber incident resolution process.
Our IT Steering Committee is responsible for reviewing, approving and funding IT projects, including cybersecurity initiatives. This committee consists of five (5) members: the Chief Information Officer, the President and Chief Executive Officer, the Chief Financial Officer, the Chief Operating Officer, Government Services and the Chief Operating Officer, Offshore Energy Services.
The Chief Executive Officer, with the assistance of the other members of the executive leadership team, is responsible for, among other risk management measures, implementing measures designed to ensure the safety standards for personnel, information technology systems and data security, the environment and property in performing the Company’s operations. The Company’s Enterprise Risk Management Committee (ERM), sponsored by the CEO, was established to oversee the risk management processes and to report upon and ensure that sound policies, procedures and practices are in place for the enterprise‐wide management of the Company’s material risks and to report the results of the Committee’s activities to the Company the Board at least annually. These include risks associated with cybersecurity and any of the topics identified in our materiality assessment. Responsibilities for risk management and compliance are distributed throughout various functional areas of the business, including but not limited to a Compliance Committee established to understand and support business integrity and compliance efforts globally, and to oversee Bristow’s compliance efforts with respect to COBI, relevant policies, and applicable laws.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
Our cybersecurity strategy, which is effected through our Cybersecurity Risk Management Model, prioritizes the security and protection of our information technology networks and systems, through the detection, analysis and response to known, anticipated or unexpected threats and effective management of security risks. Our Cybersecurity Risk Management Model provides for four levels of industry-standard response activities to protect the Company against cyber threats. These are:
1.Policy Framework: Our information security practices include development, implementation, and improvement of policies and procedures to safeguard information and ensure availability of critical data and systems, including our Information Security Policy, which establishes guidelines for the safe and secure use of the Company’s information systems and data, and our Electronic Communication Policy, which outlines the responsibilities of those using the Company’s network and IT equipment. Employees and third-party service providers are required to comply with our Information Security Policy and our Electronic Communication Policy.
2.Awareness Programs: All employees participate in an ongoing program of mandatory annual training and receive periodic communications regarding the cybersecurity environment to increase awareness throughout the Company. We also implemented an enhanced annual training program for specific specialized employee populations.
3.Security Engineering: We leverage a combination of the International Organization for Standardization (the “ISO”) best practice standards and other global standards, including Control Objectives for Information and Relevant Technology, to measure our security posture and manage risk. In addition, we completed several cybersecurity-related initiatives such as multifactor authentication and the ISO 27001 certification, which is globally recognized as one of the highest standards of compliance and control for information security management systems. We have also implemented critical preventive measures, such as monthly phishing simulations, email and endpoint
security and monitoring, database encryption, continuous patching, and network firewall security using both internal resources and independent third-party service providers.
4.IT Resiliency: Our IT Team has formalized disaster recovery processes, business continuity procedures and an incident response plan. These processes account for risks associated with third parties that provide IT services, process information on our behalf, or have access to our information systems.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Our Cybersecurity Committee consists of six (6) members: the Chief Information Officer, the Chief Financial Officer, the Director of Internal Audit, the Director of IT, Infrastructure and Flight Systems, the Data Privacy Officer and the IT Security and Compliance Manager. Together with our Executive Leadership Team and the Board, the Cybersecurity Committee assists with prioritizing our cybersecurity programs as well as providing oversight around cybersecurity practices and guidance in responding to cyber incidents. Members of the Cybersecurity Committee have work experience managing cybersecurity and information security risks, an understanding of the cybersecurity threat landscape and/or knowledge of emerging privacy risks in our industry. Committee members are also experienced and knowledgeable across Information Technology disciplines including strategy, governance, infrastructure, applications, data management, audit controls & compliance, risk management, disaster recovery, business continuity, and incident response planning.
The Cybersecurity Committee meets quarterly and delivers updates to management periodically and to the Audit Committee on an annual basis (or more frequently as needed). Under its charter, our Audit Committee, comprised of independent directors from our Board, must conduct at least annual reviews of any emerging cybersecurity developments and threats and the strategies to mitigate cybersecurity risks. The Cybersecurity Committee also delivers periodic updates to the Board on the status of the information security program, including but not limited to relevant cyber threats, roadmap and key initiative updates, and the identification and management of information security risks. The Board reviews cybersecurity opportunities relating to our business strategy, and cybersecurity-related matters are also factored into business continuity planning.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
Our Cybersecurity Committee consists of six (6) members: the Chief Information Officer, the Chief Financial Officer, the Director of Internal Audit, the Director of IT, Infrastructure and Flight Systems, the Data Privacy Officer and the IT Security and Compliance Manager. Together with our Executive Leadership Team and the Board, the Cybersecurity Committee assists with prioritizing our cybersecurity programs as well as providing oversight around cybersecurity practices and guidance in responding to cyber incidents. Members of the Cybersecurity Committee have work experience managing cybersecurity and information security risks, an understanding of the cybersecurity threat landscape and/or knowledge of emerging privacy risks in our industry. Committee members are also experienced and knowledgeable across Information Technology disciplines including strategy, governance, infrastructure, applications, data management, audit controls & compliance, risk management, disaster recovery, business continuity, and incident response planning.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
Our Data Privacy Officer is responsible for leadership, compliance, and oversight of applicable cyber and privacy laws and policies, which are designed to protect data belonging to our employees and customers and the Company’s information security; while our IT Cyber Incident Management Team oversees Bristow’s cyber incident response and remains in close contact with the Executive Leadership Team and the Audit Committee throughout the cyber incident resolution process.
Our IT Steering Committee is responsible for reviewing, approving and funding IT projects, including cybersecurity initiatives. This committee consists of five (5) members: the Chief Information Officer, the President and Chief Executive Officer, the Chief Financial Officer, the Chief Operating Officer, Government Services and the Chief Operating Officer, Offshore Energy Services.
The Chief Executive Officer, with the assistance of the other members of the executive leadership team, is responsible for, among other risk management measures, implementing measures designed to ensure the safety standards for personnel, information technology systems and data security, the environment and property in performing the Company’s operations. The Company’s Enterprise Risk Management Committee (ERM), sponsored by the CEO, was established to oversee the risk management processes and to report upon and ensure that sound policies, procedures and practices are in place for the enterprise‐wide management of the Company’s material risks and to report the results of the Committee’s activities to the Company the Board at least annually. These include risks associated with cybersecurity and any of the topics identified in our materiality assessment. Responsibilities for risk management and compliance are distributed throughout various functional areas of the business, including but not limited to a Compliance Committee established to understand and support business integrity and compliance efforts globally, and to oversee Bristow’s compliance efforts with respect to COBI, relevant policies, and applicable laws.
|Cybersecurity Risk Role of Management [Text Block]
|
Our Data Privacy Officer is responsible for leadership, compliance, and oversight of applicable cyber and privacy laws and policies, which are designed to protect data belonging to our employees and customers and the Company’s information security; while our IT Cyber Incident Management Team oversees Bristow’s cyber incident response and remains in close contact with the Executive Leadership Team and the Audit Committee throughout the cyber incident resolution process.
Our IT Steering Committee is responsible for reviewing, approving and funding IT projects, including cybersecurity initiatives. This committee consists of five (5) members: the Chief Information Officer, the President and Chief Executive Officer, the Chief Financial Officer, the Chief Operating Officer, Government Services and the Chief Operating Officer, Offshore Energy Services.The Chief Executive Officer, with the assistance of the other members of the executive leadership team, is responsible for, among other risk management measures, implementing measures designed to ensure the safety standards for personnel, information technology systems and data security, the environment and property in performing the Company’s operations. The Company’s Enterprise Risk Management Committee (ERM), sponsored by the CEO, was established to oversee the risk management processes and to report upon and ensure that sound policies, procedures and practices are in place for the enterprise‐wide management of the Company’s material risks and to report the results of the Committee’s activities to the Company the Board at least annually. These include risks associated with cybersecurity and any of the topics identified in our materiality assessment. Responsibilities for risk management and compliance are distributed throughout various functional areas of the business, including but not limited to a Compliance Committee established to understand and support business integrity and compliance efforts globally, and to oversee Bristow’s compliance efforts with respect to COBI, relevant policies, and applicable laws
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|
Our Data Privacy Officer is responsible for leadership, compliance, and oversight of applicable cyber and privacy laws and policies, which are designed to protect data belonging to our employees and customers and the Company’s information security; while our IT Cyber Incident Management Team oversees Bristow’s cyber incident response and remains in close contact with the Executive Leadership Team and the Audit Committee throughout the cyber incident resolution process.
Our IT Steering Committee is responsible for reviewing, approving and funding IT projects, including cybersecurity initiatives. This committee consists of five (5) members: the Chief Information Officer, the President and Chief Executive Officer, the Chief Financial Officer, the Chief Operating Officer, Government Services and the Chief Operating Officer, Offshore Energy Services.
The Chief Executive Officer, with the assistance of the other members of the executive leadership team, is responsible for, among other risk management measures, implementing measures designed to ensure the safety standards for personnel, information technology systems and data security, the environment and property in performing the Company’s operations. The Company’s Enterprise Risk Management Committee (ERM), sponsored by the CEO, was established to oversee the risk management processes and to report upon and ensure that sound policies, procedures and practices are in place for the enterprise‐wide management of the Company’s material risks and to report the results of the Committee’s activities to the Company the Board at least annually. These include risks associated with cybersecurity and any of the topics identified in our materiality assessment. Responsibilities for risk management and compliance are distributed throughout various functional areas of the business, including but not limited to a Compliance Committee established to understand and support business integrity and compliance efforts globally, and to oversee Bristow’s compliance efforts with respect to COBI, relevant policies, and applicable laws.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Members of the Cybersecurity Committee have work experience managing cybersecurity and information security risks, an understanding of the cybersecurity threat landscape and/or knowledge of emerging privacy risks in our industry. Committee members are also experienced and knowledgeable across Information Technology disciplines including strategy, governance, infrastructure, applications, data management, audit controls & compliance, risk management, disaster recovery, business continuity, and incident response planning.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|
The Cybersecurity Committee meets quarterly and delivers updates to management periodically and to the Audit Committee on an annual basis (or more frequently as needed). Under its charter, our Audit Committee, comprised of independent directors from our Board, must conduct at least annual reviews of any emerging cybersecurity developments and threats and the strategies to mitigate cybersecurity risks. The Cybersecurity Committee also delivers periodic updates to the Board on the status of the information security program, including but not limited to relevant cyber threats, roadmap and key initiative updates, and the identification and management of information security risks. The Board reviews cybersecurity opportunities relating to our business strategy, and cybersecurity-related matters are also factored into business continuity planning.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef