|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
We recognize the importance of assessing, identifying and managing material risks associated with cybersecurity threats, as such term is defined in Item 16K of Form 20-F. These risks include, among other things: operational risks, intellectual property theft, fraud, extortion, harm to employees or customers and violation of data privacy and security laws.
Identifying and assessing cybersecurity risk is integrated into our overall risk management systems and processes. Cybersecurity risks related to our business, technical operations, privacy and compliance issues are identified and addressed through a multi-faceted approach, including third party assessments, IT security, governance, risk and compliance reviews. To defend, detect and respond to cybersecurity incidents, we, among other things: conduct proactive privacy and cybersecurity assessments of systems, network and applications, audit applicable data policies, manage intrusion detection and prevention systems and network access controls, perform penetration testing using external third-party tools and techniques to test security controls, focus on securing our applications and software, conduct employee training, implement secure coding practices, monitor emerging laws and regulations related to data protection and information security (including our consumer products) and implement appropriate changes. Teams of dedicated privacy, safety and security professionals oversee cybersecurity risk management and mitigation, incident prevention, detection and remediation. These teams include Globant Information Security Team (“GIST”) and Application & Infrastructure Security and Incident Response Team (the “Incident Response Team”).
As part of our cybersecurity risk management system, GIST tracks and logs privacy and security incidents across Globant, our vendors, and other third-party service providers to remediate and resolve any such incidents. Such incidents are assigned a severity score and classified as a “Cyber Security Incident” if the incident jeopardizes the confidentiality, integrity or availability of our information systems or any information residing therein. Significant incidents are reviewed regularly by the Incident Response Team to determine whether further escalation is appropriate. The Incident Response Team will also develop a remediation plan, perform forensic analyses and track incident metrics to improve the situation.
Any incident assessed as potentially being or potentially becoming material is automatically escalated for further assessment to the members of our Disclosure Committee, which is comprised of our chief financial officer, chief accounting officer, general counsel, head of internal audit and SOX compliance, head of investors relations division and compliance manager. In addition, we consult with outside counsel as appropriate, including on materiality analyses and disclosure matters.
The foregoing processes have been incorporated into Globant’s internal control matrix to, among others, (a) secure effective control over disclosure relating to cybersecurity matters, (b) include proper proceedings to review, record and classify cybersecurity incidents, and (c) ensure adequate Board oversight.
While we have experienced cybersecurity incidents in the past, as of the date of this annual report, we have not suffered any cybersecurity incident determined to have had material effects on our business strategy, operational results, or financial situation. However, any significant disruption to our service or access to our systems could result in a loss of customers and adversely affect our business and results of operation. Further, a penetration of our systems or a third-party’s systems or other misappropriation or misuse of personal information could subject us to business, regulatory, litigation and reputation risk, which could have a negative effect on our business, financial condition and results of operations. For further information on whether and how risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations or financial condition, see “Risk Factors -If our computer systems or data, or our service providers’ systems or data, are subject to security incidents or breaches, or if any of our employees misuses or misappropriates data, it may disrupt our operations, and we may face reputational damage, lose clients and revenues, or incur losses.”
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
We recognize the importance of assessing, identifying and managing material risks associated with cybersecurity threats, as such term is defined in Item 16K of Form 20-F. These risks include, among other things: operational risks, intellectual property theft, fraud, extortion, harm to employees or customers and violation of data privacy and security laws.Identifying and assessing cybersecurity risk is integrated into our overall risk management systems and processes. Cybersecurity risks related to our business, technical operations, privacy and compliance issues are identified and addressed through a multi-faceted approach, including third party assessments, IT security, governance, risk and compliance reviews. To defend, detect and respond to cybersecurity incidents, we, among other things: conduct proactive privacy and cybersecurity assessments of systems, network and applications, audit applicable data policies, manage intrusion detection and prevention systems and network access controls, perform penetration testing using external third-party tools and techniques to test security controls, focus on securing our applications and software, conduct employee training, implement secure coding practices, monitor emerging laws and regulations related to data protection and information security (including our consumer products) and implement appropriate changes. Teams of dedicated privacy, safety and security professionals oversee cybersecurity risk management and mitigation, incident prevention, detection and remediation. These teams include Globant Information Security Team (“GIST”) and Application & Infrastructure Security and Incident Response Team (the “Incident Response Team”).
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Our Audit Committee has oversight responsibility for risks and incidents relating to cybersecurity threats, including compliance with disclosure requirements, cooperation with law enforcement, and related effects on financial and internal control risks, and it reports any findings and recommendations, as appropriate, to the full Board for consideration. In that capacity, our Audit Committee conducts periodic reviews of, and holds meetings with senior management to discuss, technology and cybersecurity risks and the risk assessment and risk management policies, practices, programs and/or procedures that we have adopted to monitor, control, mitigate and manage such risks.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
Our Audit Committee has oversight responsibility for risks and incidents relating to cybersecurity threats, including compliance with disclosure requirements, cooperation with law enforcement, and related effects on financial and internal control risks, and it reports any findings and recommendations, as appropriate, to the full Board for consideration. In that capacity, our Audit Committee conducts periodic reviews of, and holds meetings with senior management to discuss, technology and cybersecurity risks and the risk assessment and risk management policies, practices, programs and/or procedures that we have adopted to monitor, control, mitigate and manage such risks.Each quarter, the Incident Response Team prepares a report on cybersecurity incidents, risks, mitigation actions and strategy (the “Cybersecurity Report”). The Cybersecurity Report is presented by our chief information officer to our Audit Committee on a quarterly basis and to the Board on a semiannual basis. The full Board also receives periodic reports from the Chief Information Officer and the Audit Committee relating to the Company’s cybersecurity.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
Our Audit Committee has oversight responsibility for risks and incidents relating to cybersecurity threats, including compliance with disclosure requirements, cooperation with law enforcement, and related effects on financial and internal control risks, and it reports any findings and recommendations, as appropriate, to the full Board for consideration. In that capacity, our Audit Committee conducts periodic reviews of, and holds meetings with senior management to discuss, technology and cybersecurity risks and the risk assessment and risk management policies, practices, programs and/or procedures that we have adopted to monitor, control, mitigate and manage such risks.
Each quarter, the Incident Response Team prepares a report on cybersecurity incidents, risks, mitigation actions and strategy (the “Cybersecurity Report”). The Cybersecurity Report is presented by our chief information officer to our Audit Committee on a quarterly basis and to the Board on a semiannual basis. The full Board also receives periodic reports from the Chief Information Officer and the Audit Committee relating to the Company’s cybersecurity.
Since 2013, Globant certified ISO 27001, a standard that provides a model for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an information security management system (ISMS). The process of certifying ISO 27001 ensures that ISMS is under explicit management control. In 2016, we migrated successfully to the ISO 27001:2013.Our chief information officer has over 20 years of industry experience, including leading CloudOps and cybersecurity services and serving as CloudOps & Cybersecurity Studio Partner at Globant. Further, our security officer manager has more than 20 years of experience working in cybersecurity and infrastructure, specializing in military frameworks for cyber threat intelligence and cyber war, and currently leads our Offensive and Defensive security teams. Team members who support our information security program have relevant educational and industry experience, including holding similar positions at large technology companies.
|Cybersecurity Risk Role of Management [Text Block]
|
Our Audit Committee has oversight responsibility for risks and incidents relating to cybersecurity threats, including compliance with disclosure requirements, cooperation with law enforcement, and related effects on financial and internal control risks, and it reports any findings and recommendations, as appropriate, to the full Board for consideration. In that capacity, our Audit Committee conducts periodic reviews of, and holds meetings with senior management to discuss, technology and cybersecurity risks and the risk assessment and risk management policies, practices, programs and/or procedures that we have adopted to monitor, control, mitigate and manage such risks.
Each quarter, the Incident Response Team prepares a report on cybersecurity incidents, risks, mitigation actions and strategy (the “Cybersecurity Report”). The Cybersecurity Report is presented by our chief information officer to our Audit Committee on a quarterly basis and to the Board on a semiannual basis. The full Board also receives periodic reports from the Chief Information Officer and the Audit Committee relating to the Company’s cybersecurity.
Since 2013, Globant certified ISO 27001, a standard that provides a model for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an information security management system (ISMS). The process of certifying ISO 27001 ensures that ISMS is under explicit management control. In 2016, we migrated successfully to the ISO 27001:2013.Our chief information officer has over 20 years of industry experience, including leading CloudOps and cybersecurity services and serving as CloudOps & Cybersecurity Studio Partner at Globant. Further, our security officer manager has more than 20 years of experience working in cybersecurity and infrastructure, specializing in military frameworks for cyber threat intelligence and cyber war, and currently leads our Offensive and Defensive security teams. Team members who support our information security program have relevant educational and industry experience, including holding similar positions at large technology companies.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|Each quarter, the Incident Response Team prepares a report on cybersecurity incidents, risks, mitigation actions and strategy (the “Cybersecurity Report”). The Cybersecurity Report is presented by our chief information officer to our Audit Committee on a quarterly basis and to the Board on a semiannual basis. The full Board also receives periodic reports from the Chief Information Officer and the Audit Committee relating to the Company’s cybersecurity.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Our chief information officer has over 20 years of industry experience, including leading CloudOps and cybersecurity services and serving as CloudOps & Cybersecurity Studio Partner at Globant. Further, our security officer manager has more than 20 years of experience working in cybersecurity and infrastructure, specializing in military frameworks for cyber threat intelligence and cyber war, and currently leads our Offensive and Defensive security teams.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|
Our Audit Committee has oversight responsibility for risks and incidents relating to cybersecurity threats, including compliance with disclosure requirements, cooperation with law enforcement, and related effects on financial and internal control risks, and it reports any findings and recommendations, as appropriate, to the full Board for consideration. In that capacity, our Audit Committee conducts periodic reviews of, and holds meetings with senior management to discuss, technology and cybersecurity risks and the risk assessment and risk management policies, practices, programs and/or procedures that we have adopted to monitor, control, mitigate and manage such risks.
Each quarter, the Incident Response Team prepares a report on cybersecurity incidents, risks, mitigation actions and strategy (the “Cybersecurity Report”). The Cybersecurity Report is presented by our chief information officer to our Audit Committee on a quarterly basis and to the Board on a semiannual basis. The full Board also receives periodic reports from the Chief Information Officer and the Audit Committee relating to the Company’s cybersecurity.
Since 2013, Globant certified ISO 27001, a standard that provides a model for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an information security management system (ISMS). The process of certifying ISO 27001 ensures that ISMS is under explicit management control. In 2016, we migrated successfully to the ISO 27001:2013.Our chief information officer has over 20 years of industry experience, including leading CloudOps and cybersecurity services and serving as CloudOps & Cybersecurity Studio Partner at Globant. Further, our security officer manager has more than 20 years of experience working in cybersecurity and infrastructure, specializing in military frameworks for cyber threat intelligence and cyber war, and currently leads our Offensive and Defensive security teams. Team members who support our information security program have relevant educational and industry experience, including holding similar positions at large technology companies.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef