|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 27, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
Cybersecurity Program
We have worked to develop our cybersecurity program to protect the confidentiality, integrity, and availability of systems and data. We have implemented administrative, technical, and physical safeguards that we believe are appropriate to the size and complexity of our business and the nature and scope of our activities. We evolve our cyber defenses to help minimize impacts from cyber threats to safeguard our assets and data.
Our program includes a number of safeguards. These safeguards include processes for endpoint security (such as anti-malware and endpoint detection and response tools), network security (such as firewalls, intrusion detection systems, and filtering), and vulnerability management (such as vulnerability scans and patch management). Applicable personnel are provided cybersecurity awareness training and receive periodic awareness through ad hoc communications on security topics, including how to report suspicious activity or potential incidents. However, vulnerabilities or threats identified through our cybersecurity program may take time to remediate or mitigate.
We use a risk-based approach with respect to our use and oversight of third-party service providers, tailoring processes according to the nature and sensitivity of the data accessed, processed, or stored by such third-party service provider and performing additional risk screenings and procedures, as appropriate. We have established a third-party risk management program that includes a formal vendor and cloud security policy and processes to conduct diligence on applicable vendors, including the use of questionnaires and obtaining additional security documentation. Cybersecurity controls language may be included in third-party service provider contracts, and if applicable, this language is designed to be tailored to the use case and sensitivity of any data or business processes involved.
We recognize the potential risks associated with the deployment and use of AI systems. We provide training for employees on AI use cases, opportunities, and risk management practices.
Process for Assessing, Identifying and Managing Material Risks from Cybersecurity Threats
To assess, identify, and manage potential cybersecurity threats, our Security Operations Center (“SOC”) team works in conjunction with a third-party managed security service provider to monitor systems and threats, including those on systems managed by third-parties, such as cloud platforms.
In the event of a potential or actual cybersecurity incident, we maintain an incident response program. Pursuant to the program and its escalation protocols, designated personnel are responsible for assessing the severity of an incident and associated threat, containing the threat, remediating the threat, including recovery of data and access to systems, analyzing any reporting obligations associated with the incident, and performing post-incident analysis and program enhancements. We maintain a Cybersecurity Incident Response Plan (“IRP”) and business continuity and disaster recovery plans in the event of a significant cybersecurity incident or disruption. The IRP is tested using tabletop exercises.
Cybersecurity Risk Management and Strategy
Our cybersecurity risk management processes are integrated into our overall business risk management program. As part of our risk management program, we identify, assess and evaluate risks impacting our operations across the Company, including those risks related to cybersecurity, including AI. As part of risk management processes, we maintain cybersecurity insurance that provides coverage for certain costs related to cybersecurity-related incidents. However, the amount or type of coverage may not be sufficient to address costs for handling an incident, or future changes may occur to insurance coverage.
As of December 27, 2024, we are not aware of any risks from cybersecurity threats, including from previous cybersecurity incidents, that materially impacted the Company's strategy, operations, or financial condition for the past year. However, we have been the target of previous cyber attacks and anticipate we will continue to face risks of incidents through various types of attacks, including those using sophisticated techniques and evolving technologies such as artificial intelligence. Although we make efforts to maintain the security of our systems and data, we are subject to the risk of a cybersecurity incident or disruption, and there can be no assurance that our security efforts and measures, and those of our third-party vendors, will prevent breakdowns or incidents to our or our third-party vendors’ systems that could adversely affect our business. For further discussion, see the risk factor captioned “Our business depends on the continued effectiveness and availability of our information technology infrastructure, and failures of this infrastructure could harm our operations” included within Item 1A. Risk Factors of this Annual Report.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Board OversightOur full Board of Directors provides oversight for our cybersecurity program. At least annually, the CISO and the VP of Information Technology report to the Board of Directors on information technology, cybersecurity and information security-related matters, including relevant business activities, key risks and mitigation efforts, prior incidents, results of assessments and monitoring, and the potential impact on the Company’s business.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|At least annually, the CISO and the VP of Information Technology report to the Board of Directors on information technology, cybersecurity and information security-related matters, including relevant business activities, key risks and mitigation efforts, prior incidents, results of assessments and monitoring, and the potential impact on the Company’s business.
|Cybersecurity Risk Role of Management [Text Block]
|
Management Oversight
The controls and processes employed to assess, identify and manage material risks from cybersecurity threats are implemented and overseen by a team that includes our Chief Information Security Officer (“CISO”), who reports to our Vice President (“VP”) of Information Systems. The CISO is supported by a SOC team, an Incident Response Manager, a Governance Risk and Compliance Manager, and cybersecurity architects. These individuals and groups are responsible for the day-to-day management of our cybersecurity program, including the prevention, detection, investigation, response to, and recovery from cybersecurity threats and incidents, and are regularly engaged to help ensure our cybersecurity program functions effectively in the face of evolving cybersecurity threats. The individuals involved generally have significant experience in cybersecurity and related information technology, including responding to incidents and developing security policies, with our three most senior leaders having an average of 25 years of experience in cybersecurity.
In addition to the day-to-day management of these risks, we hold a monthly meeting of an Information Risk Committee, which is comprised of representatives from our legal, human resources, compliance, and information technology departments. On a quarterly basis, we also hold a meeting of our Executive Information Technology (“IT”) Steering Committee, which is comprised of membersof the executive leadership, so that they can receive regular briefings on cybersecurity matters, including threats, events, and program enhancements.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|The controls and processes employed to assess, identify and manage material risks from cybersecurity threats are implemented and overseen by a team that includes our Chief Information Security Officer (“CISO”), who reports to our Vice President (“VP”) of Information Systems. The CISO is supported by a SOC team, an Incident Response Manager, a Governance Risk and Compliance Manager, and cybersecurity architects.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|The individuals involved generally have significant experience in cybersecurity and related information technology, including responding to incidents and developing security policies, with our three most senior leaders having an average of 25 years of experience in cybersecurity.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef