|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Our processes to identify, assess, and manage risks presented by cybersecurity threats are informed by the National Institute of Standards and Technology Cybersecurity Framework. Our SVP of IS, with support from the information security team, is informed about and monitors the prevention, detection, mitigation, and remediation of cybersecurity risks and incidents through various means, which include leveraging external third parties for security testing.
The information security team monitors security alerts from information security research sources and peer networking, and we have implemented processes and technologies for monitoring our networks for exfiltration of sensitive company information. Before contracting with third parties or purchasing third party technology or other solutions that involve exposure to sensitive company information the team assesses vendor risk, including by requesting SOC2 reports and/or security documentation from a vendor, where appropriate, and we receive and review security updates and alerts from these third parties. Penetration testing is performed periodically across our network boundaries to identify issues for remediation. Additionally, we maintain off-site back-ups and disaster recovery plans to restore our information and systems in the event of a disruptive event.
The information security team also has processes in place to inform and update management and, as needed, the audit committee about cybersecurity incidents that may pose significant risk to the company. Although risks from cybersecurity threats have to date not materially affected us, our business strategy, results of operations or financial condition, we have, from time to time, experienced threats and security incidents relating to our and our third-party vendors’ data and systems. For more information, please see “Item 1A, Risk Factors.”
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
Our processes to identify, assess, and manage risks presented by cybersecurity threats are informed by the National Institute of Standards and Technology Cybersecurity Framework. Our SVP of IS, with support from the information security team, is informed about and monitors the prevention, detection, mitigation, and remediation of cybersecurity risks and incidents through various means, which include leveraging external third parties for security testing.
The information security team monitors security alerts from information security research sources and peer networking, and we have implemented processes and technologies for monitoring our networks for exfiltration of sensitive company information. Before contracting with third parties or purchasing third party technology or other solutions that involve exposure to sensitive company information the team assesses vendor risk, including by requesting SOC2 reports and/or security documentation from a vendor, where appropriate, and we receive and review security updates and alerts from these third parties. Penetration testing is performed periodically across our network boundaries to identify issues for remediation. Additionally, we maintain off-site back-ups and disaster recovery plans to restore our information and systems in the event of a disruptive event.
The information security team also has processes in place to inform and update management and, as needed, the audit committee about cybersecurity incidents that may pose significant risk to the company. Although risks from cybersecurity threats have to date not materially affected us, our business strategy, results of operations or financial condition, we have, from time to time, experienced threats and security incidents relating to our and our third-party vendors’ data and systems. For more information, please see “Item 1A, Risk Factors.”
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|false
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Our management, with involvement and input from our audit committee, performs an annual enterprise-wide risk management (ERM) assessment to identify and manage key existing and emerging risks for our company. Our ERM process seeks to identify both the potential impacts to our company of a particular risk and the likelihood and proximity of any such risk. Our management team is responsible for implementing and overseeing our ERM process. Cybersecurity is among the risks identified for board of directors’ level risk oversight as a result of our most recent ERM assessment, with our audit committee of the board of directors having been delegated responsibility for overseeing our policies, practices and assessments with respect to cybersecurity and other information technology risks.
Our information security team is led by the SVP of IS, who reports to our chief financial officer. Our SVP of IS has over 25 years of experience managing and securing technology infrastructure. The information security team has responsibility for the planning and execution of our processes to manage cybersecurity and other information technology risks. The information security team also institutes and maintains controls for our systems, applications, and databases.
The audit committee receives periodic updates on our cybersecurity risks from our information security team, which include biannual presentations on the status of our cybersecurity risk management program by the SVP IS. These reports include updates on our performance preparing for, preventing, detecting, responding to and recovering from cyber incidents, if any. In addition, as needed, management updates the audit committee regarding any notable cybersecurity incidents. We have also implemented an annual process for employees to complete security awareness training.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The audit committee receives periodic updates on our cybersecurity risks from our information security team, which include biannual presentations on the status of our cybersecurity risk management program by the SVP IS. These reports include updates on our performance preparing for, preventing, detecting, responding to and recovering from cyber incidents, if any. In addition, as needed, management updates the audit committee regarding any notable cybersecurity incidents.
|Cybersecurity Risk Role of Management [Text Block]
|
Our information security team is led by the SVP of IS, who reports to our chief financial officer. Our SVP of IS has over 25 years of experience managing and securing technology infrastructure. The information security team has responsibility for the planning and execution of our processes to manage cybersecurity and other information technology risks. The information security team also institutes and maintains controls for our systems, applications, and databases.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|information security team
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Our information security team is led by the SVP of IS, who reports to our chief financial officer. Our SVP of IS has over 25 years of experience managing and securing technology infrastructure.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|
The audit committee receives periodic updates on our cybersecurity risks from our information security team, which include biannual presentations on the status of our cybersecurity risk management program by the SVP IS. These reports include updates on our performance preparing for, preventing, detecting, responding to and recovering from cyber incidents, if any. In addition, as needed, management updates the audit committee regarding any notable cybersecurity incidents. We have also implemented an annual process for employees to complete security awareness training.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef