|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 25, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
The Company has multi-layer processes to assess, identify and manage material risks from cybersecurity threats. These processes are integrated into the Company’s enterprise risk management as part of its overall risk management strategy.
A cross-functional team of senior leadership assesses potential material risks to the business and the Company’s ability to meet strategic priorities, including risks from cybersecurity threats. The Company’s senior leadership receives updates from relevant functional heads or other subject matter specialists on these potential material risks as well as the processes or other steps being taken to manage or mitigate the risks. The team includes senior leaders in areas of importance to Company priorities, including the Company’s Chief Privacy Officer, who is also our Senior Vice President of Information Technology and the Chief Legal Officer. The Company’s senior leadership assesses and prioritizes risk based on impact to shareholders, operations, and strategic priorities, among other factors.
The Chief Privacy Officer oversees the Company’s information security program and is responsible for the day-to-day information risk management activities through the internal information security team, and outside resources. The SVP, Chief Privacy Officer, who has over 30 years of IT and IT security experience, 21 of which are at the Company, employs a team of information technology experts, including a dedicated Cyber Security Analyst. The VP, Chief Privacy Officer and the Cyber Security Analyst are further supported by other members of the IT department.
The Company’s processes to assess, identify and manage material risks from cybersecurity threats include, but are not limited to, the following:
The Company also has in place an Incident Response Plan that enables it to quickly categorize, respond, and escalate to senior leadership and the Audit Committee of the Board, real or potential cybersecurity incidents in a manner designed to mitigate overall business impact.
In connection with the Company’s review and approval for potential new vendors, the Company assesses the data types or Personally Identifiable Information that the vendor may maintain, store or access and reviews the adequacy of their cybersecurity procedures and legal protections. Legal counsel and the SVP, Chief Privacy Officer review the cyber and contractual protections and consider the overall risk profile considering the type of agreement, data involved, vendor, and jurisdiction, among other factors. Vendors deemed to have insufficient controls balancing the relevant criteria will not be approved.
The Board of Directors is kept apprised of material risks from cybersecurity threats through the Audit Committee. The Audit Committee is responsible for overseeing threats to the Company, including those involving cyber threats, and reviewing the Company’s protocols and procedures to mitigate those threats. On a quarterly basis, the SVP, Chief Privacy Officer, presents to the Audit Committee on the Company’s cybersecurity compliance and risk management practices. These presentations address, among other things, the results of audits and reviews of our security information systems and other cybersecurity measures, the current threat environment and cybersecurity trends and best practices. As applicable, these quarterly presentations also include reports of cybersecurity incidents affecting our information systems along with updates on the status of prior cybersecurity incidents and applicable remediation efforts. The Audit Committee discusses the adequacy and efficacy of the controls and shares the information with the Board as part of its risk oversight function. Outside of quarterly presentations, the Audit Committee is informed of incidents that in senior leadership’s discretion require more immediate Audit Committee attention.
To date, the Company has not, to its knowledge, experienced any cybersecurity threats or previous cybersecurity incidents, that have materially affected or are reasonably likely to materially affect the Company, including its business strategy, results of operations, or financial condition. In the last three years, the Company has not experienced any material cybersecurity incidents and we have not incurred material expenses from cybersecurity incidents (including penalties and settlements, of which there were none). However, we can give no assurance that we have detected or protected against all cybersecurity incidents or cybersecurity threats. Please refer to “Item 1A, Risk Factors— Risks Related to Information Technology and Data Security” in this Annual Report for additional information about risks related to cybersecurity matters.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|The Company has multi-layer processes to assess, identify and manage material risks from cybersecurity threats. These processes are integrated into the Company’s enterprise risk management as part of its overall risk management strategy.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
The Board of Directors is kept apprised of material risks from cybersecurity threats through the Audit Committee. The Audit Committee is responsible for overseeing threats to the Company, including those involving cyber threats, and reviewing the Company’s protocols and procedures to mitigate those threats. On a quarterly basis, the SVP, Chief Privacy Officer, presents to the Audit Committee on the Company’s cybersecurity compliance and risk management practices. These presentations address, among other things, the results of audits and reviews of our security information systems and other cybersecurity measures, the current threat environment and cybersecurity trends and best practices. As applicable, these quarterly presentations also include reports of cybersecurity incidents affecting our information systems along with updates on the status of prior cybersecurity incidents and applicable remediation efforts. The Audit Committee discusses the adequacy and efficacy of the controls and shares the information with the Board as part of its risk oversight function. Outside of quarterly presentations, the Audit Committee is informed of incidents that in senior leadership’s discretion require more immediate Audit Committee attention.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Audit Committee
|Cybersecurity Risk Role of Management [Text Block]
|
A cross-functional team of senior leadership assesses potential material risks to the business and the Company’s ability to meet strategic priorities, including risks from cybersecurity threats. The Company’s senior leadership receives updates from relevant functional heads or other subject matter specialists on these potential material risks as well as the processes or other steps being taken to manage or mitigate the risks. The team includes senior leaders in areas of importance to Company priorities, including the Company’s Chief Privacy Officer, who is also our Senior Vice President of Information Technology and the Chief Legal Officer. The Company’s senior leadership assesses and prioritizes risk based on impact to shareholders, operations, and strategic priorities, among other factors.
The Chief Privacy Officer oversees the Company’s information security program and is responsible for the day-to-day information risk management activities through the internal information security team, and outside resources. The SVP, Chief Privacy Officer, who has over 30 years of IT and IT security experience, 21 of which are at the Company, employs a team of information technology experts, including a dedicated Cyber Security Analyst. The VP, Chief Privacy Officer and the Cyber Security Analyst are further supported by other members of the IT department.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|Chief Privacy Officer, who is also our Senior Vice President of Information Technology and the Chief Legal Officer
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|The SVP, Chief Privacy Officer, who has over 30 years of IT and IT security experience, 21 of which are at the Company, employs a team of information technology experts, including a dedicated Cyber Security Analyst. The VP, Chief Privacy Officer and the Cyber Security Analyst are further supported by other members of the IT department.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|
The Board of Directors is kept apprised of material risks from cybersecurity threats through the Audit Committee. The Audit Committee is responsible for overseeing threats to the Company, including those involving cyber threats, and reviewing the Company’s protocols and procedures to mitigate those threats. On a quarterly basis, the SVP, Chief Privacy Officer, presents to the Audit Committee on the Company’s cybersecurity compliance and risk management practices. These presentations address, among other things, the results of audits and reviews of our security information systems and other cybersecurity measures, the current threat environment and cybersecurity trends and best practices. As applicable, these quarterly presentations also include reports of cybersecurity incidents affecting our information systems along with updates on the status of prior cybersecurity incidents and applicable remediation efforts. The Audit Committee discusses the adequacy and efficacy of the controls and shares the information with the Board as part of its risk oversight function. Outside of quarterly presentations, the Audit Committee is informed of incidents that in senior leadership’s discretion require more immediate Audit Committee attention.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef