|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Our policies, practices, and standards for addressing material risks associated with cybersecurity are integrated into our overall risk management and are based on industry standards including the National Institute of Standards and Technology ("NIST") which aligns the prevention techniques, identification, protection, detection, response, and recovery related to an incident. These controls are tested by our information security organization and by independent third parties. We actively engage with industry groups for awareness of best practices and our third-party providers for industry benchmarking of critical areas within our cybersecurity posture.
Our organization-wide information security program focuses on implementing effective and efficient controls, technologies, and other processes to help protect, identify, assess, manage and mitigate material cybersecurity threats and incidents. These processes include, among other things, regular testing of these controls through table-top exercises, penetration and vulnerability testing, auditing of our information security by an independent third-party auditor, ongoing security awareness training for employees and other educational programs, and continuous monitoring of our cybersecurity posture. We also employ numerous tools including, but not limited to, segregated layers of controls for access to our systems and security tools that help identify, isolate, remediate, and recover from identified vulnerabilities and security incidents in a timely manner. Our cybersecurity posture is managed by both our information security organization and through partnerships with industry recognized cybersecurity firms.We have also created, and tested through incident response drills, the Freshpet Incident Response Plan and Playbook, which together set forth policy-level directives as well as specific guidelines for implementation, that describe our process for responding in the event of certain defined cyber incidents. These protocols (i) define the roles and responsibilities of participants, relationships to other Company policies and procedures, and reporting requirements needed during an incident, (ii) provide a framework by which our Incident Response Team ("IRT") shall determine the scope and risk of an incident, respond appropriately to that incident, and inform the Board and others depending upon the nature and severity of the incident, and (iii) reduce the likelihood of a similar incident from reoccurring following identification of such an incident.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|Our policies, practices, and standards for addressing material risks associated with cybersecurity are integrated into our overall risk management and are based on industry standards including the National Institute of Standards and Technology ("NIST") which aligns the prevention techniques, identification, protection, detection, response, and recovery related to an incident. These controls are tested by our information security organization and by independent third parties. We actively engage with industry groups for awareness of best practices and our third-party providers for industry benchmarking of critical areas within our cybersecurity posture.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Our CIO and other members of the information security organization routinely engage with our CFO regarding cyber risk management activities and provide updates and data, as needed, to other members of our executive team to facilitate decisions regarding security matters. No less than twice per year, and more frequently as appropriate, our CFO and CIO also provide updates regarding our cybersecurity risk management strategy and related activities to the Audit Committee of our Board of Directors, and provide other information as needed to facilitate the committee's oversight of our cybersecurity risk. Additionally, some of our Board members have completed specialized director training on cybersecurity risk.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|No less than twice per year, and more frequently as appropriate, our CFO and CIO also provide updates regarding our cybersecurity risk management strategy and related activities to the Audit Committee of our Board of Directors, and provide other information as needed to facilitate the committee's oversight of our cybersecurity risk. Additionally, some of our Board members have completed specialized director training on cybersecurity risk.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|No less than twice per year, and more frequently as appropriate, our CFO and CIO also provide updates regarding our cybersecurity risk management strategy and related activities to the Audit Committee of our Board of Directors, and provide other information as needed to facilitate the committee's oversight of our cybersecurity risk. Additionally, some of our Board members have completed specialized director training on cybersecurity risk.
|Cybersecurity Risk Role of Management [Text Block]
|
Our organization-wide information security program focuses on implementing effective and efficient controls, technologies, and other processes to help protect, identify, assess, manage and mitigate material cybersecurity threats and incidents. These processes include, among other things, regular testing of these controls through table-top exercises, penetration and vulnerability testing, auditing of our information security by an independent third-party auditor, ongoing security awareness training for employees and other educational programs, and continuous monitoring of our cybersecurity posture. We also employ numerous tools including, but not limited to, segregated layers of controls for access to our systems and security tools that help identify, isolate, remediate, and recover from identified vulnerabilities and security incidents in a timely manner. Our cybersecurity posture is managed by both our information security organization and through partnerships with industry recognized cybersecurity firms.
We have also created, and tested through incident response drills, the Freshpet Incident Response Plan and Playbook, which together set forth policy-level directives as well as specific guidelines for implementation, that describe our process for responding in the event of certain defined cyber incidents. These protocols (i) define the roles and responsibilities of participants, relationships to other Company policies and procedures, and reporting requirements needed during an incident, (ii) provide a framework by which our Incident Response Team ("IRT") shall determine the scope and risk of an incident, respond appropriately to that incident, and inform the Board and others depending upon the nature and severity of the incident, and (iii) reduce the likelihood of a similar incident from reoccurring following identification of such an incident.
Our CIO and other members of the information security organization routinely engage with our CFO regarding cyber risk management activities and provide updates and data, as needed, to other members of our executive team to facilitate decisions regarding security matters. No less than twice per year, and more frequently as appropriate, our CFO and CIO also provide updates regarding our cybersecurity risk management strategy and related activities to the Audit Committee of our Board of Directors, and provide other information as needed to facilitate the committee's oversight of our cybersecurity risk. Additionally, some of our Board members have completed specialized director training on cybersecurity risk.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|
Our information security organization, led by our Chief Information Officer (our "CIO") who reports to our Chief Financial Officer (our "CFO"), is comprised of both I.T. security leadership and dedicated cybersecurity staff.The information security organization, collectively, has extensive technology security and program management experience including cybersecurity professional certifications such as Certified Information Systems Security Professional ("CISSP"), advanced degrees in Information Assurance, and numerous years' experience assessing and managing cybersecurity risk within the Department of Defense and other public companies. Our CIO has over 25 years of technology experience, including leading information governance, I.T. security, and cybersecurity teams and initiatives across both publicly traded companies and global organizations.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Our CIO has over 25 years of technology experience, including leading information governance, I.T. security, and cybersecurity teams and initiatives across both publicly traded companies and global organizations.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|
Our CIO and other members of the information security organization routinely engage with our CFO regarding cyber risk management activities and provide updates and data, as needed, to other members of our executive team to facilitate decisions regarding security matters. No less than twice per year, and more frequently as appropriate, our CFO and CIO also provide updates regarding our cybersecurity risk management strategy and related activities to the Audit Committee of our Board of Directors, and provide other information as needed to facilitate the committee's oversight of our cybersecurity risk. Additionally, some of our Board members have completed specialized director training on cybersecurity risk.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef