|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
We have implemented and maintain various information security processes designed to identify, assess and manage material risks from cybersecurity threats. Our risk management strategy begins with identifying areas of risk through risk assessment and an annual review of our practices and policies against the National Institute of Standards and Technology, or NIST, Cybersecurity Framework. This framework encompasses six major focus areas and 106 subcategories. The results of each assessment are thoroughly analyzed to strengthen our security posture and maintain a comprehensive cybersecurity program.
In connection with these focus areas, we have implemented a variety of technical, physical and administrative controls to proactively prevent, detect and mitigate cybersecurity threats. These measures are designed to limit the impact of potential breaches by employing advanced logging and monitoring, robust access controls, multifactor authentication, firewalls, anti-malware and antivirus solutions, endpoint detection and response systems, network inspection tools, intrusion prevention mechanisms, content filtering and comprehensive patch and vulnerability management. Endpoints are routinely reviewed and scanned, with our Information Technology team addressing any identified issues to ensure ongoing protection.
We also engage external vendors to conduct external vulnerability scanning and assess our policies and practices. To safeguard critical systems, we maintain encrypted, immutable backups and conduct regular testing to confirm their confidentiality, integrity and availability. These efforts are reinforced by routine disaster recovery tabletop exercises and restore testing, ensuring that our organization is prepared for any potential disruptions. In addition to our internal cybersecurity capabilities, we also periodically engage assessors, consultants, auditors and other third parties to provide consultation and advice to assist with assessing, identifying and managing cybersecurity risks. For instance, we engage third-party consultants to perform annual walkthroughs and design testing of information technology, or IT, general controls on behalf of our Internal Audit team, as well as to test IT control effectiveness throughout the year.
We have developed processes to identify and manage cybersecurity risks from our service providers. We assess our operators and managers through due diligence surveys, interviews and risk evaluations. We take cybersecurity and data privacy considerations into account when we source, select and engage with our third-party service providers. Moreover, we document our third-party vendors and suppliers in a centralized registry and review their cybersecurity practices through diligence meetings and SOC2 report evaluations for security, availability of data, processing integrity, confidentiality and privacy controls. These measures help ensure that our partners adhere to best practices and maintain safeguards for our data. We also employ systems and processes designed to oversee, identify and reduce the potential impact of a security incident at a third-party vendor, service provider or otherwise implicating the third-party technology and systems we use. Lastly, we maintain cybersecurity insurance providing coverage for certain costs related to cybersecurity-related incidents that impact our cybersecurity and information technology infrastructure.
As of December 31, 2024, we are not aware of any cybersecurity threats or incidents that have materially affected us; however, there can be no guarantee that we will not be the subject of future attacks, threats or incidents that may have a material impact on our business strategy, results of operations or financial condition. Additional information on cybersecurity risks we face can be found in Part I, Item 1A, Risk Factors, of this Annual Report on Form 10-K under the heading “A breach of, or failure in, information technology systems on which we rely could materially and adversely impact us,” which should be read in conjunction with the foregoing information.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
We have implemented and maintain various information security processes designed to identify, assess and manage material risks from cybersecurity threats. Our risk management strategy begins with identifying areas of risk through risk assessment and an annual review of our practices and policies against the National Institute of Standards and Technology, or NIST, Cybersecurity Framework. This framework encompasses six major focus areas and 106 subcategories. The results of each assessment are thoroughly analyzed to strengthen our security posture and maintain a comprehensive cybersecurity program.
In connection with these focus areas, we have implemented a variety of technical, physical and administrative controls to proactively prevent, detect and mitigate cybersecurity threats. These measures are designed to limit the impact of potential breaches by employing advanced logging and monitoring, robust access controls, multifactor authentication, firewalls, anti-malware and antivirus solutions, endpoint detection and response systems, network inspection tools, intrusion prevention mechanisms, content filtering and comprehensive patch and vulnerability management. Endpoints are routinely reviewed and scanned, with our Information Technology team addressing any identified issues to ensure ongoing protection.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|Our board has the ultimate oversight of cybersecurity risk, which it manages through our enterprise risk management program.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Our board has delegated primary responsibility of overseeing cybersecurity risks to the Audit Committee.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Audit Committee's responsibilities include reviewing cybersecurity strategies with management, assessing processes and controls pertaining to the management of our information technology operations and their effectiveness and making sure that management's response to potential cybersecurity incidents is timely and effective. At least annually, the Audit Committee reviews with the management team our cybersecurity risk exposures and the steps that management has taken to monitor and control such exposures. This review may cover a variety of relevant topics, potentially including recent developments, evolving standards, vulnerability assessments, third-party and independent reviews, the threat environment, technological trends and information security considerations related to our operators, managers and other third-party partners. The scope and focus of each review are determined based on current priorities and emerging issues in cybersecurity. In addition, we engage third-party consultants to test our IT control effectiveness throughout the year, and any known exceptions and test results are communicated to management and the Audit Committee on a quarterly basis.
|Cybersecurity Risk Role of Management [Text Block]
|
Reporting to the Chief Operating Officer, our Vice President of Information Technology, who has extensive cybersecurity knowledge and skills from over 16 years of relevant work experience at our company and elsewhere, leads our Information Technology team, which is responsible for developing and implementing our information security program across our business. The Information Technology team comprises individuals with relevant educational and technical experience, including a dedicated IT Systems & Security Administrator. It works closely with the Legal department to oversee compliance and regulatory and contractual security requirements. Our Chief Operating Officer leads the Cybersecurity Incident Management Team, a cross-functional team that comprises Internal Audit, Legal, Information Technology, Risk Management and Accounting leaders. These individuals meet regularly and receive reports of, and monitor, the prevention, mitigation, detection and remediation of cybersecurity incidents. Our Chief Operating Officer is also responsible for reporting on cybersecurity and information technology to the Audit Committee.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|Reporting to the Chief Operating Officer, our Vice President of Information Technology, who has extensive cybersecurity knowledge and skills from over 16 years of relevant work experience at our company and elsewhere, leads our Information Technology team, which is responsible for developing and implementing our information security program across our business. The Information Technology team comprises individuals with relevant educational and technical experience, including a dedicated IT Systems & Security Administrator. It works closely with the Legal department to oversee compliance and regulatory and contractual security requirements. Our Chief Operating Officer leads the Cybersecurity Incident Management Team, a cross-functional team that comprises Internal Audit, Legal, Information Technology, Risk Management and Accounting leaders.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Reporting to the Chief Operating Officer, our Vice President of Information Technology, who has extensive cybersecurity knowledge and skills from over 16 years of relevant work experience at our company and elsewhere, leads our Information Technology team, which is responsible for developing and implementing our information security program across our business. The Information Technology team comprises individuals with relevant educational and technical experience, including a dedicated IT Systems & Security Administrator.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|Our Chief Operating Officer leads the Cybersecurity Incident Management Team, a cross-functional team that comprises Internal Audit, Legal, Information Technology, Risk Management and Accounting leaders. These individuals meet regularly and receive reports of, and monitor, the prevention, mitigation, detection and remediation of cybersecurity incidents.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef