|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Risk management and strategy
Planet Fitness recognizes the importance of developing, implementing, and maintaining cybersecurity measures designed to safeguard our information systems and protect the confidentiality, integrity, and availability of our data.
Managing Material Risks & Integrated Risk Management
Planet Fitness has strategically integrated cybersecurity risk management into our broader risk management framework to promote a company-wide culture of cybersecurity risk management. Our risk management team works closely with our information technology (“IT”) department to evaluate and address cybersecurity risks in alignment with our business objectives and operational needs. These risks are captured and prioritized in a risk register.
Engaging Third-parties on Risk Management
Recognizing the complexity and evolving nature of cybersecurity threats, Planet Fitness engages with a range of external experts, including cybersecurity assessors, consultants, legal advisors and auditors in evaluating and testing our risk management systems. Our collaboration with these third-parties includes regular audits, threat assessments, and consultation on security enhancements.
Oversee Third-party Risk
Because we are aware of the risks associated with third-party service providers, Planet Fitness implements processes to oversee and manage these risks. We conduct security assessments of third-party providers before engagement and maintain ongoing monitoring to oversee compliance with our cybersecurity standards.
Monitor Cybersecurity Incidents
The Vice President of IT Security and Sr. Director of Security implement and oversees processes for the monitoring of our information systems. This includes the deployment of security measures and system audits to identify potential vulnerabilities. In the event of a cybersecurity incident, we have implemented an incident response plan, which includes actions to mitigate the impact and long-term strategies for remediation and prevention of future incidents.
Risks from Cybersecurity Threats
As of the date of this report, we have not experienced a cybersecurity incident that resulted in a material effect on our business strategy, results of operations, or financial condition, but we cannot provide assurance that we will not be materially affected in the future by such risks or any future material incidents. For more information, see Item 1A. Risk Factors.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
Managing Material Risks & Integrated Risk Management
Planet Fitness has strategically integrated cybersecurity risk management into our broader risk management framework to promote a company-wide culture of cybersecurity risk management. Our risk management team works closely with our information technology (“IT”) department to evaluate and address cybersecurity risks in alignment with our business objectives and operational needs. These risks are captured and prioritized in a risk register.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
The Board of Directors emphasizes and supports the management of risks associated with cybersecurity threats. The Board maintains a collaborative relationship with IT leadership to promote effective governance in managing risks associated with cybersecurity threats because we recognize the significance of these threats to our operational integrity and stakeholder confidence.
Board of Directors OversightThe Audit Committee is central to the Board’s oversight of cybersecurity risks and bears the primary responsibility for this domain. The Audit Committee is composed of board members with diverse expertise including, risk management, technology, and finance.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Audit Committee is central to the Board’s oversight of cybersecurity risks and bears the primary responsibility for this domain. The Audit Committee is composed of board members with diverse expertise including, risk management, technology, and finance.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
The Vice President of IT Security and the Chief Information Officer (“CIO”) play a pivotal role in informing the Audit Committee on cybersecurity risks. These individuals have over two decades of professional experience in various roles across multiple industries involving managing information security, developing cybersecurity strategy, implementing effective information and cybersecurity programs and managing multiple industry and regulatory compliance environments. Both individuals previously held positions similar to their current roles at other large publicly traded organizations, including global retail e-commerce and mobile-commerce brands. They provide comprehensive briefings to the Audit Committee on a regular basis, with a minimum frequency of once per year. These briefings encompass a broad range of topics, including:
• Current cybersecurity landscape and emerging threats;
•Status of ongoing cybersecurity initiatives and strategies;
•Incident reports and learnings from any cybersecurity events; and
•Compliance with regulatory requirements and industry standards.In addition to our scheduled meetings, the Audit Committee, CIO and CEO maintain an ongoing dialogue regarding emerging or potential cybersecurity risks. The Audit Committee conducts a review at least annually of our cybersecurity posture and the effectiveness of our risk management strategies. This review helps in identifying areas for improvement and ensuring the alignment of cybersecurity efforts with the overall risk management framework.
|Cybersecurity Risk Role of Management [Text Block]
|
Management’s Role Managing Risk
The Vice President of IT Security and the Chief Information Officer (“CIO”) play a pivotal role in informing the Audit Committee on cybersecurity risks. These individuals have over two decades of professional experience in various roles across multiple industries involving managing information security, developing cybersecurity strategy, implementing effective information and cybersecurity programs and managing multiple industry and regulatory compliance environments. Both individuals previously held positions similar to their current roles at other large publicly traded organizations, including global retail e-commerce and mobile-commerce brands. They provide comprehensive briefings to the Audit Committee on a regular basis, with a minimum frequency of once per year. These briefings encompass a broad range of topics, including:
• Current cybersecurity landscape and emerging threats;
•Status of ongoing cybersecurity initiatives and strategies;
•Incident reports and learnings from any cybersecurity events; and
•Compliance with regulatory requirements and industry standards.
In addition to our scheduled meetings, the Audit Committee, CIO and CEO maintain an ongoing dialogue regarding emerging or potential cybersecurity risks. The Audit Committee conducts a review at least annually of our cybersecurity posture and the effectiveness of our risk management strategies. This review helps in identifying areas for improvement and ensuring the alignment of cybersecurity efforts with the overall risk management framework.
Reporting to Board of Directors
The Vice President of IT Security, in his capacity, regularly informs the CIO, Chief Financial Officer (“CFO”) and other executive team leaders of aspects related to cybersecurity risks and incidents. Furthermore, significant cybersecurity matters, and strategic risk management decisions are escalated to the Board of Directors where appropriate.
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|The Vice President of IT Security and the Chief Information Officer (“CIO”) play a pivotal role in informing the Audit Committee on cybersecurity risks.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|These individuals have over two decades of professional experience in various roles across multiple industries involving managing information security, developing cybersecurity strategy, implementing effective information and cybersecurity programs and managing multiple industry and regulatory compliance environments. Both individuals previously held positions similar to their current roles at other large publicly traded organizations, including global retail e-commerce and mobile-commerce brands.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|
The Vice President of IT Security and the Chief Information Officer (“CIO”) play a pivotal role in informing the Audit Committee on cybersecurity risks. These individuals have over two decades of professional experience in various roles across multiple industries involving managing information security, developing cybersecurity strategy, implementing effective information and cybersecurity programs and managing multiple industry and regulatory compliance environments. Both individuals previously held positions similar to their current roles at other large publicly traded organizations, including global retail e-commerce and mobile-commerce brands. They provide comprehensive briefings to the Audit Committee on a regular basis, with a minimum frequency of once per year. These briefings encompass a broad range of topics, including:
• Current cybersecurity landscape and emerging threats;
•Status of ongoing cybersecurity initiatives and strategies;
•Incident reports and learnings from any cybersecurity events; and
•Compliance with regulatory requirements and industry standards.
In addition to our scheduled meetings, the Audit Committee, CIO and CEO maintain an ongoing dialogue regarding emerging or potential cybersecurity risks. The Audit Committee conducts a review at least annually of our cybersecurity posture and the effectiveness of our risk management strategies. This review helps in identifying areas for improvement and ensuring the alignment of cybersecurity efforts with the overall risk management framework.
Reporting to Board of Directors
The Vice President of IT Security, in his capacity, regularly informs the CIO, Chief Financial Officer (“CFO”) and other executive team leaders of aspects related to cybersecurity risks and incidents. Furthermore, significant cybersecurity matters, and strategic risk management decisions are escalated to the Board of Directors where appropriate.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef