|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
The Company assesses, identifies, and manages cybersecurity risks using a risk management program intended to reduce risks to the Company, its employees, customers and stockholders.
Our process for identifying and assessing material risks from cybersecurity threats operates alongside our broader overall enterprise risk assessment procedures. Our cybersecurity-specific risk assessment and management procedures help identify cybersecurity threat risks. Our cybersecurity risk assessment program includes the following:
•Annual cybersecurity vulnerability and maturity assessments based on the Center for Internet Security (CIS) Critical Security Controls framework.
•Annual internal/external penetration testing conducted by a third-party offensive security vendor.
A significant cybersecurity incident may result from actions by our employees, suppliers, third-party administrators, or unknown third parties or through cyber-attacks and could affect our data framework or cause a failure to protect the personal information of our customers, suppliers or employees, or sensitive and confidential information regarding our business and
could give rise to legal liability and regulatory action under data protection and privacy laws. The Company describes whether and how risks from identified cybersecurity threats have materially affected or are reasonably likely to materially affect the Company under the heading “We rely on technology in our business and any cybersecurity incident, other technology disruption or delay in implementing new technology could negatively affect our business and our relationships with customers,” in Item 1A of this Annual Report on Form 10-K. To date, there have not been any cybersecurity threats or incidents that have materially affected, or are reasonably likely to materially affect, the Company, including its financial condition, results of operations, or business strategies.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
The Company assesses, identifies, and manages cybersecurity risks using a risk management program intended to reduce risks to the Company, its employees, customers and stockholders.
Our process for identifying and assessing material risks from cybersecurity threats operates alongside our broader overall enterprise risk assessment procedures. Our cybersecurity-specific risk assessment and management procedures help identify cybersecurity threat risks. Our cybersecurity risk assessment program includes the following:
•Annual cybersecurity vulnerability and maturity assessments based on the Center for Internet Security (CIS) Critical Security Controls framework.
•Annual internal/external penetration testing conducted by a third-party offensive security vendor.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Our Board of Directors oversees our overall risk management strategy. Our information security program is managed by our Senior Vice President of People and Technology, who has twenty-five years of experience in IT leadership across a variety of industries including manufacturing, distribution, defense, and financial services, whose team is responsible for maintaining our enterprise-wide cybersecurity strategy, policies, standards, architecture and processes. Our program is assessed both internally and externally by third parties, including our virtual Chief Information Security Officer (“vCISO”) partner. Our Senior Vice President of People and Technology provides reports at least quarterly to our Audit Committee, as well as our Disclosure Committee, which comprises senior management and key stakeholders, as appropriate. The reports provided include updates on our cyber risks and threats, and key updates to our information security systems and programs as well as the current threat environment.
We also have processes in place to stay informed of and monitor prevention, detection, mitigation, and remediation of cybersecurity risks, including:
•Any cybersecurity breach, unauthorized access, data loss, or ransomware attack must be immediately escalated to the Disclosure Committee, General Counsel, Internal Audit, and Audit Committee.
•On a quarterly basis, the Disclosure Committee, in coordination with the SVP of People and Technology, Internal Audit, and vCISO, shall assess the Company’s cybersecurity risk exposure, including potential vulnerabilities in IT systems and data security.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Our information security program is managed by our Senior Vice President of People and Technology, who has twenty-five years of experience in IT leadership across a variety of industries including manufacturing, distribution, defense, and financial services, whose team is responsible for maintaining our enterprise-wide cybersecurity strategy, policies, standards, architecture and processes.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Our Senior Vice President of People and Technology provides reports at least quarterly to our Audit Committee, as well as our Disclosure Committee, which comprises senior management and key stakeholders, as appropriate. The reports provided include updates on our cyber risks and threats, and key updates to our information security systems and programs as well as the current threat environment.
We also have processes in place to stay informed of and monitor prevention, detection, mitigation, and remediation of cybersecurity risks, including:
•Any cybersecurity breach, unauthorized access, data loss, or ransomware attack must be immediately escalated to the Disclosure Committee, General Counsel, Internal Audit, and Audit Committee.
•On a quarterly basis, the Disclosure Committee, in coordination with the SVP of People and Technology, Internal Audit, and vCISO, shall assess the Company’s cybersecurity risk exposure, including potential vulnerabilities in IT systems and data security.
|Cybersecurity Risk Role of Management [Text Block]
|Our information security program is managed by our Senior Vice President of People and Technology, who has twenty-five years of experience in IT leadership across a variety of industries including manufacturing, distribution, defense, and financial services, whose team is responsible for maintaining our enterprise-wide cybersecurity strategy, policies, standards, architecture and processes. Our program is assessed both internally and externally by third parties, including our virtual Chief Information Security Officer (“vCISO”) partner. Our Senior Vice President of People and Technology provides reports at least quarterly to our Audit Committee, as well as our Disclosure Committee, which comprises senior management and key stakeholders, as appropriate. The reports provided include updates on our cyber risks and threats, and key updates to our information security systems and programs as well as the current threat environment.
We also have processes in place to stay informed of and monitor prevention, detection, mitigation, and remediation of cybersecurity risks, including:
•Any cybersecurity breach, unauthorized access, data loss, or ransomware attack must be immediately escalated to the Disclosure Committee, General Counsel, Internal Audit, and Audit Committee.
•On a quarterly basis, the Disclosure Committee, in coordination with the SVP of People and Technology, Internal Audit, and vCISO, shall assess the Company’s cybersecurity risk exposure, including potential vulnerabilities in IT systems and data security.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|Our Senior Vice President of People and Technology provides reports at least quarterly to our Audit Committee, as well as our Disclosure Committee, which comprises senior management and key stakeholders, as appropriate. The reports provided include updates on our cyber risks and threats, and key updates to our information security systems and programs as well as the current threat environment.
We also have processes in place to stay informed of and monitor prevention, detection, mitigation, and remediation of cybersecurity risks, including:
•Any cybersecurity breach, unauthorized access, data loss, or ransomware attack must be immediately escalated to the Disclosure Committee, General Counsel, Internal Audit, and Audit Committee.
•On a quarterly basis, the Disclosure Committee, in coordination with the SVP of People and Technology, Internal Audit, and vCISO, shall assess the Company’s cybersecurity risk exposure, including potential vulnerabilities in IT systems and data security.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Our information security program is managed by our Senior Vice President of People and Technology, who has twenty-five years of experience in IT leadership across a variety of industries including manufacturing, distribution, defense, and financial services, whose team is responsible for maintaining our enterprise-wide cybersecurity strategy, policies, standards, architecture and processes.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|
Our process for identifying and assessing material risks from cybersecurity threats operates alongside our broader overall enterprise risk assessment procedures. Our cybersecurity-specific risk assessment and management procedures help identify cybersecurity threat risks. Our cybersecurity risk assessment program includes the following:
•Annual cybersecurity vulnerability and maturity assessments based on the Center for Internet Security (CIS) Critical Security Controls framework.
•Annual internal/external penetration testing conducted by a third-party offensive security vendor.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef