|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Risk Management and Strategy
GF’s cybersecurity strategy focuses on implementing effective and efficient controls, technologies, and other processes to assess, identify, and manage material cybersecurity risks. We maintain a comprehensive process for assessing, identifying and managing material risks from cybersecurity threats, including risks relating to disruption of business operations or financial reporting systems, intellectual property theft; fraud; extortion; harm to employees or customers; violation of privacy laws and other litigation and legal risk; and reputational risk, as part of our overall risk management system and processes. We carry insurance that provides protection against the potential losses arising from a cybersecurity incident.
GF maintains a comprehensive, company-wide commitment and program to engage every employee to safeguard and protect our and our customers’ intellectual property and products. The program integrates information security, product security, operational security and cybersecurity into a comprehensive program that covers all phases of the customer experience. Annually, we conduct comprehensive security training for all employees, as well as more focused role-specific training for employees whose job roles require an enhanced level of security awareness and control as well as data and government product security. The program leverages and embraces GF’s experience as a Trusted Foundry and supplier of advanced semiconductors to the U.S. government and the aerospace and defense industry, as well as GF’s experience as a certified international Common Criteria standard (ISO 15408, CC Version 3.1) manufacturer, and adopts many of those stringent security capabilities to all GF locations and customers. We also work with outside consultants and external legal counsel to support our program in assessing, identifying and managing material risks from, and internal controls and processes relating to, cybersecurity threats, and ensuring compliance with all applicable related laws, regulations and rules (including notice, disclosure and remediation requirements).
As part of our security programs, we have mechanisms to detect and monitor unusual network activity and other cybersecurity threats, along with containment and incident response tools. We monitor issues that are internally discovered or externally reported that may affect our products and have processes to assess those issues for potential cybersecurity impact or risk. Our dedicated cybersecurity team continually monitor cybersecurity threats to GF, and any incidents or potential incidents are flagged in our systems and escalated in accordance with our cybersecurity incident response policies and procedures. Our cybersecurity team receives regular reports on any incidents and potential incidents, with anything requiring further escalation to be reported to our Chief Executive Officer and Chief Legal Officer. We also have processes in place to manage cybersecurity risks associated with our third-party service providers , including our suppliers, vendors and other partners, as well as our outside consultants, legal counsel and auditors who help us with our cybersecurity risk management and strategy processes. We impose security requirements upon our suppliers, including maintaining an effective security management program, abiding by information handling and asset management requirements, and notifying us in the event of any known or suspect cyber incident. Although we continue to make significant investments in cybersecurity and data security, as well as other efforts to combat breach and misuse of our systems and unauthorized access to our and our customers’ data by third parties, there can be no assurance that we will be able to mitigate all risks of cyberattacks or data security breaches.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
GF’s cybersecurity strategy focuses on implementing effective and efficient controls, technologies, and other processes to assess, identify, and manage material cybersecurity risks. We maintain a comprehensive process for assessing, identifying and managing material risks from cybersecurity threats, including risks relating to disruption of business operations or financial reporting systems, intellectual property theft; fraud; extortion; harm to employees or customers; violation of privacy laws and other litigation and legal risk; and reputational risk, as part of our overall risk management system and processes. We carry insurance that provides protection against the potential losses arising from a cybersecurity incident.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
The governance structure for GF’s comprehensive information protection and overall cybersecurity program includes frequent reviews with GF’s senior leadership team, at least quarterly reviews by our Audit Committee and annual reviews by the Board. These reviews include alignment on our comprehensive information security and cybersecurity strategy, risk management, and execution to program plans. As part of our cybersecurity and information protection program, GF’s Chief Information Security Officer (“CISO”) executes, enforces and maintains GF’s global information and cybersecurity strategy, policies and procedures. In addition, GF maintains a global IT security policy detailing acceptable use of GF information resources. Our CISO reports to our Chief Information Officer (“CIO”), who reports to our COO. Our CISO and CIO have extensive experience assessing and managing cybersecurity programs and cybersecurity risk. Prior to joining GF, our CISO served in similar positions at GE Renewable Energy since 2017. Our CIO has more than two decades of experience in enterprise-wide technology transformations and digital thought leadership. Prior to joining GF, our CIO served in senior management positions leading corporate information and compliance processes and strategies.
In consultation with the Audit Committee, GF has adopted a framework for making and reporting cybersecurity materiality determinations. The materiality assessment framework has been incorporated into our overall global crisis management process and utilizes the NIST FIPS 199 Framework, in combination with other factors noted in the Commission’s cybersecurity rule-making process.
We employ certain third-party service providers for us and our affiliates worldwide with whom we need to share highly sensitive and confidential information to enable them to provide the relevant services. Some of our third-party service providers have experienced cyberattacks of which we have been made aware.
We cannot provide assurance that our business strategy, results of operations and financial conditions will not be materially affected in the future by cybersecurity threats, including as a result of previous cybersecurity incidents, and any future material incidents.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The governance structure for GF’s comprehensive information protection and overall cybersecurity program includes frequent reviews with GF’s senior leadership team, at least quarterly reviews by our Audit Committee and annual reviews by the Board.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The governance structure for GF’s comprehensive information protection and overall cybersecurity program includes frequent reviews with GF’s senior leadership team, at least quarterly reviews by our Audit Committee and annual reviews by the Board. These reviews include alignment on our comprehensive information security and cybersecurity strategy, risk management, and execution to program plans.
|Cybersecurity Risk Role of Management [Text Block]
|
The governance structure for GF’s comprehensive information protection and overall cybersecurity program includes frequent reviews with GF’s senior leadership team, at least quarterly reviews by our Audit Committee and annual reviews by the Board. These reviews include alignment on our comprehensive information security and cybersecurity strategy, risk management, and execution to program plans. As part of our cybersecurity and information protection program, GF’s Chief Information Security Officer (“CISO”) executes, enforces and maintains GF’s global information and cybersecurity strategy, policies and procedures. In addition, GF maintains a global IT security policy detailing acceptable use of GF information resources. Our CISO reports to our Chief Information Officer (“CIO”), who reports to our COO. Our CISO and CIO have extensive experience assessing and managing cybersecurity programs and cybersecurity risk. Prior to joining GF, our CISO served in similar positions at GE Renewable Energy since 2017. Our CIO has more than two decades of experience in enterprise-wide technology transformations and digital thought leadership. Prior to joining GF, our CIO served in senior management positions leading corporate information and compliance processes and strategies.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|These reviews include alignment on our comprehensive information security and cybersecurity strategy, risk management, and execution to program plans. As part of our cybersecurity and information protection program, GF’s Chief Information Security Officer (“CISO”) executes, enforces and maintains GF’s global information and cybersecurity strategy, policies and procedures. In addition, GF maintains a global IT security policy detailing acceptable use of GF information resources. Our CISO reports to our Chief Information Officer (“CIO”), who reports to our COO
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Prior to joining GF, our CISO served in similar positions at GE Renewable Energy since 2017. Our CIO has more than two decades of experience in enterprise-wide technology transformations and digital thought leadership. Prior to joining GF, our CIO served in senior management positions leading corporate information and compliance processes and strategies.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|Our CISO reports to our Chief Information Officer (“CIO”), who reports to our COO. Our CISO and CIO have extensive experience assessing and managing cybersecurity programs and cybersecurity risk.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef