|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Loma Negra has processes in place to assess, identify and manage material risks arising from cybersecurity threats, which have been integrated into its overall risk management programs. We consider cybersecurity incidents a critical risk. Executive management works with our Information Security Team to periodically review our cybersecurity situation and IT-related security risks, as well as our ability and plans to mitigate and respond to cybersecurity risks.
We have two specialized Information Security teams, comprised of internal staff and external consultants: the Vulnerability Management and Pentesting Team, and the Monitoring and Event Management Team.
The Vulnerability Management and Pentesting Team is in charge of identifying and mitigating potential risks in our systems through penetration testing and proactive vulnerability management, while the Monitoring and Event Management Team is dedicated to detecting and responding to any deviations or unusual behavior of our systems that may indicate an intrusion or security threat.
Both teams report to the Information Security Leader and work closely together to ensure a comprehensive defense of our systems.
Managing security risks associated with third parties (customers and suppliers) is a priority to ensure the protection of our assets and the confidentiality of sensitive data. To this end, we implement a process of evaluation and monitoring of our suppliers, and we have a policy for hiring technology suppliers, which requires the participation and approval of the Information Security Leader and the Compliance Leader for all new hires.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|Loma Negra has processes in place to assess, identify and manage material risks arising from cybersecurity threats, which have been integrated into its overall risk management programs.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Our board of directors assumes a central role in strategic oversight, supported by specialized committees for specific risk supervision. We highlight the independence of our Information Security team, which reports directly to the CEO and operates independently from IT Management. This structure ensures impartial and effective risk management, which is crucial to our operational integrity and the confidence of our stakeholders.
Although we do not have a dedicated cybersecurity committee, this critical area is under the direct supervision of our Internal Audit, Risk and SOX Manager. This manager, in turn, reports to both the Audit Committee and the Risk Committee. Both committees meet quarterly to review and discuss information security issues, ensuring continuous and specialized oversight.
Our cybersecurity oversight strategy is based on industry-leading frameworks such as the National Institute of Standards and Technology (NIST) guidelines and the Center for Internet Security (CIS), complemented by external audits performed by specialized consulting firms. These frameworks enhance our ability to proactively identify vulnerabilities and manage incidents effectively, aligning our practices with international security standards.
Loma Negra developed a Cybersecurity Incident Response Plan that provides a structured and organized framework for the effective management of cybersecurity incidents. This plan seeks to ensure efficient containment of the attack, eradication of the threat, and operational recovery. In addition, we have a Communication Plan that stipulates the immediate notification of any high or critical risk incident to the relevant committees, ensuring a rapid and coordinated response. In the process of strengthening our digital defenses, we are implementing Microsoft 365 security tools. This significant technology upgrade enhances our capabilities in advanced threat protection, identity and access management, as well as incident analysis and response. This advancement, along with our proactive approach to adopting cybersecurity controls, underscores our continued investment in the security of our infrastructure and data.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Our board of directors assumes a central role in strategic oversight, supported by specialized committees for specific risk supervision.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|We highlight the independence of our Information Security team, which reports directly to the CEO and operates independently from IT Management.
|Cybersecurity Risk Role of Management [Text Block]
|Although we do not have a dedicated cybersecurity committee, this critical area is under the direct supervision of our Internal Audit, Risk and SOX Manager.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|Both committees meet quarterly to review and discuss information security issues, ensuring continuous and specialized oversight.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Our cybersecurity oversight strategy is based on industry-leading frameworks such as the National Institute of Standards and Technology (NIST) guidelines and the Center for Internet Security (CIS), complemented by external audits performed by specialized consulting firms. T
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|Both committees meet quarterly to review and discuss information security issues, ensuring continuous and specialized oversight.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef