|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Abstract]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|Risk Management and Strategy
We maintain a comprehensive process for assessing, identifying, registering, addressing and managing material risks associated with cybersecurity that may impact our business, including risks related to disruption of business operations, financial reporting systems or our financial statements, as well as fraud, regulatory, reputational and business continuity risks.
Nexa prioritizes the identification and management of cyber risks, focusing on adopting controls, technologies and processes that support cybersecurity, developing IT systems and infrastructure, emphasizing the confidentiality and privacy of data and information and complying with legal and regulatory requirements. Nexa’s cybersecurity risk management process includes the following:
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|Governance
Board of directors and Audit Committee
Nexa’s Board of directors has delegated direct oversight over cybersecurity matters to the Audit Committee. The Audit Committee is working with management to implement processes to: monitor cybersecurity matters; receive regular updates on cybersecurity tests, the incident response plan and the Company’s cybersecurity policies and procedures from the COSEG; ensure that management is conducting regular risk assessments; receive periodic reports related to designated cybersecurity incidents from management; establish with management an agreed upon approach for communication during a cybersecurity incident; monitor material cybersecurity developments through update calls with management and provide guidance on key decisions; review and debrief with management on post-incident remediation; monitor the content and timing of required cybersecurity disclosures, as well as the Company’s methodology and consistency in its materiality assessment used to disclose material cybersecurity incidents; ensure that the Company is in compliance with the regulations and rules related to cybersecurity, including but not limited to SEC rules; and encourage the Company to provide regular education and training to the Board, the Board committees and management on cybersecurity, consulting with outside experts when appropriate.
Management
The cybersecurity risk management processes described above are managed by the Management committee through COSEG. COSEG is the executive committee responsible for overseeing the Company’s cybersecurity strategies and policies, including but not limited to, assessing and managing Nexa’s material risks from cybersecurity threats. COSEG is composed of senior managers and executives of the Company, including the CIO and CISO. On a regular basis, the results of operational cybersecurity indicators are presented to COSEG by the CISO. Our cybersecurity management is established based on cybersecurity policies and processes, a dedicated cybersecurity budget, technological solutions, human resources, suppliers, and a departmental structure for cybersecurity. COSEG regularly reviews, tests, and updates cybersecurity processes and holds discussions on materiality determinations, ransomware attacks and cybersecurity breaches. Additionally, the Management committee monitors technological, industry, and public policy developments concerning cybersecurity risks, keeping abreast of evolving cybersecurity best practices. The Management committee considers whether engagement with external experts or law enforcement is necessary and conducts investigations to gain a comprehensive understanding of cyber breaches.
As of the date of this filing, Nexa has not identified any incidents that would be deemed material within the context of the SEC's requirements.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Nexa’s Board of directors has delegated direct oversight over cybersecurity matters to the Audit Committee.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Audit Committee is working with management to implement processes to: monitor cybersecurity matters; receive regular updates on cybersecurity tests
|Cybersecurity Risk Role of Management [Text Block]
|The cybersecurity risk management processes described above are managed by the Management committee through COSEG. COSEG is the executive committee responsible for overseeing the Company’s cybersecurity strategies and policies, including but not limited to, assessing and managing Nexa’s material risks from cybersecurity threats.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|COSEG is composed of senior managers and executives of the Company, including the CIO and CISO. On a regular basis, the results of operational cybersecurity indicators are presented to COSEG by the CISO.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|This team is responsible for creating, implementing, overseeing, and managing controls provided for specific cybersecurity policies and procedures, in addition to presenting priorities and strategies for information and cyber security. This team is overseen by a Chief Information Security Officer (“CISO”) who reports to the Cybersecurity committee (“COSEG”);
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Company to provide regular education and training to the Board, the Board committees and management on cybersecurity, consulting with outside experts when appropriate.
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef