|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 28, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Risk Management and Strategy
The Company’s cybersecurity program is designed to ensure our technology environment is operating and maintained in accordance with best practices, utilizing the International Organization for Standardization framework as a key component of its approach to risk management. To identify, assess, and manage cybersecurity threat risks, the Company:
•maintains a 24-hour cybersecurity team to continuously monitor its technology systems and emerging threat types and to respond to identified vulnerabilities;
•deploys a variety of defenses, including automatic blocking of potential cybersecurity threats;
•utilizes third-party system scanning tools, cybersecurity threat intelligence reports as well as cybersecurity threat reports from its business partners, each of which assists our monitoring efforts;
•utilizes a scoring system to prioritize non-urgent mitigation activities;
•completes annual third-party testing, the results of which are discussed with the Company’s Audit Committee, and periodic third-party table-top exercises and gap assessments;
•maintains a mandatory internal educational program for employees, including phishing simulations, required courses at the time of hire, and microlearning courses throughout the year, to ensure continual awareness of new and emerging threats;
•has adopted information technology policies applicable to its employees, including the Company’s Acceptable Use Policy, Dual Use Device Policy, Information Security Policy, Password Policy and Security Incident Response Plan (“SIRP”).
The Company conducts reputational analysis and security reviews for certain of its vendors to manage cybersecurity threats from the use of third-party services.We continue to make investments to enhance the protection of our information technology systems and our business from cybersecurity incidents, including maintaining a cybersecurity insurance policy. For a discussion of whether and how any risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations or financial condition,
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
The Company’s cybersecurity program is designed to ensure our technology environment is operating and maintained in accordance with best practices, utilizing the International Organization for Standardization framework as a key component of its approach to risk management. To identify, assess, and manage cybersecurity threat risks, the Company:
•maintains a 24-hour cybersecurity team to continuously monitor its technology systems and emerging threat types and to respond to identified vulnerabilities;
•deploys a variety of defenses, including automatic blocking of potential cybersecurity threats;
•utilizes third-party system scanning tools, cybersecurity threat intelligence reports as well as cybersecurity threat reports from its business partners, each of which assists our monitoring efforts;
•utilizes a scoring system to prioritize non-urgent mitigation activities;
•completes annual third-party testing, the results of which are discussed with the Company’s Audit Committee, and periodic third-party table-top exercises and gap assessments;
•maintains a mandatory internal educational program for employees, including phishing simulations, required courses at the time of hire, and microlearning courses throughout the year, to ensure continual awareness of new and emerging threats;
•has adopted information technology policies applicable to its employees, including the Company’s Acceptable Use Policy, Dual Use Device Policy, Information Security Policy, Password Policy and Security Incident Response Plan (“SIRP”).
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Governance
Our Board, with the assistance of its audit committee (“Audit Committee”), oversees the Company’s cybersecurity programs and strategies. At least annually, the Board receives a report on the Company’s information technology strategy, including cybersecurity measures, from our Chief Information Officer (“CIO”). The Audit Committee oversees the Company’s guidelines and policies with respect to risk assessment and risk management, including risk exposures related to information security, cybersecurity and data protection, and the steps management has taken to monitor and control such exposures. At least quarterly, the Audit Committee receives a report from our CIO on the Company’s cybersecurity risks and mitigation activities, including reports of any significant cybersecurity incident affecting the Company.
Assessment and management of the Company’s risks from cybersecurity threats is led by our Chief Information Security Officer (“CISO”) and our CIO to whom our CISO reports. Our CISO maintains our SIRP and manages day-to-day incident identification, assessment and management and continuously updates our CIO on such matters. Our CIO and CISO lead our overall cybersecurity risk management program, including ongoing assessments of system vulnerabilities and mitigation efforts. Our CISO or CIO escalates cybersecurity incidents to other members of the Company’s leadership, as appropriate. In addition, to ensure cybersecurity risks are considered within the Company’s ERM process, our CIO serves on our Enterprise Risk Committee which directs the ERM process.
Our CISO has over 12 years of experience assisting organizations in responding to cybersecurity incidents, serving as a chief information security officer for the past six years. He holds a Certified Information Systems Security Professional (CISSP) certification and a master’s degree in information technology management, with an emphasis on cybersecurity. He has also completed several supplemental courses on cyber incident response, including SANS 504 - Hacker Tools, Techniques, and Incident Handling.Our CIO has over 20 years of experience in cybersecurity. He founded and built Internet start-ups and Internet Service Providers, protecting them from threats, and responding to cybersecurity events. He has rebuilt and directed cybersecurity departments in global public companies for the last seven years. He is an advisory board member for various cybersecurity and technology companies and holds a B.S. in Computer Science and an MBA.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Assessment and management of the Company’s risks from cybersecurity threats is led by our Chief Information Security Officer (“CISO”) and our CIO to whom our CISO reports. Our CISO maintains our SIRP and manages day-to-day incident identification, assessment and management and continuously updates our CIO on such matters.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Assessment and management of the Company’s risks from cybersecurity threats is led by our Chief Information Security Officer (“CISO”) and our CIO to whom our CISO reports. Our CISO maintains our SIRP and manages day-to-day incident identification, assessment and management and continuously updates our CIO on such matters. Our CIO and CISO lead our overall cybersecurity risk management program, including ongoing assessments of system vulnerabilities and mitigation efforts. Our CISO or CIO escalates cybersecurity incidents to other members of the Company’s leadership, as appropriate. In addition, to ensure cybersecurity risks are considered within the Company’s ERM process, our CIO serves on our Enterprise Risk Committee which directs the ERM process.
|Cybersecurity Risk Role of Management [Text Block]
|
Assessment and management of the Company’s risks from cybersecurity threats is led by our Chief Information Security Officer (“CISO”) and our CIO to whom our CISO reports. Our CISO maintains our SIRP and manages day-to-day incident identification, assessment and management and continuously updates our CIO on such matters. Our CIO and CISO lead our overall cybersecurity risk management program, including ongoing assessments of system vulnerabilities and mitigation efforts. Our CISO or CIO escalates cybersecurity incidents to other members of the Company’s leadership, as appropriate. In addition, to ensure cybersecurity risks are considered within the Company’s ERM process, our CIO serves on our Enterprise Risk Committee which directs the ERM process.
Our CISO has over 12 years of experience assisting organizations in responding to cybersecurity incidents, serving as a chief information security officer for the past six years. He holds a Certified Information Systems Security Professional (CISSP) certification and a master’s degree in information technology management, with an emphasis on cybersecurity. He has also completed several supplemental courses on cyber incident response, including SANS 504 - Hacker Tools, Techniques, and Incident Handling.Our CIO has over 20 years of experience in cybersecurity. He founded and built Internet start-ups and Internet Service Providers, protecting them from threats, and responding to cybersecurity events. He has rebuilt and directed cybersecurity departments in global public companies for the last seven years. He is an advisory board member for various cybersecurity and technology companies and holds a B.S. in Computer Science and an MBA.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|
Our Board, with the assistance of its audit committee (“Audit Committee”), oversees the Company’s cybersecurity programs and strategies. At least annually, the Board receives a report on the Company’s information technology strategy, including cybersecurity measures, from our Chief Information Officer (“CIO”). The Audit Committee oversees the Company’s guidelines and policies with respect to risk assessment and risk management, including risk exposures related to information security, cybersecurity and data protection, and the steps management has taken to monitor and control such exposures. At least quarterly, the Audit Committee receives a report from our CIO on the Company’s cybersecurity risks and mitigation activities, including reports of any significant cybersecurity incident affecting the Company.Assessment and management of the Company’s risks from cybersecurity threats is led by our Chief Information Security Officer (“CISO”) and our CIO to whom our CISO reports. Our CISO maintains our SIRP and manages day-to-day incident identification, assessment and management and continuously updates our CIO on such matters. Our CIO and CISO lead our overall cybersecurity risk management program, including ongoing assessments of system vulnerabilities and mitigation efforts. Our CISO or CIO escalates cybersecurity incidents to other members of the Company’s leadership, as appropriate. In addition, to ensure cybersecurity risks are considered within the Company’s ERM process, our CIO serves on our Enterprise Risk Committee which directs the ERM process.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|
Our CISO has over 12 years of experience assisting organizations in responding to cybersecurity incidents, serving as a chief information security officer for the past six years. He holds a Certified Information Systems Security Professional (CISSP) certification and a master’s degree in information technology management, with an emphasis on cybersecurity. He has also completed several supplemental courses on cyber incident response, including SANS 504 - Hacker Tools, Techniques, and Incident Handling.Our CIO has over 20 years of experience in cybersecurity. He founded and built Internet start-ups and Internet Service Providers, protecting them from threats, and responding to cybersecurity events. He has rebuilt and directed cybersecurity departments in global public companies for the last seven years. He is an advisory board member for various cybersecurity and technology companies and holds a B.S. in Computer Science and an MBA.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|At least annually, the Board receives a report on the Company’s information technology strategy, including cybersecurity measures, from our Chief Information Officer (“CIO”). The Audit Committee oversees the Company’s guidelines and policies with respect to risk assessment and risk management, including risk exposures related to information security, cybersecurity and data protection, and the steps management has taken to monitor and control such exposures. At least quarterly, the Audit Committee receives a report from our CIO on the Company’s cybersecurity risks and mitigation activities, including reports of any significant cybersecurity incident affecting the Company.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef