|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 28, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Assessing, identifying and managing data security, privacy and cybersecurity related risks are integrated into our overall enterprise risk management ("ERM") process, which considers all strategic, operational, compliance and financial risks across the organization. Our ERM process is conducted on an annual basis by our internal audit team through feedback from senior management, certain functional leaders and certain members of the Board. Risks are categorized as low, medium and high risks based on a quantitative and qualitative evaluation of how each risk could impact the Company's operations, current objectives and long-term strategies. Each high risk is assigned to a member of senior management as the risk owner and the Board or a Board Committee for oversight, with the risk owner developing a risk mitigation plan that is tracked to completion. Low and medium risks are subject to various levels of internal monitoring. The annual risk assessment is reviewed with the Audit and Risk Committee of the Board and the Board.Under the direction of our information technology department, we have implemented policies and controls in line with the requirements of the International Organization for Standardization and have assessed our cybersecurity maturity levels against the National Institute of Standards and Technology framework to set appropriate standards and guidelines. We monitor and remediate threats through our managed detection and response, and our vulnerability management programs. We provide regular employee communications and mandatory training, periodically review our incident response and breach notification plan, and leverage third-party expertise for testing, assessments and improvements. We have an onboarding and periodic security review process of all third-party vendors who have or will have access to our confidential information. We also have established business continuity disaster recovery plans that are designed to limit downtime and data loss in the event of a security breach.
As we have increased our remote workforce in recent years, the Audit and Risk Committee and management have focused on enhancing the security of remote access with trusted devices, endpoint security controls and infrastructure resiliency. As part of this process, we enhanced our security incident response procedures to address risks specific to remote working conditions. We continue to monitor and take reasonable actions intended to improve our security posture with process improvement, testing, simulation training and investments where necessary and appropriate for us.
We have a written incident response plan that is implemented by our cybersecurity incident response team, comprised of members of our information security, legal, human resources, finance and communications teams, and whose function is to respond to any such incident, define and seek to control the extent of the incident, assess and take reasonable actions intended to remediate any damage caused, and implement measures designed to prevent future reoccurrences. The materiality of any cybersecurity incident is evaluated by senior management, including the legal and finance departments, and, in certain circumstances by our third-party advisors. We periodically perform simulations (referred to as tabletop exercises) at a management level with external resources and advisors.We face a number of cybersecurity risks in connection with our business. Although such risks have not materially affected us, including our results of operations or financial condition, in fiscal 2024 and recent years, we have, from time to time, experienced threats to and attempted breaches of our data and systems, including malware and computer virus attacks. In the future, we may not be successful in preventing or mitigating a cybersecurity incident that could ultimately have a material adverse effect on our business, operations and financial performance. We carry cyber risk insurance that we believe provides protection against a breach or other data security incident, but such insurance may not be sufficient, and any related insurance proceeds may not be timely paid to us
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|Assessing, identifying and managing data security, privacy and cybersecurity related risks are integrated into our overall enterprise risk management ("ERM") process, which considers all strategic, operational, compliance and financial risks across the organization.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|Our Audit and Risk Committee is responsible for the oversight of data security, privacy and cybersecurity related risks. Our Chief Information Officer ("CIO") has a PGDip in Computer Science, an MBA, a Master of Mathematics and over 20 years of experience in senior leadership information technology and cybersecurity oversight roles, including within the retail industry. Our CIO reports to our Chief Operations Officer who also has decades of information technology experience, including with retailers such as Walmart, Inc., Family Dollar Stores, Inc. and Gap, Inc. Under the direction of our information technology department, we have implemented policies and controls in line with the requirements of the International Organization for Standardization and have assessed our cybersecurity maturity levels against the National Institute of Standards and Technology framework to set appropriate standards and guidelines. We monitor and remediate threats through our managed detection and response, and our vulnerability management programs. We provide regular employee communications and mandatory training, periodically review our incident response and breach notification plan, and leverage third-party expertise for testing, assessments and improvements. We have an onboarding and periodic security review process of all third-party vendors who have or will have access to our confidential information. We also have established business continuity disaster recovery plans that are designed to limit downtime and data loss in the event of a security breach.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Audit and Risk Committee
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The annual risk assessment is reviewed with the Audit and Risk Committee of the Board and the Board.
|Cybersecurity Risk Role of Management [Text Block]
|Our ERM process is conducted on an annual basis by our internal audit team through feedback from senior management, certain functional leaders and certain members of the Board. Risks are categorized as low, medium and high risks based on a quantitative and qualitative evaluation of how each risk could impact the Company's operations, current objectives and long-term strategies. Each high risk is assigned to a member of senior management as the risk owner and the Board or a Board Committee for oversight, with the risk owner developing a risk mitigation plan that is tracked to completion. Low and medium risks are subject to various levels of internal monitoring. The annual risk assessment is reviewed with the Audit and Risk Committee of the Board and the Board.
Our Audit and Risk Committee is responsible for the oversight of data security, privacy and cybersecurity related risks. Our Chief Information Officer ("CIO") has a PGDip in Computer Science, an MBA, a Master of Mathematics and over 20 years of experience in senior leadership information technology and cybersecurity oversight roles, including within the retail industry. Our CIO reports to our Chief Operations Officer who also has decades of information technology experience, including with retailers such as Walmart, Inc., Family Dollar Stores, Inc. and Gap, Inc. Under the direction of our information technology department, we have implemented policies and controls in line with the requirements of the International Organization for Standardization and have assessed our cybersecurity maturity levels against the National Institute of Standards and Technology framework to set appropriate standards and guidelines. We monitor and remediate threats through our managed detection and response, and our vulnerability management programs. We provide regular employee communications and mandatory training, periodically review our incident response and breach notification plan, and leverage third-party expertise for testing, assessments and improvements. We have an onboarding and periodic security review process of all third-party vendors who have or will have access to our confidential information. We also have established business continuity disaster recovery plans that are designed to limit downtime and data loss in the event of a security breach.
As we have increased our remote workforce in recent years, the Audit and Risk Committee and management have focused on enhancing the security of remote access with trusted devices, endpoint security controls and infrastructure resiliency. As part of this process, we enhanced our security incident response procedures to address risks specific to remote working conditions. We continue to monitor and take reasonable actions intended to improve our security posture with process improvement, testing, simulation training and investments where necessary and appropriate for us.
We have a written incident response plan that is implemented by our cybersecurity incident response team, comprised of members of our information security, legal, human resources, finance and communications teams, and whose function is to respond to any such incident, define and seek to control the extent of the incident, assess and take reasonable actions intended to remediate any damage caused, and implement measures designed to prevent future reoccurrences. The materiality of any cybersecurity incident is evaluated by senior management, including the legal and finance departments, and, in certain circumstances by our third-party advisors. We periodically perform simulations (referred to as tabletop exercises) at a management level with external resources and advisors.We face a number of cybersecurity risks in connection with our business. Although such risks have not materially affected us, including our results of operations or financial condition, in fiscal 2024 and recent years, we have, from time to time, experienced threats to and attempted breaches of our data and systems, including malware and computer virus attacks. In the future, we may not be successful in preventing or mitigating a cybersecurity incident that could ultimately have a material adverse effect on our business, operations and financial performance. We carry cyber risk insurance that we believe provides protection against a breach or other data security incident, but such insurance may not be sufficient, and any related insurance proceeds may not be timely paid to us. For more information about the cybersecurity risks we face,
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|Our Audit and Risk Committee is responsible for the oversight of data security, privacy and cybersecurity related risks. Our Chief Information Officer ("CIO") has a PGDip in Computer Science, an MBA, a Master of Mathematics and over 20 years of experience in senior leadership information technology and cybersecurity oversight roles, including within the retail industry. Our CIO reports to our Chief Operations Officer who also has decades of information technology experience, including with retailers such as Walmart, Inc., Family Dollar Stores, Inc. and Gap, Inc.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Our Chief Information Officer ("CIO") has a PGDip in Computer Science, an MBA, a Master of Mathematics and over 20 years of experience in senior leadership information technology and cybersecurity oversight roles, including within the retail industry. Our CIO reports to our Chief Operations Officer who also has decades of information technology experience, including with retailers such as Walmart, Inc., Family Dollar Stores, Inc. and Gap, Inc.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|The annual risk assessment is reviewed with the Audit and Risk Committee of the Board and the Board.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef