|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 29, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
We deploy a cybersecurity program modelled on Center for Internet Security (CIS) Critical Security Controls, commonly referred to as CIS Controls. We believe our program’s control focus provides immediate protection and scalability for our business. Our program defines our governance and management oversight, and includes (i) continual training to enhance user vigilance and resistance to phishing attempts and cyber-attacks, (ii) evaluation of compliance with privacy and data security regulations and (iii) reporting obligations in the event of an incident. As part of our program, we partner with a security operations center for continuous monitoring and alerting across all of our information technology systems. Additionally, our Information Technology leadership meets monthly with a cyber advisor to review progress on tools, scoring and management of our cybersecurity programs.
On an annual basis, we engage an external partner to conduct a comprehensive risk assessment of our cybersecurity program, identify gaps based on best practices and recommend improvements. We have also developed vendor scoring criteria to assess cybersecurity, incidence readiness and cyber insurance of our critical vendors and service providers. Additionally, we conduct ongoing internal and external vulnerability and penetration scans. Our internal security team is led by a manager with over 40 years of experience who reports directly to our Chief Information Officer.
Security incidents or breaches have from time to time occurred and may in the future occur involving our systems, the systems of the parties with whom we communicate or collaborate (including franchisees) or the systems of third-party providers. As of the date of this Annual Report on Form 10-K, we have not experienced cybersecurity threats or incidents that have materially affected us. However, any actual or perceived breach in the security of our information technology systems or those of our franchisees or our critical vendors and service providers could lead to damage to or failure of our computer systems or network infrastructure which could cause an interruption in our operations and could have a material adverse effect on our business. Furthermore, a significant theft, loss, disclosure, modification or misappropriation of, or access to, guests’, employees’, third parties’ or other proprietary data or other breach of our information technology systems could subject us or our franchisees to litigation or to actions by regulatory authorities. See also Item 1A. “Risk Factors - Risks Related to Information Technology and Intellectual Property—Information technology system failures or breaches of our network security could interrupt our operations and have a material adverse effect on our business, financial condition and results of operations.”
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
We deploy a cybersecurity program modelled on Center for Internet Security (CIS) Critical Security Controls, commonly referred to as CIS Controls. We believe our program’s control focus provides immediate protection and scalability for our business. Our program defines our governance and management oversight, and includes (i) continual training to enhance user vigilance and resistance to phishing attempts and cyber-attacks, (ii) evaluation of compliance with privacy and data security regulations and (iii) reporting obligations in the event of an incident. As part of our program, we partner with a security operations center for continuous monitoring and alerting across all of our information technology systems. Additionally, our Information Technology leadership meets monthly with a cyber advisor to review progress on tools, scoring and management of our cybersecurity programs.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|The Audit Committee of our Board is tasked with oversight of certain risk issues, including cybersecurity.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Audit Committee of our Board is tasked with oversight of certain risk issues, including cybersecurity.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Audit Committee briefs the full Board of Directors on these matters as a part of its reports of its meetings.
|Cybersecurity Risk Role of Management [Text Block]
|The Audit Committee of our Board is tasked with oversight of certain risk issues, including cybersecurity. The Audit Committee receives reports on cybersecurity at least twice annually from the Company’s Chief Information Officer, who has over 25 years of experience in the management of information technology systems and cybersecurity. These reports cover trends vulnerability management, cybersecurity posture, risk assessment findings, incident responses and updates on technology initiatives. The Audit Committee briefs the full Board of Directors on these matters as a part of its reports of its meetings.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|The Audit Committee of our Board is tasked with oversight of certain risk issues, including cybersecurity. The Audit Committee receives reports on cybersecurity at least twice annually from the Company’s Chief Information Officer, who has over 25 years of experience in the management of information technology systems and cybersecurity. These reports cover trends vulnerability management, cybersecurity posture, risk assessment findings, incident responses and updates on technology initiatives. The Audit Committee briefs the full Board of Directors on these matters as a part of its reports of its meetings.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|The Audit Committee receives reports on cybersecurity at least twice annually from the Company’s Chief Information Officer, who has over 25 years of experience in the management of information technology systems and cybersecurity.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|he Audit Committee receives reports on cybersecurity at least twice annually from the Company’s Chief Information Officer, who has over 25 years of experience in the management of information technology systems and cybersecurity. These reports cover trends vulnerability management, cybersecurity posture, risk assessment findings, incident responses and updates on technology initiatives.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef