XML 72 R41.htm IDEA: XBRL DOCUMENT v3.25.0.1
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] We embrace a “defense in depth” approach to assess, identify, and manage cybersecurity threats. A defense in depth approach seeks to implement multiple layers of defenses in order to help reduce the risk that a single process or control failure might result in a material incident. We utilize a risk management framework to assess, manage, and report on material risks and threats. In light of the importance of cybersecurity matters, we have developed as part of this framework a risk domain specific to cybersecurity matters, including specifying applicable risk tolerances and metrics. The Executive Vice President, Chief Information Officer (CIO), who has served in information technology leadership roles with the Company since 2007 and has over 20 years of experience with matters related to cybersecurity, including as an executive leader and consultant, and Executive Vice President, Enterprise Risk Management (EVP, ERM), who has served in risk management leadership roles for the Company since 2015, have oversight over information technology and enterprise risk management matters, respectively, and receive monthly reports on cyber-related metrics and activities from their teams. In addition, we have implemented escalation procedures and protocols, including an incident response team that includes key members of management such as the CIO and EVP, ERM, to manage and coordinate responses to potentially significant cybersecurity incidents. Third party vendors are utilized to help validate our security posture and controls, and we have developed a third party vendor management program to assess and monitor risks arising from third party vendor systems.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block] We embrace a “defense in depth” approach to assess, identify, and manage cybersecurity threats. A defense in depth approach seeks to implement multiple layers of defenses in order to help reduce the risk that a single process or control failure might result in a material incident. We utilize a risk management framework to assess, manage, and report on material risks and threats. In light of the importance of cybersecurity matters, we have developed as part of this framework a risk domain specific to cybersecurity matters, including specifying applicable risk tolerances and metrics.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block] The Risk Management Committee of our Board of Directors has responsibility for oversight of the design, implementation, and operation of our enterprise risk management framework, including review and approval of risk management policies and review of our monitoring of risk, the effectiveness of its risk management processes, and material changes in risk. As part of this enterprise risk management oversight, our management team, including the EVP ERM and his team, provides quarterly reporting on our cybersecurity risk domain to the Risk Management Committee. The Risk Management Committee in turn reports on significant enterprise risk management issues to the full Board.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] The Risk Management Committee of our Board of Directors has responsibility for oversight of the design, implementation, and operation of our enterprise risk management framework, including review and approval of risk management policies and review of our monitoring of risk, the effectiveness of its risk management processes, and material changes in risk. As part of this enterprise risk management oversight, our management team, including the EVP ERM and his team, provides quarterly reporting on our cybersecurity risk domain to the Risk Management Committee.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] The Risk Management Committee of our Board of Directors has responsibility for oversight of the design, implementation, and operation of our enterprise risk management framework, including review and approval of risk management policies and review of our monitoring of risk, the effectiveness of its risk management processes, and material changes in risk. As part of this enterprise risk management oversight, our management team, including the EVP ERM and his team, provides quarterly reporting on our cybersecurity risk domain to the Risk Management Committee. The Risk Management Committee in turn reports on significant enterprise risk management issues to the full Board.
Cybersecurity Risk Role of Management [Text Block] The Executive Vice President, Chief Information Officer (CIO), who has served in information technology leadership roles with the Company since 2007 and has over 20 years of experience with matters related to cybersecurity, including as an executive leader and consultant, and Executive Vice President, Enterprise Risk Management (EVP, ERM), who has served in risk management leadership roles for the Company since 2015, have oversight over information technology and enterprise risk management matters, respectively, and receive monthly reports on cyber-related metrics and activities from their teams. In addition, we have implemented escalation procedures and protocols, including an incident response team that includes key members of management such as the CIO and EVP, ERM, to manage and coordinate responses to potentially significant cybersecurity incidents.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] The Executive Vice President, Chief Information Officer (CIO), who has served in information technology leadership roles with the Company since 2007 and has over 20 years of experience with matters related to cybersecurity, including as an executive leader and consultant, and Executive Vice President, Enterprise Risk Management (EVP, ERM), who has served in risk management leadership roles for the Company since 2015, have oversight over information technology and enterprise risk management matters, respectively, and receive monthly reports on cyber-related metrics and activities from their teams.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] The Executive Vice President, Chief Information Officer (CIO), who has served in information technology leadership roles with the Company since 2007 and has over 20 years of experience with matters related to cybersecurity, including as an executive leader and consultant, and Executive Vice President, Enterprise Risk Management (EVP, ERM), who has served in risk management leadership roles for the Company since 2015, have oversight over information technology and enterprise risk management matters, respectively, and receive monthly reports on cyber-related metrics and activities from their teams.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] The Risk Management Committee in turn reports on significant enterprise risk management issues to the full Board.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true