|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 29, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
The Company’s Board of Directors (the “Board”) recognizes the critical importance of maintaining the trust and confidence of our customers, clients, business partners and employees. The Board is actively involved in oversight of the Company’s risk management program, and cybersecurity represents an important component of the Company’s overall approach to enterprise risk management. In general, the Company seeks to address cybersecurity risks through a comprehensive and cross-functional approach that is focused on preserving the confidentiality, security and availability of the information that the Company collects and stores by identifying, preventing and mitigating cybersecurity threats and effectively responding to cybersecurity incidents when they occur. Our enterprise security program has been developed based on industry standards, including those published by the International Organization for Standardization (ISO) and the National Institute of Standards and Technology (“NIST”).
Governance - The Board has designated that the Risk Management Committee is responsible for overseeing cybersecurity risks, and our Senior Vice President of Information Technology and Supply Chain Management (“SVP of IT & SCM”) reports to the Risk Management Committee on cybersecurity matters. The SVP of IT & SCM has over 20 years of experience in IT systems, IT infrastructure, fab and manufacturing environments, and site disaster recovery and compliance. Our IT administration team supports the SVP of IT & SCM and has deep working knowledge of the NIST cybersecurity framework, the Cybersecurity Maturity Model Certification (CMMC) program, ISO 27001, and extensive experience in systems and technology infrastructure management. In addition, our Director of Corporate Security reports to our Chief Risk and Compliance Officer and is involved in the ongoing compliance with relevant cybersecurity regulations, including with regard to cybersecurity monitoring and incident response (as noted below). The Director of Corporate Security has over 20 years of experience in quality systems, semiconductor manufacturing, and industrial security.
Risk Assessment - Our enterprise risk assessment is performed by executives, management, and functional and department-level subject matter experts. This group engages in the ongoing monitoring of identified risks to the Company and risk mitigation efforts. Our enterprise risk management process captures the potential impact and likelihood of cybersecurity risk events by evaluating our current cybersecurity risk environment and our existing cybersecurity controls. Risks identified by our cybersecurity program are analyzed to determine the potential impact on us and the likelihood of occurrence. Such risks are continuously monitored to ensure that the circumstances and severity of such risks have not changed. The SVP of IT & SCM, senior leadership, and our internal audit function provide both the full Board and the Risk Management Committee with periodic updates on the performance of our cybersecurity program.
Monitoring and Incident Response - The Company’s cybersecurity program protects against threats through use of the following measures: identifying critical assets and high-risk threats; implementing cybersecurity detection, controls and remediation practices; implementing a third-party risk management program to evaluate our critical partners’ cyber posture; and evaluating our program effectiveness by performing internal and external assessments. The Company engages a third-party service provider to perform annual internal and external penetration testing under NIST special paper (SP) 800-171 requirements to identify potential gaps that require remediation. In addition, the Company utilizes several industry-standard software applications to monitor for cybersecurity threats and alert our Director of Corporate Security and IT administration of any incidents that require escalation to the SVP of IT & SCM and the Risk Management Committee. Threats and incidents identified are immediately investigated by the IT administration team and appropriate action is taken to mitigate the impact to the Company.Education and Awareness - We conduct regular workforce training to instruct employees to identify cybersecurity concerns and take the appropriate action. We install and regularly update antivirus software on all company managed systems and workstations to detect and prevent malicious code from impacting our systems. In addition, we have a product security team focused on integrating risk and security best practices into our product development life cycle. Periodically, we are audited by an independent information systems expert to determine both the adequacy of, and compliance with, controls and standards.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|The Board is actively involved in oversight of the Company’s risk management program, and cybersecurity represents an important component of the Company’s overall approach to enterprise risk management. In general, the Company seeks to address cybersecurity risks through a comprehensive and cross-functional approach that is focused on preserving the confidentiality, security and availability of the information that the Company collects and stores by identifying, preventing and mitigating cybersecurity threats and effectively responding to cybersecurity incidents when they occur. Our enterprise security program has been developed based on industry standards, including those published by the International Organization for Standardization (ISO) and the National Institute of Standards and Technology (“NIST”).
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|The Board is actively involved in oversight of the Company’s risk management program, and cybersecurity represents an important component of the Company’s overall approach to enterprise risk management.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Board has designated that the Risk Management Committee is responsible for overseeing cybersecurity risks, and our Senior Vice President of Information Technology and Supply Chain Management (“SVP of IT & SCM”) reports to the Risk Management Committee on cybersecurity matters.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Our enterprise risk assessment is performed by executives, management, and functional and department-level subject matter experts. This group engages in the ongoing monitoring of identified risks to the Company and risk mitigation efforts. Our enterprise risk management process captures the potential impact and likelihood of cybersecurity risk events by evaluating our current cybersecurity risk environment and our existing cybersecurity controls. Risks identified by our cybersecurity program are analyzed to determine the potential impact on us and the likelihood of occurrence. Such risks are continuously monitored to ensure that the circumstances and severity of such risks have not changed. The SVP of IT & SCM, senior leadership, and our internal audit function provide both the full Board and the Risk Management Committee with periodic updates on the performance of our cybersecurity program.
|Cybersecurity Risk Role of Management [Text Block]
|Our enterprise risk assessment is performed by executives, management, and functional and department-level subject matter experts. This group engages in the ongoing monitoring of identified risks to the Company and risk mitigation efforts. Our enterprise risk management process captures the potential impact and likelihood of cybersecurity risk events by evaluating our current cybersecurity risk environment and our existing cybersecurity controls. Risks identified by our cybersecurity program are analyzed to determine the potential impact on us and the likelihood of occurrence. Such risks are continuously monitored to ensure that the circumstances and severity of such risks have not changed. The SVP of IT & SCM, senior leadership, and our internal audit function provide both the full Board and the Risk Management Committee with periodic updates on the performance of our cybersecurity program.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|The Board has designated that the Risk Management Committee is responsible for overseeing cybersecurity risks, and our Senior Vice President of Information Technology and Supply Chain Management (“SVP of IT & SCM”) reports to the Risk Management Committee on cybersecurity matters. The SVP of IT & SCM has over 20 years of experience in IT systems, IT infrastructure, fab and manufacturing environments, and site disaster recovery and compliance. Our IT administration team supports the SVP of IT & SCM and has deep working knowledge of the NIST cybersecurity framework, the Cybersecurity Maturity Model Certification (CMMC) program, ISO 27001, and extensive experience in systems and technology infrastructure management. In addition, our Director of Corporate Security reports to our Chief Risk and Compliance Officer and is involved in the ongoing compliance with relevant cybersecurity regulations, including with regard to cybersecurity monitoring and incident response (as noted below).
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|The SVP of IT & SCM has over 20 years of experience in IT systems, IT infrastructure, fab and manufacturing environments, and site disaster recovery and compliance. Our IT administration team supports the SVP of IT & SCM and has deep working knowledge of the NIST cybersecurity framework, the Cybersecurity Maturity Model Certification (CMMC) program, ISO 27001, and extensive experience in systems and technology infrastructure management. In addition, our Director of Corporate Security reports to our Chief Risk and Compliance Officer and is involved in the ongoing compliance with relevant cybersecurity regulations, including with regard to cybersecurity monitoring and incident response (as noted below). The Director of Corporate Security has over 20 years of experience in quality systems, semiconductor manufacturing, and industrial security.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|Our enterprise risk assessment is performed by executives, management, and functional and department-level subject matter experts. This group engages in the ongoing monitoring of identified risks to the Company and risk mitigation efforts. Our enterprise risk management process captures the potential impact and likelihood of cybersecurity risk events by evaluating our current cybersecurity risk environment and our existing cybersecurity controls. Risks identified by our cybersecurity program are analyzed to determine the potential impact on us and the likelihood of occurrence. Such risks are continuously monitored to ensure that the circumstances and severity of such risks have not changed. The SVP of IT & SCM, senior leadership, and our internal audit function provide both the full Board and the Risk Management Committee with periodic updates on the performance of our cybersecurity program. The Company engages a third-party service provider to perform annual internal and external penetration testing under NIST special paper (SP) 800-171 requirements to identify potential gaps that require remediation. In addition, the Company utilizes several industry-standard software applications to monitor for cybersecurity threats and alert our Director of Corporate Security and IT administration of any incidents that require escalation to the SVP of IT & SCM and the Risk Management Committee. Threats and incidents identified are immediately investigated by the IT administration team and appropriate action is taken to mitigate the impact to the Company.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef