|
Cybersecurity Risk Management Strategy And Governance
|12 Months Ended
Feb. 01, 2025
|Cybersecurity Risk Management Strategy And Governance [Line Items]
|
|Cybersecurity Risk Management Processes For Assessing Identifying And Managing Threats [Text Block]
|
We
recognize
the
importance
of
effectively
managing
cybersecurity
risk
in
protecting
our
business,
customers
and
employees,
and
we
manage
cybersecurity
risk
as
part
of
our
overall
risk
management
strategy
and
compliance
processes.
We
maintain
a
process
designed
to
identify,
assess
and
manage
material
risks
from
cybersecurity
threats,
including
risks
relating
to
theft
of
customer
data,
primarily
payment cards, disruption to
business operations or
financial reporting systems, fraud,
extortion, external
exposure
of
employee
data
and
violation
of
privacy
laws.
In
recent
years,
we
have
increased
our
investments
in
cybersecurity risk
management and
have developed
an
enterprise cybersecurity
program
designed
to
detect,
identify,
classify
and
mitigate
cybersecurity
and
other
data
security
threats.
This
program classifies potential
threats by risk
levels, and we
typically prioritize our
threat mitigation efforts
based on those risk classifications. In the event we identify a potential cybersecurity, privacy or other data
security
issue,
we
have
defined
procedures
for
responding
to
such
issues,
including
procedures
that
address
when and
how to
engage with
Company executives,
our
Board of
Directors, other
stakeholders
and law
enforcement when
responding to
such issues.
Additionally,
various aspects
of our
cybersecurity
program,
particularly
compliance
with
the
Payment
Card
Industry
standards,
are
regularly
reviewed
by
independent
third
parties.
We
also
maintain
cybersecurity
insurance,
which
we
believe
to
be
commensurate
with
our
size
and
the
nature
of
our
operations,
as
part
of
our
comprehensive
insurance
portfolio.
utilize
third-party
intrusion
detection
and
prevention
systems
and
vulnerability
and
penetration
testing to
monitor our
environment. We
also use
third-party
software to
test our
employees' responses to
suspicious emails and to
inform targeted cyber
awareness training.
Our information security and
privacy
policies
are
informed
by
regulatory
requirements
and
are
reviewed
periodically
for
compliance
and
alignment
with
current
state
and
federal
laws
and
regulations.
We
comply
with
applicable
industry
security
standards,
including the
Payment Card
Industry
Data
Security
Standard (“PCI
DSS”).
Because
we
are
aware
of
the
risks
associated
with
third-party
service
providers,
we
also
have
implemented
processes
to
oversee
and manage
these
risks.
We
conduct
security
assessments
of
third-party
providers
before
engagement
and
maintain ongoing
monitoring to
help
ensure
compliance with
our
cybersecurity
Additionally,
we maintain and
regularly review a
cybersecurity incident response
plan that
provides a
framework for
handling and
escalating cybersecurity
incidents based
on the
severity of
the incident
and
facilitates cross-functional coordination across the Company.
Through the
processes described
above,
we
did
not
identify
risks
during the
year
ended
February 1,
2025 from current or
past cybersecurity threats or cybersecurity
incidents that have materially affected
or
are
reasonably
likely
to
materially
affect
our
business
strategy,
results
of
operations,
or
financial
condition.
However,
we
face
ongoing
risks
from
certain
cybersecurity
threats
that,
if
realized,
are
reasonably likely
to
materially affect
our
business strategy,
results
of
operations, or
financial condition.
See
the
risk
factors
discussed
under
the
heading,
“Risk
Factors
—
Risks
Relating
to
Our
Information
Technology,
Related Systems and Cybersecurity” for further information.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
We
recognize
the
importance
of
effectively
managing
cybersecurity
risk
in
protecting
our
business,
customers
and
employees,
and
we
manage
cybersecurity
risk
as
part
of
our
overall
risk
management
strategy
and
compliance
processes.
We
maintain
a
process
designed
to
identify,
assess
and
manage
material
risks
from
cybersecurity
threats,
including
risks
relating
to
theft
of
customer
data,
primarily
payment cards, disruption to
business operations or
financial reporting systems, fraud,
extortion, external
exposure
of
employee
data
and
violation
of
privacy
laws.
In
recent
years,
we
have
increased
our
investments
in
cybersecurity risk
management and
have developed
an
enterprise cybersecurity
program
designed
to
detect,
identify,
classify
and
mitigate
cybersecurity
and
other
data
security
threats.
This
program classifies potential
threats by risk
levels, and we
typically prioritize our
threat mitigation efforts
based on those risk classifications. In the event we identify a potential cybersecurity, privacy or other data
security
issue,
we
have
defined
procedures
for
responding
to
such
issues,
including
procedures
that
address
when and
how to
engage with
Company executives,
our
Board of
Directors, other
stakeholders
and law
enforcement when
responding to
such issues.
Additionally,
various aspects
of our
cybersecurity
program,
particularly
compliance
with
the
Payment
Card
Industry
standards,
are
regularly
reviewed
by
independent
third
parties.
We
also
maintain
cybersecurity
insurance,
which
we
believe
to
be
commensurate
with
our
size
and
the
nature
of
our
operations,
as
part
of
our
comprehensive
insurance
portfolio.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight And Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected Or Reasonably Likely To Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Materially Affected Or Reasonably Likely To Materially Affect Registrant [Text Block]
|
Additionally,
we maintain and
regularly review a
cybersecurity incident response
plan that
provides a
framework for
handling and
escalating cybersecurity
incidents based
on the
severity of
the incident
and
facilitates cross-functional coordination across the Company.
Through the
processes described
above,
we
did
not
identify
risks
during the
year
ended
February 1,
2025 from current or
past cybersecurity threats or cybersecurity
incidents that have materially affected
or
are
reasonably
likely
to
materially
affect
our
business
strategy,
results
of
operations,
or
financial
condition.
However,
we
face
ongoing
risks
from
certain
cybersecurity
threats
that,
if
realized,
are
reasonably likely
to
materially affect
our
business strategy,
results
of
operations, or
financial condition.
See
the
risk
factors
discussed
under
the
heading,
“Risk
Factors
—
Risks
Relating
to
Our
Information
Technology,
Related Systems and Cybersecurity” for further information.
|Cybersecurity Risk Board Of Directors Oversight [Text Block]
|
Our
Board
of
Directors
recognizes
the
important
roles
that
information
security
and
mitigating
cybersecurity and other data security threats
play in our efforts
to protect and maintain the
confidentiality
and security of
customer, employee and
vendor information, as
well as non-public
information about our
Company.
Although
the
Board
as
a
whole
is
ultimately
responsible
for
the
oversight
of
our
risk
management
function,
the
Board
has
delegated
to
its
Audit
Committee
primary
responsibility
for
oversight
of
risk
assessment
and
risk
management,
including
risks
related
to
cybersecurity
and
other
technology
issues.
The
Audit
Committee
also
oversees
the
Company’s
internal
control
over
financial
reporting, including
with respect
to financial
reporting-related information
systems. The
Chief Financial
Officer (CFO) and Chief
Accounting Officer (CAO) meet regularly
with the Audit Committee and
Board
of Directors.
The
Audit
Committee
reviews
quarterly
our
cybersecurity
activities,
including
review
of
annual
external assessment
results, training
results, and
discussion of
cybersecurity risks
and resolutions,
and is
responsible
for elevating significant
matters to the
Board as events
arise.
The Audit
Committee receives
reports
from
our
Chief
Information
Officer
(CIO)
annually
regarding
our
cybersecurity
framework,
as
well as our plans to mitigate cybersecurity risks and respond to any data breaches.
From
a
management
perspective,
our
enterprise
cybersecurity
is
overseen
by
our
cybersecurity
committee, which is chaired by our CFO
and includes our CAO, CIO, Chief Information
Security Officer
(CISO),
as
well
as
key
members
of
financial
management,
information
technology
and
audit.
Our
cybersecurity infrastructure
is
overseen by
our
CISO, who
reports
to
our
CIO.
CFO
and
has
served
in
various
roles
in
information
technology
and
information
security
for
over
30
|Cybersecurity Risk Board Committee Or Subcommittee Responsible For Oversight [Text Block]
|
Our
Board
of
Directors
recognizes
the
important
roles
that
information
security
and
mitigating
cybersecurity and other data security threats
play in our efforts
to protect and maintain the
confidentiality
and security of
customer, employee and
vendor information, as
well as non-public
information about our
Company.
Although
the
Board
as
a
whole
is
ultimately
responsible
for
the
oversight
of
our
risk
management
function,
the
Board
has
delegated
to
its
Audit
Committee
primary
responsibility
for
oversight
of
risk
assessment
and
risk
management,
including
risks
related
to
cybersecurity
and
other
technology
issues.
The
Audit
Committee
also
oversees
the
Company’s
internal
control
over
financial
reporting, including
with respect
to financial
reporting-related information
systems. The
Chief Financial
Officer (CFO) and Chief
Accounting Officer (CAO) meet regularly
with the Audit Committee and
Board
of Directors.
|Cybersecurity Risk Process For Informing Board Committee Or Subcommittee Responsible For Oversight [Text Block]
|
The
Audit
Committee
reviews
quarterly
our
cybersecurity
activities,
including
review
of
annual
external assessment
results, training
results, and
discussion of
cybersecurity risks
and resolutions,
and is
responsible
for elevating significant
matters to the
Board as events
arise.
|Cybersecurity Risk Role Of Management [Text Block]
|
From
a
management
perspective,
our
enterprise
cybersecurity
is
overseen
by
our
cybersecurity
committee, which is chaired by our CFO
and includes our CAO, CIO, Chief Information
Security Officer
(CISO),
as
well
as
key
members
of
financial
management,
information
technology
and
audit.
Our
cybersecurity infrastructure
is
overseen by
our
CISO, who
reports
to
our
CIO.
|Cybersecurity Risk Management Positions Or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions Or Committees Responsible [Text Block]
|
Although
the
Board
as
a
whole
is
ultimately
responsible
for
the
oversight
of
our
risk
management
function,
the
Board
has
delegated
to
its
Audit
Committee
primary
responsibility
for
oversight
of
risk
assessment
and
risk
management,
including
risks
related
to
cybersecurity
and
other
technology
issues.
The
Audit
Committee
also
oversees
the
Company’s
internal
control
over
financial
reporting, including
with respect
to financial
reporting-related information
systems. The
Chief Financial
Officer (CFO) and Chief
Accounting Officer (CAO) meet regularly
with the Audit Committee and
Board
of Directors.
|Cybersecurity Risk Management Expertise Of Management Responsible [Text Block]
|
CFO
and
has
served
in
various
roles
in
information
technology
and
information
security
for
over
30
|Cybersecurity Risk Process For Informing Management Or Committees Responsible [Text Block]
|
The
Audit
Committee
reviews
quarterly
our
cybersecurity
activities,
including
review
of
annual
external assessment
results, training
results, and
discussion of
cybersecurity risks
and resolutions,
and is
responsible
for elevating significant
matters to the
Board as events
arise.
The Audit
Committee receives
reports
from
our
Chief
Information
Officer
(CIO)
annually
regarding
our
cybersecurity
framework,
as
well as our plans to mitigate cybersecurity risks and respond to any data breaches.
|Cybersecurity Risk Management Positions Or Committees Responsible Report To Board [Flag]
|true