|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Jan. 31, 2025
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Risk Management and Strategy
We have implemented and maintain policies and processes for assessing, identifying and managing material risk from cybersecurity threats based on industry standard frameworks and the results of our System and Organization Controls 2 (SOC 2), Type II, Cloud Security Alliance STAR, HIPAA, International Organization for Standardization (ISO) 27001, ISO 27017, ISO 27018 and PCI DSS audits conducted by independent third-party auditors. These policies and processes have been integrated into our overall risk management program which includes:
Risk Assessments
We conduct periodic technical risk assessments to identify potential cybersecurity threats and material changes in our business practices that may affect information systems that are vulnerable to such cybersecurity threats. These risk assessments include an evaluation of reasonably foreseeable internal and external risks, the likelihood and potential impact that could result from such risks, as well as an evaluation of the effectiveness of existing policies, procedures, systems and safeguards in place to manage such risks. In addition to the security audits conducted by independent third-party auditors, we also leverage internal audits, tabletop exercises, blue team exercises, simulations and other exercises to evaluate the effectiveness of our information security program and improve our security measures and planning. Further, we employ a range of third-party tools, safeguards and services, including firewalls, vulnerability management, Security Information & Event Management (SIEM), data loss prevention, email security, network and endpoint protection and penetration testing as part of the risk assessment process. The results of these assessments are reported to the audit committee of the board of directors.
Technical Safeguards
Based on our risk assessments, we define, implement and maintain safeguards designed to minimize identified risks, develop reasonable risk mitigation plans to address any identified gaps in existing safeguards and regularly monitor risk remediation efforts and the effectiveness of our safeguards. Our technical safeguards include firewalls, intrusion prevention and detection systems, anti-malware tools, multi factor authentication, mobile data management, data loss prevention,
email security and access controls. These technical safeguards are evaluated and improved through regular vulnerability assessments and security threat intelligence.
Incident Management and Recovery
We have implemented a security incident management process designed to quickly minimize and contain the impact of an incident on the business, restore normal service operations and maintain service quality and availability levels. The security incident response process involves cross-functional coordination to identify, investigate, respond, contain and remediate the impact of any cybersecurity threats and incidents. Our security incident management process is also designed to allow us to evaluate potential legal obligations and mitigate any brand or other damages from incidents. In addition, we maintain cybersecurity insurance, however, the costs related to cybersecurity threats or disruptions may not be fully insured.
Third-Party Risk Management
We use third-party service providers to perform a variety of functions throughout our business, such as application providers and hosting companies. We have a vendor management program to manage cybersecurity risks associated with our use of these providers. The program includes risk assessments for each vendor, security questionnaires and review of security reports. Depending on the nature of the services provided, the sensitivity of the information systems and data at issue and the identity of the provider, our vendor management process may involve different levels of assessment designed to help identify cybersecurity risks associated with a provider and impose contractual obligations related to cybersecurity on the provider.
Training and AwarenessWe conduct a variety of information security and privacy trainings, which include new hire training, annual security awareness training, organization-wide communications about known threats and phishing simulations.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|We have implemented and maintain policies and processes for assessing, identifying and managing material risk from cybersecurity threats based on industry standard frameworks and the results of our System and Organization Controls 2 (SOC 2), Type II, Cloud Security Alliance STAR, HIPAA, International Organization for Standardization (ISO) 27001, ISO 27017, ISO 27018 and PCI DSS audits conducted by independent third-party auditors. These policies and processes have been integrated into our overall risk management program
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Our board of directors oversees our management of cybersecurity risk through delegation to our audit committee. The audit committee provides strategic oversight of management’s cybersecurity risk management practices and receives regular and ad hoc reporting from management and our Chief Information Security Officer, including information about the prevention, detection, mitigation and remediation of material cybersecurity incidents, if any. Additionally, we leverage the cybersecurity experience of other members of our board of directors who participate in these updates from time to time. The audit committee regularly updates the board of directors regarding these matters.
Our cybersecurity risk management team is comprised of a team of technically skilled professionals with computer science degrees, cybersecurity credentials and professional experience in preventing, detecting, mitigating and remediating cybersecurity incidents and testing cybersecurity processes under the leadership of our Chief Information Security Officer. This team is responsible for assessing and managing cybersecurity threats on a full-time basis and, as of the first quarter of fiscal 2025, reports into our Chief Information Officer. The team works in close coordination with the Chief Financial Officer and Chief Legal Officer. Our Chief Information Security Officer has over two decades of experience in cybersecurity, information security, information technology and cloud services. He is currently a Certified Chief Information Security Officer, as certified by EC-Council. Additionally, he holds an engineering degree in computer science from Sri Jayachamarajendra College of Engineering, Mysore University and a master of business administration degree in technology management from the University of California, Davis.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Our board of directors oversees our management of cybersecurity risk through delegation to our audit committee. The audit committee provides strategic oversight of management’s cybersecurity risk management practices and receives regular and ad hoc reporting from management and our Chief Information Security Officer, including information about the prevention, detection, mitigation and remediation of material cybersecurity incidents, if any. Additionally, we leverage the cybersecurity experience of other members of our board of directors who participate in these updates from time to time. The audit committee regularly updates the board of directors regarding these matters.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
Our board of directors oversees our management of cybersecurity risk through delegation to our audit committee. The audit committee provides strategic oversight of management’s cybersecurity risk management practices and receives regular and ad hoc reporting from management and our Chief Information Security Officer, including information about the prevention, detection, mitigation and remediation of material cybersecurity incidents, if any. Additionally, we leverage the cybersecurity experience of other members of our board of directors who participate in these updates from time to time. The audit committee regularly updates the board of directors regarding these matters.Our cybersecurity risk management team is comprised of a team of technically skilled professionals with computer science degrees, cybersecurity credentials and professional experience in preventing, detecting, mitigating and remediating cybersecurity incidents and testing cybersecurity processes under the leadership of our Chief Information Security Officer.
|Cybersecurity Risk Role of Management [Text Block]
|Our cybersecurity risk management team is comprised of a team of technically skilled professionals with computer science degrees, cybersecurity credentials and professional experience in preventing, detecting, mitigating and remediating cybersecurity incidents and testing cybersecurity processes under the leadership of our Chief Information Security Officer.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|The audit committee provides strategic oversight of management’s cybersecurity risk management practices and receives regular and ad hoc reporting from management and our Chief Information Security Officer, including information about the prevention, detection, mitigation and remediation of material cybersecurity incidents, if any.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Our Chief Information Security Officer has over two decades of experience in cybersecurity, information security, information technology and cloud services.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|
We conduct periodic technical risk assessments to identify potential cybersecurity threats and material changes in our business practices that may affect information systems that are vulnerable to such cybersecurity threats. These risk assessments include an evaluation of reasonably foreseeable internal and external risks, the likelihood and potential impact that could result from such risks, as well as an evaluation of the effectiveness of existing policies, procedures, systems and safeguards in place to manage such risks. In addition to the security audits conducted by independent third-party auditors, we also leverage internal audits, tabletop exercises, blue team exercises, simulations and other exercises to evaluate the effectiveness of our information security program and improve our security measures and planning. Further, we employ a range of third-party tools, safeguards and services, including firewalls, vulnerability management, Security Information & Event Management (SIEM), data loss prevention, email security, network and endpoint protection and penetration testing as part of the risk assessment process. The results of these assessments are reported to the audit committee of the board of directors.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef