|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Feb. 02, 2025
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
The Company monitors its information systems to assess, identify, and manage risks and assess cybersecurity threats. The Company’s cybersecurity program and related process for identifying and assessing material risks from cybersecurity threats operate alongside the Company’s broader overall risk assessment process. The Company monitors risks through active (e.g., penetration tests and vulnerability scans) and passive (e.g., end-point protection) methods and addresses system alerts. The Company’s cybersecurity team investigates system alerts that may indicate the presence of a cybersecurity threat or incident and escalates information to the Company’s CISO regarding the threat or incident as necessary to address it in a timely manner.
The Company has established written policies and procedures in our cybersecurity incident response plan to ensure that significant cybersecurity incidents are investigated timely, addressed through the coordination of various internal departments, and (to the extent required by applicable law) publicly reported. If management determines a significant cybersecurity incident has occurred, the Company’s policies require management to promptly inform the board of directors.
The Company maintains an incident response plan, which sets forth processes the Company will follow to address a significant cybersecurity threat or incident. The incident response plan provides for, among other things, inter-departmental coordination and management of cybersecurity threats or incidents to quickly assess the impact, mitigate risks to information systems, and work to resolve vulnerabilities. Depending on the threat or incident, the Company may utilize third-parties for assistance in investigating and addressing cybersecurity incidents or threats.
The Company maintains procedures for screening and evaluating third-party suppliers, including those who have access to customer and employee data, prior to engaging with them. The Company assesses each such prospective supplier’s system security in light of the product or service to be provided to the Company. The security team analyzes high-value or high-risk third-party suppliers through review of system and organization controls reports, and/or interviews and surveys prior to engagement. Additionally, the Company reviews third-party suppliers on an ongoing basis post-engagement to identify any changes in their security risk profile, including the occurrence of cybersecurity events affecting such suppliers.The Company describes whether and how risks from identified cybersecurity threats have materially affected or are reasonably likely to materially affect the Company under the heading “Interruptions in the proper functioning of the Company’s and our third-party service providers’ IT systems or compromise of our or our customers’ confidential data, including from cybersecurity threats, could disrupt operations and cause unanticipated reputational harm, litigation and regulatory risk, as well as increases in costs or decreases in net sales, or both” included as part of the Company’s risk factor disclosures in Item 1A of this Annual Report on Form 10-K. During the period covered by this report, there have not been any cybersecurity threats or incidents that have materially affected, or are reasonably likely to materially affect, the Company, including its financial condition, results of operations, or business strategies.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|The Company maintains a comprehensive cybersecurity program based in-part on the National Institute of Standards and Technology’s Cybersecurity Framework. This program is integrated within the Company’s enterprise risk management program.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
The Company maintains a comprehensive cybersecurity program based in-part on the National Institute of Standards and Technology’s Cybersecurity Framework. This program is integrated within the Company’s enterprise risk management program. This program operates under the oversight of the board of directors, primarily through the audit committee. The governance structure ensures proper oversight and accountability at all levels of the organization.
Senior information technology and cybersecurity leadership meets regularly with the Company’s risk-management team, internal auditors and engages with external service providers to evaluate the effectiveness of the Company’s cybersecurity program, as well as its systems, controls, and management processes with respect to cybersecurity risks. The Company also engages third-party cybersecurity experts to assess its processes and suggest improvements, which are reviewed with the Company’s executive leadership, the board of directors and its audit committee.
The Company’s board of directors, primarily through its audit committee, oversees the Company’s cybersecurity program. The Company’s Chief Information Security Officer (“CISO”) regularly reports to the board’s audit committee on the current state of the Company’s cybersecurity program (including but not limited to, the current threat landscape, cybersecurity risks, and as needed, any significant incidents). The audit committee may provide updates to the board of directors on the substance of these reports and any recommendations for improvements that the audit committee deems appropriate. At the management level, the Company’s Chief Information Officer (the “CIO”) and Chief Financial Officer receive regular historical and real-time reports about the Company’s cybersecurity status from the Company’s cybersecurity department which is led by our CISO.
The CISO is responsible for the cybersecurity program, which includes security architecture, security operations, incident response, IT risk and compliance and security awareness and training and the CIO is responsible for IT disaster recovery. The CISO and CIO each have over 25 years of security and IT experience. The other members of the Company’s security organization also have extensive cybersecurity, business, and technology experience and hold certifications in their area of expertise.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Company’s board of directors, primarily through its audit committee, oversees the Company’s cybersecurity program.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
The Company’s board of directors, primarily through its audit committee, oversees the Company’s cybersecurity program. The Company’s Chief Information Security Officer (“CISO”) regularly reports to the board’s audit committee on the current state of the Company’s cybersecurity program (including but not limited to, the current threat landscape, cybersecurity risks, and as needed, any significant incidents). The audit committee may provide updates to the board of directors on the substance of these reports and any recommendations for improvements that the audit committee deems appropriate. At the management level, the Company’s Chief Information Officer (the “CIO”) and Chief Financial Officer receive regular historical and real-time reports about the Company’s cybersecurity status from the Company’s cybersecurity department which is led by our CISO.
|Cybersecurity Risk Role of Management [Text Block]
|
Senior information technology and cybersecurity leadership meets regularly with the Company’s risk-management team, internal auditors and engages with external service providers to evaluate the effectiveness of the Company’s cybersecurity program, as well as its systems, controls, and management processes with respect to cybersecurity risks. The Company also engages third-party cybersecurity experts to assess its processes and suggest improvements, which are reviewed with the Company’s executive leadership, the board of directors and its audit committee.
The Company’s board of directors, primarily through its audit committee, oversees the Company’s cybersecurity program. The Company’s Chief Information Security Officer (“CISO”) regularly reports to the board’s audit committee on the current state of the Company’s cybersecurity program (including but not limited to, the current threat landscape, cybersecurity risks, and as needed, any significant incidents). The audit committee may provide updates to the board of directors on the substance of these reports and any recommendations for improvements that the audit committee deems appropriate. At the management level, the Company’s Chief Information Officer (the “CIO”) and Chief Financial Officer receive regular historical and real-time reports about the Company’s cybersecurity status from the Company’s cybersecurity department which is led by our CISO.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|he Company’s Chief Information Security Officer (“CISO”) regularly reports to the board’s audit committee on the current state of the Company’s cybersecurity program (including but not limited to, the current threat landscape, cybersecurity risks, and as needed, any significant incidents). The audit committee may provide updates to the board of directors on the substance of these reports and any recommendations for improvements that the audit committee deems appropriate. At the management level, the Company’s Chief Information Officer (the “CIO”) and Chief Financial Officer receive regular historical and real-time reports about the Company’s cybersecurity status from the Company’s cybersecurity department which is led by our CISO.The CISO is responsible for the cybersecurity program, which includes security architecture, security operations, incident response, IT risk and compliance and security awareness and training and the CIO is responsible for IT disaster recovery.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|The CISO and CIO each have over 25 years of security and IT experience. The other members of the Company’s security organization also have extensive cybersecurity, business, and technology experience and hold certifications in their area of expertise.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|
The Company’s board of directors, primarily through its audit committee, oversees the Company’s cybersecurity program. The Company’s Chief Information Security Officer (“CISO”) regularly reports to the board’s audit committee on the current state of the Company’s cybersecurity program (including but not limited to, the current threat landscape, cybersecurity risks, and as needed, any significant incidents). The audit committee may provide updates to the board of directors on the substance of these reports and any recommendations for improvements that the audit committee deems appropriate. At the management level, the Company’s Chief Information Officer (the “CIO”) and Chief Financial Officer receive regular historical and real-time reports about the Company’s cybersecurity status from the Company’s cybersecurity department which is led by our CISO.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef