|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Cybersecurity Risk Management.
We have established policies and processes for assessing, identifying, and managing material risk from cybersecurity threats, which includes risks that arise from our use of AI, and as described further below, have integrated these processes into our overall risk management systems and processes. Our board of directors performs meaningful oversight of these cybersecurity risk management processes, and our management team is responsible for the day-to-day management of the material risks we face.
Management roles in cybersecurity risk management.
We have several committees and individual management positions responsible for assessing, identifying, and managing the material cybersecurity risks that we face.
Enterprise Risk Management Committee.
Our Enterprise Risk Management Committee performs a central function in the assessment and management of our important business risks overall. Our Enterprise Risk Management Committee is comprised of members of our executive leadership. The committee meets periodically to review risk-related topics, including updates on cybersecurity risks and incidents, cybersecurity policy changes, and certain cybersecurity investment recommendations. The diverse skills and experience relevant to cybersecurity risk management possessed by the senior management and executive positions on this committee contribute to our effective management of such
risks. The Enterprise Risk Management Committee is informed about and monitors the prevention, detection, mitigation and remediation of cybersecurity incidents through its Cybersecurity Steering Subcommittee and the Global Security Organization.
The Cybersecurity Steering Subcommittee oversees teams of subject matter experts and working groups assigned to focus on specific cybersecurity risk management issues, and receives periodic status updates from those teams. This subcommittee also receives information from several specific risk-focused working groups such as an AI risk review team and a product AI and privacy working group.
The Enterprise Risk Management Committee provides reports to the audit committee of our board of directors on a quarterly basis to support its oversight of our cybersecurity risk management.
Chief Information Security Officer.
Our Chief Information Security Officer ("CISO") leads our Global Security Organization. Our CISO supports our compliance with standards and contractual obligations relevant to cybersecurity and good risk governance. Our CISO has over ten years of experience focused on cybersecurity. Our CISO has degrees in computer science and management information systems, each with an emphasis on information security, and has certificates from the Global Information Assurance Certification program as an Information Security Professional and for Strategic Planning, Policy and Leadership. Our CISO has held senior positions focused on the management and operation of our cybersecurity risk management processes for over five years.
In addition to its oversight, monitoring and other responsibilities, the Global Security Organization conducts an annual risk assessment process concerning our enterprise and product families. This process supports our prioritization, planning and execution of security program improvements. We also maintain a risk management process throughout the year designed to compile and manage risks through a variety of technical and administrative controls.
Third-party cybersecurity risk management.
Our cybersecurity processes are designed to identify and address cybersecurity risks associated with our use of third-party technologies and service providers.
Our processes call for the evaluation of third parties for security and compliance risks before onboarding them for potential use within our own systems and services. For applicable vendors, we require audit reports and regular responses to our detailed security questionnaires particularly for vendors associated with critical assets. In addition, our procurement processes call for specific contractual obligations from relevant vendors regarding their maintenance of appropriate cybersecurity controls and relevant certifications. Our internal Software Development Lifecycle is designed to build our products in part relying upon industry-standard practices and third-party tools and services to test our code and bundled third-party libraries for known security misconfigurations and errors.
Our people are a crucial pillar of our cybersecurity.
We operate processes to maintain an internal culture that expressly values cybersecurity. This includes broad-based processes for cybersecurity training, internal communications, reporting concerns, and escalations. Our security awareness and skills training processes guide behaviors across our workforce to be security conscious.
Consultants provide valuable services within our cybersecurity risk management.
Our cybersecurity risk management processes and technical safeguards are supported by consultants and other service providers including for security assessments of our suppliers, independent risk assessments and forensic analyses. We have also retained third-party providers to monitor and assess our cybersecurity posture by a variety of security indicators, cybersecurity threat intelligence signals and other sources and methods.
Incident response processes are an integral part of our cybersecurity posture.
If indications are reported of an actual or threatened incident affecting our information systems or networks, or affecting a third party provider relevant to our security, we commence our incident response processes supported
by the Global Security Organization. This comprehensive incident response process is designed to address possible and confirmed cybersecurity incidents and enable escalations and notifications to appropriate management and members of the audit committee.
After an incident has been contained our processes shift emphasis to the continuity of business operations, and if necessary, restoration of services and the recovery of any affected business systems and data.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|We have established policies and processes for assessing, identifying, and managing material risk from cybersecurity threats, which includes risks that arise from our use of AI, and as described further below, have integrated these processes into our overall risk management systems and processes. Our board of directors performs meaningful oversight of these cybersecurity risk management processes, and our management team is responsible for the day-to-day management of the material risks we face.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
On a quarterly basis either the audit committee or the full board of directors receive information regarding our cybersecurity risk management from our Global Security Organization and from a representative of our Chief Product Officer’s organization. The chair of the audit committee also updates the full board of directors on specific topics that are presented or discussed at the regular meeting of the audit committee.
The audit committee also receives an annual review from the CISO regarding our cybersecurity strategies, including how changes in the threat landscape and changes to our risk posture and business and compliance requirements may affect our risk management strategies.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|On a quarterly basis either the audit committee or the full board of directors receive information regarding our cybersecurity risk management from our Global Security Organization and from a representative of our Chief Product Officer’s organization.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
On a quarterly basis either the audit committee or the full board of directors receive information regarding our cybersecurity risk management from our Global Security Organization and from a representative of our Chief Product Officer’s organization. The chair of the audit committee also updates the full board of directors on specific topics that are presented or discussed at the regular meeting of the audit committee.
The audit committee also receives an annual review from the CISO regarding our cybersecurity strategies, including how changes in the threat landscape and changes to our risk posture and business and compliance requirements may affect our risk management strategies.
|Cybersecurity Risk Role of Management [Text Block]
|
Management roles in cybersecurity risk management.
We have several committees and individual management positions responsible for assessing, identifying, and managing the material cybersecurity risks that we face.
Enterprise Risk Management Committee.
Our Enterprise Risk Management Committee performs a central function in the assessment and management of our important business risks overall. Our Enterprise Risk Management Committee is comprised of members of our executive leadership. The committee meets periodically to review risk-related topics, including updates on cybersecurity risks and incidents, cybersecurity policy changes, and certain cybersecurity investment recommendations. The diverse skills and experience relevant to cybersecurity risk management possessed by the senior management and executive positions on this committee contribute to our effective management of such
risks. The Enterprise Risk Management Committee is informed about and monitors the prevention, detection, mitigation and remediation of cybersecurity incidents through its Cybersecurity Steering Subcommittee and the Global Security Organization.
The Cybersecurity Steering Subcommittee oversees teams of subject matter experts and working groups assigned to focus on specific cybersecurity risk management issues, and receives periodic status updates from those teams. This subcommittee also receives information from several specific risk-focused working groups such as an AI risk review team and a product AI and privacy working group.
The Enterprise Risk Management Committee provides reports to the audit committee of our board of directors on a quarterly basis to support its oversight of our cybersecurity risk management.
Chief Information Security Officer.
Our Chief Information Security Officer ("CISO") leads our Global Security Organization. Our CISO supports our compliance with standards and contractual obligations relevant to cybersecurity and good risk governance. Our CISO has over ten years of experience focused on cybersecurity. Our CISO has degrees in computer science and management information systems, each with an emphasis on information security, and has certificates from the Global Information Assurance Certification program as an Information Security Professional and for Strategic Planning, Policy and Leadership. Our CISO has held senior positions focused on the management and operation of our cybersecurity risk management processes for over five years.In addition to its oversight, monitoring and other responsibilities, the Global Security Organization conducts an annual risk assessment process concerning our enterprise and product families. This process supports our prioritization, planning and execution of security program improvements. We also maintain a risk management process throughout the year designed to compile and manage risks through a variety of technical and administrative controls.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|
Our Enterprise Risk Management Committee performs a central function in the assessment and management of our important business risks overall. Our Enterprise Risk Management Committee is comprised of members of our executive leadership. The committee meets periodically to review risk-related topics, including updates on cybersecurity risks and incidents, cybersecurity policy changes, and certain cybersecurity investment recommendations. The diverse skills and experience relevant to cybersecurity risk management possessed by the senior management and executive positions on this committee contribute to our effective management of such
risks. The Enterprise Risk Management Committee is informed about and monitors the prevention, detection, mitigation and remediation of cybersecurity incidents through its Cybersecurity Steering Subcommittee and the Global Security Organization.
The Cybersecurity Steering Subcommittee oversees teams of subject matter experts and working groups assigned to focus on specific cybersecurity risk management issues, and receives periodic status updates from those teams. This subcommittee also receives information from several specific risk-focused working groups such as an AI risk review team and a product AI and privacy working group.
The Enterprise Risk Management Committee provides reports to the audit committee of our board of directors on a quarterly basis to support its oversight of our cybersecurity risk management.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Our CISO has over ten years of experience focused on cybersecurity. Our CISO has degrees in computer science and management information systems, each with an emphasis on information security, and has certificates from the Global Information Assurance Certification program as an Information Security Professional and for Strategic Planning, Policy and Leadership. Our CISO has held senior positions focused on the management and operation of our cybersecurity risk management processes for over five years.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|
Our Enterprise Risk Management Committee performs a central function in the assessment and management of our important business risks overall. Our Enterprise Risk Management Committee is comprised of members of our executive leadership. The committee meets periodically to review risk-related topics, including updates on cybersecurity risks and incidents, cybersecurity policy changes, and certain cybersecurity investment recommendations. The diverse skills and experience relevant to cybersecurity risk management possessed by the senior management and executive positions on this committee contribute to our effective management of such
risks. The Enterprise Risk Management Committee is informed about and monitors the prevention, detection, mitigation and remediation of cybersecurity incidents through its Cybersecurity Steering Subcommittee and the Global Security Organization.
The Cybersecurity Steering Subcommittee oversees teams of subject matter experts and working groups assigned to focus on specific cybersecurity risk management issues, and receives periodic status updates from those teams. This subcommittee also receives information from several specific risk-focused working groups such as an AI risk review team and a product AI and privacy working group.
The Enterprise Risk Management Committee provides reports to the audit committee of our board of directors on a quarterly basis to support its oversight of our cybersecurity risk management.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef