|
Cybersecurity Risk Management, Strategy and Governance
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Item 1C. Cybersecurity.
Risk Management and Strategy
We have in place certain infrastructure, systems, policies, and procedures that are designed to proactively and reactively address circumstances that arise when unexpected events such as a cybersecurity incident occur. These include processes for assessing, identifying, and managing material risks from cybersecurity threats. Our information security management program generally follows processes outlined in frameworks such as the International Organization for Standardization's (“ISO”) international standard for Information Security (“ISO 27001”) and the National Institute of Standards and Technology's Cybersecurity Framework 2.0 (“NCSF”) and we evaluate and evolve our security measures as appropriate. As of December 31, 2024, we have not completed all of the requirements to be ISO 27001 or NCSF certified. We consult with external parties, such as cybersecurity firms and risk management and governance experts, on risk management and strategy.
Identifying, assessing, and managing cybersecurity risk is integrated into our overall risk management systems and processes, and we have in place cybersecurity and data privacy training and policies designed to (a) respond to new requirements in global privacy laws and (b) prevent, detect, respond to, mitigate and recover from identified and significant cybersecurity threats.
We also have a vendor risk assessment process consisting of the distribution and review of supplier questionnaires designed to help us evaluate cybersecurity risks that we may encounter when working with third parties that have access to confidential and other sensitive company information. We take steps designed to ensure that such vendors have implemented data privacy and security controls that help mitigate the cybersecurity risks associated with these vendors. We routinely assess our high-risk suppliers’ conformance to industry standards (e.g., ISO 27001, ISO's international standard for Supply Chain Security Management (“ISO 28001”), the NCSF, and the Customs-Trade Partnership Against Terrorism), and evaluate them for additional information, product, and physical security requirements.
Refer to “Item 1A. Risk Factors” in this Annual Report for additional information about risks related to cybersecurity.
Governance
Information security matters, including managing and assessing risks from cybersecurity threats, remain under the oversight of the Company’s Board of Directors, or the Board. The Audit Committee of the Board, or the Audit Committee, also reviews the adequacy and effectiveness of the Company’s information security policies and practices and the internal controls regarding information security risks. The Audit Committee receives regular information security updates from management. The Board also receives annual reports on information security matters from members of our security team.
Our security efforts are managed by a team of IT, engineering, operations, and legal professionals. We have established a cross-functional leadership team, consisting of executive-level leaders, that meets regularly to review cybersecurity matters and evaluate emerging threats. With oversight and guidance provided by the cross-functional leadership team, our information security teams refine our practices to address emerging security risks and changes in regulations. Our leadership team also participates in cybersecurity incident response efforts by engaging with the incident response team and helping direct the company’s response to and assessment of certain cybersecurity incidents.
We have designated a Network and Security Engineer, who reports to the Director of IT & Security, to assess and manage our material cybersecurity risks and threats. In this role, the Network and Security Engineer installs and manages our corporate firewalls, Enterprise Infrastructure engineering, and network analysis, but also supports our incident response and vulnerability management efforts. With over 10 years of experience in cybersecurity, the Engineer ensures our controls remain effective and that any emerging threats are promptly addressed.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
Identifying, assessing, and managing cybersecurity risk is integrated into our overall risk management systems and processes, and we have in place cybersecurity and data privacy training and policies designed to (a) respond to new requirements in global privacy laws and (b) prevent, detect, respond to, mitigate and recover from identified and significant cybersecurity threats.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|Information security matters, including managing and assessing risks from cybersecurity threats, remain under the oversight of the Company’s Board of Directors, or the Board.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Audit Committee of the Board, or the Audit Committee, also reviews the adequacy and effectiveness of the Company’s information security policies and practices and the internal controls regarding information security risks.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Audit Committee receives regular information security updates from management. The Board also receives annual reports on information security matters from members of our security team.
|Cybersecurity Risk Role of Management [Text Block]
|
Our security efforts are managed by a team of IT, engineering, operations, and legal professionals. We have established a cross-functional leadership team, consisting of executive-level leaders, that meets regularly to review cybersecurity matters and evaluate emerging threats. With oversight and guidance provided by the cross-functional leadership team, our information security teams refine our practices to address emerging security risks and changes in regulations. Our leadership team also participates in cybersecurity incident response efforts by engaging with the incident response team and helping direct the company’s response to and assessment of certain cybersecurity incidents.We have designated a Network and Security Engineer, who reports to the Director of IT & Security, to assess and manage our material cybersecurity risks and threats. In this role, the Network and Security Engineer installs and manages our corporate firewalls, Enterprise Infrastructure engineering, and network analysis, but also supports our incident response and vulnerability management efforts.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|
Information security matters, including managing and assessing risks from cybersecurity threats, remain under the oversight of the Company’s Board of Directors, or the Board. The Audit Committee of the Board, or the Audit Committee, also reviews the adequacy and effectiveness of the Company’s information security policies and practices and the internal controls regarding information security risks. The Audit Committee receives regular information security updates from management. The Board also receives annual reports on information security matters from members of our security team.
Our security efforts are managed by a team of IT, engineering, operations, and legal professionals. We have established a cross-functional leadership team, consisting of executive-level leaders, that meets regularly to review cybersecurity matters and evaluate emerging threats. With oversight and guidance provided by the cross-functional leadership team, our information security teams refine our practices to address emerging security risks and changes in regulations. Our leadership team also participates in cybersecurity incident response efforts by engaging with the incident response team and helping direct the company’s response to and assessment of certain cybersecurity incidents.
We have designated a Network and Security Engineer, who reports to the Director of IT & Security, to assess and manage our material cybersecurity risks and threats. In this role, the Network and Security Engineer installs and manages our corporate firewalls, Enterprise Infrastructure engineering, and network analysis, but also supports our incident response and vulnerability management efforts. With over 10 years of experience in cybersecurity, the Engineer ensures our controls remain effective and that any emerging threats are promptly addressed.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|With over 10 years of experience in cybersecurity, the Engineer ensures our controls remain effective and that any emerging threats are promptly addressed.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|We have established a cross-functional leadership team, consisting of executive-level leaders, that meets regularly to review cybersecurity matters and evaluate emerging threats. With oversight and guidance provided by the cross-functional leadership team, our information security teams refine our practices to address emerging security risks and changes in regulations. Our leadership team also participates in cybersecurity incident response efforts by engaging with the incident response team and helping direct the company’s response to and assessment of certain cybersecurity incidents.We have designated a Network and Security Engineer, who reports to the Director of IT & Security, to assess and manage our material cybersecurity risks and threats. In this role, the Network and Security Engineer installs and manages our corporate firewalls, Enterprise Infrastructure engineering, and network analysis, but also supports our incident response and vulnerability management efforts.
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef