|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Our cybersecurity risk management program aims to fully identify threats, to present and evaluate them transparently, to mitigate, and manage them proactively. We have developed and implemented a cybersecurity risk management process intended to protect confidentiality, integrity, and availability of our critical systems and information.
Our cybersecurity risk management process guides us in making cybersecurity risk-informed decisions and provides the basis for evaluating and monitoring the cybersecurity risk profile of the Company. This process provides a shared understanding and promotes a consistent approach to cybersecurity risk management within the Company in line with our information security policy and includes a cybersecurity incident response plan.
As part of our cybersecurity risk management program, we review industry's best practices, including the NIST (National Institute of Standards and Technology) Cybersecurity Framework and ISO (International Organization for Standardization) 27001 to manage information security. We periodically conduct ongoing internal and external vulnerability analyses, including simulated attack as well as external testing via a third-party to evaluate the effectiveness of our cybersecurity process and controls.
To minimize third-party risk, we have established a process to assess the security practices of third-party vendors and service providers and related risks. Our process includes a security assessment informed by vendor questionnaires and contractual security requirements related to data privacy for certain vendors.
The Security Operations Center (SOC) is responsible for investigating all security incidents and alerts including determining the threat type, incident scope and incident severity. Where appropriate, major incidents are escalated according to the cybersecurity incident process.Employee awareness and training are essential to our ability as a company to thwart cyber-attacks. We continuously raise employees’ risk awareness with mandatory, regular online training for all employees and complimentary awareness campaigns.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|Our cybersecurity risk management program aims to fully identify threats, to present and evaluate them transparently, to mitigate, and manage them proactively. We have developed and implemented a cybersecurity risk management process intended to protect confidentiality, integrity, and availability of our critical systems and information.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Our board of directors has overall oversight responsibility for our risk management strategy, and delegates information security and related risk management oversight to the Audit and Risk Committee. Members of the audit and risk committee receive regular updates from management, including the CIO and the Cybersecurity and Risks Council, regarding cybersecurity related matters. This includes existing and new cybersecurity risks, how management is addressing, managing, and/or mitigating those risks, cybersecurity, and data privacy incidents (if relevant), and the status of key information security initiatives.The Cybersecurity and Risks Council overseas regular review of cybersecurity risk management activities, is responsible for the management of our cyber risk exposure and monitoring the effectiveness of the cybersecurity program, including but not limited to, our cybersecurity tools and controls, and is responsible for establishing and reviewing our risk tolerance for our cyber risk framework.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Our board of directors has overall oversight responsibility for our risk management strategy, and delegates information security and related risk management oversight to the Audit and Risk Committee.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Those employees have decades of experience in cybersecurity and operations, cybersecurity education, and certifications from various organizations.
|Cybersecurity Risk Role of Management [Text Block]
|Members of the audit and risk committee receive regular updates from management, including the CIO and the Cybersecurity and Risks Council, regarding cybersecurity related matters. This includes existing and new cybersecurity risks, how management is addressing, managing, and/or mitigating those risks, cybersecurity, and data privacy incidents (if relevant), and the status of key information security initiatives.
The Cybersecurity and Risks Council overseas regular review of cybersecurity risk management activities, is responsible for the management of our cyber risk exposure and monitoring the effectiveness of the cybersecurity program, including but not limited to, our cybersecurity tools and controls, and is responsible for establishing and reviewing our risk tolerance for our cyber risk framework.
The Cybersecurity and Risks Council includes the CIO, the Director of Corporate Security, the Director of IT Infrastructure and Operations, the Enterprise architect, and the Director of Cybersecurity. Those employees have decades of experience in cybersecurity and operations, cybersecurity education, and certifications from various organizations. The Cybersecurity and Risks Council is responsible for mobilizing the Materialization Board, which includes representatives from Legal and Finance, to review identified incidents.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|Members of the audit and risk committee receive regular updates from management, including the CIO and the Cybersecurity and Risks Council, regarding cybersecurity related matters. This includes existing and new cybersecurity risks, how management is addressing, managing, and/or mitigating those risks, cybersecurity, and data privacy incidents (if relevant), and the status of key information security initiatives. The Cybersecurity and Risks Council overseas regular review of cybersecurity risk management activities, is responsible for the management of our cyber risk exposure and monitoring the effectiveness of the cybersecurity program, including but not limited to, our cybersecurity tools and controls, and is responsible for establishing and reviewing our risk tolerance for our cyber risk framework.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Those employees have decades of experience in cybersecurity and operations, cybersecurity education, and certifications from various organizations.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|Members of the audit and risk committee receive regular updates from management, including the CIO and the Cybersecurity and Risks Council, regarding cybersecurity related matters. This includes existing and new cybersecurity risks, how management is addressing, managing, and/or mitigating those risks, cybersecurity, and data privacy incidents (if relevant), and the status of key information security initiatives. The Cybersecurity and Risks Council overseas regular review of cybersecurity risk management activities, is responsible for the management of our cyber risk exposure and monitoring the effectiveness of the cybersecurity program, including but not limited to, our cybersecurity tools and controls, and is responsible for establishing and reviewing our risk tolerance for our cyber risk framework.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef