Cybersecurity Risk Management and Strategy Disclosure

12 Months Ended

Dec. 28, 2024

Cybersecurity Risk Management, Strategy, and Governance [Line Items]

Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Cybersecurity risk management is an integral part of our overall enterprise risk management program, which we have continued to invest in developing. Our corporate cybersecurity risk management program provides a framework for handling cybersecurity threats and incidents, including threats and incidents associated with the use of services provided by third-party vendors and service providers, and facilitating coordination across different business units of the Company. Our corporate cybersecurity risk management program is based on and audited against industry standards, including ISO 27001 for Information Security Management Systems (ISMS) and the automotive industry’s Trusted Information Security Assessment Exchange standard (TISAX).

Our corporate cybersecurity team is responsible for operating our cybersecurity risk management program. The cybersecurity team determines with management an annual workplan for risk assessments, reviews, audits and tests. The cybersecurity team also conducts vulnerability assessments, security reviews and penetration tests on a regular basis in accordance with such workplan. Following risk assessments that require any remediation, the cybersecurity team then conducts a risk treatment and response process, including mitigation, remediation and risk reduction efforts. Our policies also require that Internet-accessible enterprise systems and applications must undergo a penetration test at least annually, and we engage specialized, independent, third parties to conduct penetration tests and specific in-depth reviews of certain enterprise systems and applications.

With respect to overseeing and identifying cybersecurity risks associated with third parties, we seek to impose certain cybersecurity requirements on critical third parties with whom we do business. The cybersecurity team performs risk assessments, due diligence checks and validation of key security controls in accordance with our cybersecurity policies and standards for third-party vendors and service providers with whom we exchange information or integrate our information systems and networks. We include cybersecurity and privacy addenda and clauses in our agreements with such third parties where applicable and seek to pass through any necessary regulatory and contractual requirements to such third parties. When we do become aware that a third-party vendor or service provider has experienced a compromise or failure, we attempt to mitigate our risk, including by terminating such third party’s connection to our information systems and networks where appropriate or by exercising any applicable contractual remedies we may have, such as a right to indemnification.

On a semi-annual basis the cybersecurity team conducts a program performance evaluation with management to assess the continuing suitability, adequacy and effectiveness of the Company’s cybersecurity risk management program, including with respect to the fulfillment of cybersecurity objectives and compliance with industry standards, and to recommend changes to the Company’s threat modeling, priorities for future risk assessments, policy adjustments in response to newly identified risks or non-compliance, and overall risk acceptance.

To foster a culture of cybersecurity awareness within the Company and provide employees with further knowledge of cybersecurity-conscious behavior, all employees of the Company are required to attend cybersecurity training sessions during the onboarding process and at least once per year.

Cybersecurity Risk Management Processes Integrated [Flag]

true

Cybersecurity Risk Management Processes Integrated [Text Block]

The cybersecurity team also conducts vulnerability assessments, security reviews and penetration tests on a regular basis in accordance with such workplan. Following risk assessments that require any remediation, the cybersecurity team then conducts a risk treatment and response process, including mitigation, remediation and risk reduction efforts. Our policies also require that Internet-accessible enterprise systems and applications must undergo a penetration test at least annually, and we engage specialized, independent, third parties to conduct penetration tests and specific in-depth reviews of certain enterprise systems and applications.

Cybersecurity Risk Management Third Party Engaged [Flag]

true

Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]

true

Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]

false

Cybersecurity Risk Board of Directors Oversight [Text Block]

Our board of directors has overall oversight responsibility for our risk management, and delegates cybersecurity risk management oversight to the Audit Committee. The Audit Committee is responsible for ensuring that management has processes in place designed to identify and assess cybersecurity risks to which the Company is exposed and implement processes and programs designed to manage cybersecurity risks and mitigate and remediate cybersecurity threats and incidents. Both management and the Audit Committee also report material cybersecurity risks to our full board of directors, based on management’s assessment of risk.

Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]

Audit Committee

Cybersecurity Risk Role of Management [Text Block]

The Audit Committee is responsible for ensuring that management has processes in place designed to identify and assess cybersecurity risks to which the Company is exposed and implement processes and programs designed to manage cybersecurity risks and mitigate and remediate cybersecurity threats and incidents.

Cybersecurity Risk Management Positions or Committees Responsible [Flag]

true

Cybersecurity Risk Management Positions or Committees Responsible [Text Block]

management and the Audit Committee

Cybersecurity Risk Management Expertise of Management Responsible [Text Block]

The Audit Committee is responsible for ensuring that management has processes in place designed to identify and assess cybersecurity risks to which the Company is exposed and implement processes and programs designed to manage cybersecurity risks and mitigate and remediate cybersecurity threats and incidents. Both management and the Audit Committee also report material cybersecurity risks to our full board of directors, based on management’s assessment of risk.

Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]

true