|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 28, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|The Company manages cybersecurity risk as part of our overall enterprise risk management strategy, overseen by the Audit Committee and the Board of Directors. The Company has developed an information security program to address material risks from cybersecurity threats. The program includes processes identifying how security measures and controls are developed, implemented, and maintained.
Our cybersecurity processes align with the National Institute of Standards and Technology (NIST CSF) Framework. The Company conducts regular risk assessments on systems and applications to help detect potential risks, threats, and vulnerabilities. Additionally, annual assessments are conducted to evaluate the effectiveness of controls. Risk assessment, risk-based analysis, and judgment are used to select security controls to address risks. During this process, the following factors, among others, are considered: likelihood and severity of risk, impact on the Company and others if a risk materializes, feasibility and cost of controls, and impact of controls on operations and others. Several controls are employed to differing extents, encompassing but not restricted to endpoint threat detection and response (EDR), identity and access management (IAM), privileged access management (PAM), logging and monitoring utilizing security information and event management (SIEM), multi-factor authentication (MFA), firewalls, intrusion detection, and prevention, as well as vulnerability and patch management.
Third-party security firms are used in different capacities to provide or operate some of these controls and technology systems. For example, third parties conduct assessments, such as vulnerability scans, penetration testing, and overall risk assessments, and third-party tools are utilized to identify potential vulnerabilities. The Company employs a variety of processes to address cybersecurity threats related to third-party technology and services, including privacy, solution and vendor risk assessments, imposition of contractual obligations, and performance monitoring. The Company also currently relies on services provided by Kellanova, under the Transition Service Agreement.
To support our preparedness, the Company has a written incident response preparedness plan that we update as business needs and the security landscape change. In the event of a cybersecurity incident, our incident response team refers to the plan, and the Company conducts tabletop exercises to enhance incident response preparedness. The plan sets out clear response procedures on how to define roles, categorize incidents, determine materiality, record responses, comply with regulatory standards, assist in public disclosure, and defines the process for assessing impact for materiality purposes. It is designed to enable a prompt, uniform, and efficient strategy to reduce the financial, operational, legal, and reputational risks associated with cybersecurity incidents. Business continuity and disaster recovery plans are used to prepare for the potential disruption of technology we rely on. The Company has implemented a user awareness program to enhance cybersecurity measures. These include phishing, malware, data handling, device security, cybersecurity education, password security, internet browsing and defenses to physical threats. As part of our overall risk mitigation strategy, the Company also maintains cyber insurance coverage; however, such insurance may not be sufficient in type or amount to cover us against claims related to security breaches, cyberattacks and other related breaches.
The Company (or third parties it relies on) may not be able to fully, continuously, and effectively implement security controls as intended. As described above, we utilize a risk-based approach and judgment to determine the security controls to implement, and it is possible we may not implement appropriate controls if we do not recognize or underestimate a particular risk. In addition, security controls, no matter how well designed or implemented, may only mitigate and not fully eliminate risks and events, when detected by security tools or third parties, may not always be immediately understood or acted upon. For further discussion of these risks, see “Risk Factors—Risks Related to Our Intellectual Property and Technology—Technology failures, cyber-attacks, privacy breaches or data breaches could disrupt our operations or reputation and negatively impact our business.”
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|The Company manages cybersecurity risk as part of our overall enterprise risk management strategy, overseen by the Audit Committee and the Board of Directors. The Company has developed an information security program to address material risks from cybersecurity threats. The program includes processes identifying how security measures and controls are developed, implemented, and maintained.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|The Company has a Governance, Risk, and Compliance (GRC) IT function to address enterprise risks; cybersecurity is a category handled by that function. Cybersecurity is a vital pillar within a comprehensive risk management framework, fostering cross-functional collaboration to fortify organizational resilience against digital threats.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Company has a privacy and security governance committee. The company operates a privacy and security governance committee and a cybersecurity team led by a Chief Information Security Officer.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The company operates a privacy and security governance committee and a cybersecurity team led by a Chief Information Security Officer. With cybersecurity experience across IT services, Telecom, and Manufacturing sectors, the Chief Information Security Officer spearheads cybersecurity risk and strategy and directly reports to the Chief Information Officer. Additionally, as part of our overall enterprise risk management strategy, our Audit Committee, which consists solely of independent directors, oversees cybersecurity and receives updates from the Chief Information Security Officer on a periodic basis on cybersecurity matters, which include a review of potential digital threats and vulnerabilities, cybersecurity priorities, and our cybersecurity framework.
|Cybersecurity Risk Role of Management [Text Block]
|The Company has a privacy and security governance committee. The company operates a privacy and security governance committee and a cybersecurity team led by a Chief Information Security Officer. With cybersecurity experience across IT services, Telecom, and Manufacturing sectors, the Chief Information Security Officer spearheads cybersecurity risk and strategy and directly reports to the Chief Information Officer. Additionally, as part of our overall enterprise risk management strategy, our Audit Committee, which consists solely of independent directors, oversees cybersecurity and receives updates from the Chief Information Security Officer on a periodic basis on cybersecurity matters, which include a review of potential digital threats and vulnerabilities, cybersecurity priorities, and our cybersecurity framework.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|The Company has a privacy and security governance committee. The company operates a privacy and security governance committee and a cybersecurity team led by a Chief Information Security Officer. With cybersecurity experience across IT services, Telecom, and Manufacturing sectors, the Chief Information Security Officer spearheads cybersecurity risk and strategy and directly reports to the Chief Information Officer. Additionally, as part of our overall enterprise risk management strategy, our Audit Committee, which consists solely of independent directors, oversees cybersecurity and receives updates from the Chief Information Security Officer on a periodic basis on cybersecurity matters, which include a review of potential digital threats and vulnerabilities, cybersecurity priorities, and our cybersecurity framework.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|With cybersecurity experience across IT services, Telecom, and Manufacturing sectors, the Chief Information Security Officer spearheads cybersecurity risk and strategy and directly reports to the Chief Information Officer.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|The Company has a privacy and security governance committee. The company operates a privacy and security governance committee and a cybersecurity team led by a Chief Information Security Officer. With cybersecurity experience across IT services, Telecom, and Manufacturing sectors, the Chief Information Security Officer spearheads cybersecurity risk and strategy and directly reports to the Chief Information Officer.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef