|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
The Company has practices and procedures designed to proactively and comprehensively manage risks from cybersecurity threats. These processes are integrated into the Company’s overall enterprise risk management, as overseen by the Company’s board of directors (the “Board”), primarily through its committees, with its Audit Committee having direct oversight over cybersecurity matters.
We identify and assess cybersecurity risk through various technologies, processes and policies that are regularly updated to align with the changing threat landscape, evolving business needs, as well as global regulatory requirements.
Our cybersecurity risk mitigation involves a range of threat defense and protection measures such as monitoring of systems, threat containment methods, penetration testing, conducting crises simulations, identity and access management, vulnerability scanning, promoting security and privacy awareness training to our global employees, improving internal processes and following a system of controls, including but not limited to back-up protocols, system restoration processes, and end-point protection on Company devices.
We seek to align our cybersecurity risk management with the NIST Cyber Security Framework, as well as industry best practices. Our cybersecurity incident response processes guide the detection, response and recovery from cybersecurity incidents and compliance with regulatory reporting requirements.
We engage third-party consultants, external auditors, legal advisors and assessors to help evaluate our cybersecurity program to assist in conducting risk and maturity assessments and as part of our processes for oversight, identification, and management of material risks from cybersecurity threats.
Our Third-Party Risk Management program oversees diligence relating to cybersecurity risks from third parties in our supply chain or that have access to our systems, data, or that house such systems or data. The program assesses cybersecurity risks of third-party posture, incidents and data breaches at the third parties identified through such diligence. Also, standard cybersecurity and privacy clauses are included in contracts where appropriate.A cross-functional Business Resiliency team oversees the adequacy of disaster recovery and business continuity considerations needed in response to cybersecurity threats and incidents.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|The Company has practices and procedures designed to proactively and comprehensively manage risks from cybersecurity threats. These processes are integrated into the Company’s overall enterprise risk management, as overseen by the Company’s board of directors (the “Board”), primarily through its committees, with its Audit Committee having direct oversight over cybersecurity matters.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|The Audit Committee of our Board is responsible for the oversight of cybersecurity-related risks. The Audit Committee regularly receives reports from our Chief Information Security Officer (“CISO”), Chief Information and Digital Officer (“CIO”) and other members of management on cybersecurity threat risk management, including security posture improvements, results from third-party assessments, identified risks and progress towards risk-mitigation-related goals. The full Board receives a report from our CISO and other members of management annually.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Audit Committee of our Board is responsible for the oversight of cybersecurity-related risks.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Audit Committee regularly receives reports from our Chief Information Security Officer (“CISO”), Chief Information and Digital Officer (“CIO”) and other members of management on cybersecurity threat risk management, including security posture improvements, results from third-party assessments, identified risks and progress towards risk-mitigation-related goals. The full Board receives a report from our CISO and other members of management annually.
|Cybersecurity Risk Role of Management [Text Block]
|
Our cybersecurity risk management and strategy processes are led by our CISO. The CISO works closely with the CIO, Chief Privacy Officer, and members of the legal team who report to the Chief Legal Affairs Officer to periodically review the cybersecurity program. The CISO has over 25 years of experience in cybersecurity, risk management, and compliance, and has served as the chief information security officer at other organizations.
The Company’s CISO oversees the Company’s cybersecurity incident response plan and related processes that are designed to assess and manage material risks from cybersecurity threats. The Company’s CISO also coordinates with the Company’s Legal Affairs team and third parties, such as consultants and legal advisors, to assess and manage material risks from cybersecurity threats. The Company’s CISO is informed about and monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents pursuant to criteria set forth in the Company’s incident response plan and related processes.
Our Disclosure Committee, with the assistance of its Cybersecurity Subcommittee, is responsible for overseeing the establishment and effectiveness of controls and procedures related to the public disclosure of material cybersecurity matters. The Cybersecurity Subcommittee of the Disclosure Committee is comprised of the Controller and Chief Accounting Officer, Treasurer, Chief Legal Affairs Officer, Assistant Secretary, General Auditor, as well as the CISO, CIO and Chief PrivacyOfficer. The Cybersecurity Subcommittee receives, at least every quarter, a report from CISO on cybersecurity incidents and their mitigation, and remediation pursuant to incident response plan and related processes, as well as other relevant cybersecurity risk topics.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|Our cybersecurity risk management and strategy processes are led by our CISO. The CISO works closely with the CIO, Chief Privacy Officer, and members of the legal team who report to the Chief Legal Affairs Officer to periodically review the cybersecurity program.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|The CISO has over 25 years of experience in cybersecurity, risk management, and compliance, and has served as the chief information security officer at other organizations.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|The Company’s CISO is informed about and monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents pursuant to criteria set forth in the Company’s incident response plan and related processes.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef