XML 76 R35.htm IDEA: XBRL DOCUMENT v3.25.0.1
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Dec. 29, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
The Company has documented cybersecurity policies and standards, assesses risks from cybersecurity threats, and monitors information systems for potential cybersecurity issues. To protect the Company’s information systems from cybersecurity threats, the Company uses various security tools supporting protection, detection, and response capabilities. The Company maintains a cybersecurity incident response plan to help ensure a timely, consistent response to actual or attempted cybersecurity incidents impacting the Company.
The Company also identifies and assesses third-party risks within the enterprise, and through the Company's use of third-party service providers, across a range of areas including data security and supply chain through a structured third-party risk management program.
The Company maintains a formal information security training program for all employees that includes training on matters such as phishing and email security best practices. Employees are also required to complete mandatory training on data privacy.
To evaluate and enhance its cybersecurity program, the Company periodically utilizes third-party experts to undertake maturity assessments of the Company’s information security program.
To date, the Company is not aware of any cybersecurity incident that has had or is reasonably likely to have a material impact on the Company’s business or operations; however, because of the frequently changing attack techniques, along with the increased volume and sophistication of the attacks, there is the potential for the Company to be adversely impacted. This impact could result in reputational, competitive, operational or other business harm as well as financial costs and regulatory action. Refer to the risk factor captioned An information security incident, including a cybersecurity breach, could have a negative impact to the Company’s business or reputation in Part I, Item 1A. Risk factors for additional description of cybersecurity risks and potential related impacts on the Company.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block] The Company has documented cybersecurity policies and standards, assesses risks from cybersecurity threats, and monitors information systems for potential cybersecurity issues. To protect the Company’s information systems from cybersecurity threats, the Company uses various security tools supporting protection, detection, and response capabilities. The Company maintains a cybersecurity incident response plan to help ensure a timely, consistent response to actual or attempted cybersecurity incidents impacting the Company.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block]
Governance - board oversight
The Company’s Board of Directors oversees the overall risk management process, including cybersecurity risks, directly and through its committees. The Regulatory Compliance & Sustainability Committee (RCSC) of the board is primarily responsible for oversight of risk from cybersecurity threats and oversees compliance with applicable laws, regulations and Company policies related to, among others, privacy and cybersecurity.
RCSC meetings include discussions of specific risk areas throughout the year including, among others, those relating to cybersecurity. The CISO provides quarterly updates each year to RCSC on cybersecurity matters. These reports include an overview of the cybersecurity threat landscape, key cybersecurity initiatives to improve the Company’s risk posture, changes in the legal and regulatory landscape relative to cybersecurity, and overviews of certain cybersecurity incidents that have occurred within the Company and within the industry.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] The Company’s Board of Directors oversees the overall risk management process, including cybersecurity risks, directly and through its committees. The Regulatory Compliance & Sustainability Committee (RCSC) of the board is primarily responsible for oversight of risk from cybersecurity threats and oversees compliance with applicable laws, regulations and Company policies related to, among others, privacy and cybersecurity.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
RCSC meetings include discussions of specific risk areas throughout the year including, among others, those relating to cybersecurity. The CISO provides quarterly updates each year to RCSC on cybersecurity matters. These reports include an overview of the cybersecurity threat landscape, key cybersecurity initiatives to improve the Company’s risk posture, changes in the legal and regulatory landscape relative to cybersecurity, and overviews of certain cybersecurity incidents that have occurred within the Company and within the industry.
Cybersecurity Risk Role of Management [Text Block]
Governance - management’s responsibility
The Company takes a risk-based approach to cybersecurity and has implemented cybersecurity controls designed to address cybersecurity threats and risks. The Chief Information Officer (CIO), who is a member of the Company’s Executive Committee, and the Chief Information Security Officer (CISO) are responsible for assessing and managing cybersecurity risks, including security incident detection, response, and recovery.
The Company’s CISO, in coordination with the CIO, is responsible for leading the Company’s cybersecurity program and management of cybersecurity risk. The current CISO has over twenty-five years of experience in information security, and his background includes technical experience, strategy and architecture focused roles, cyber and threat experience, and various leadership roles.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
The Company takes a risk-based approach to cybersecurity and has implemented cybersecurity controls designed to address cybersecurity threats and risks. The Chief Information Officer (CIO), who is a member of the Company’s Executive Committee, and the Chief Information Security Officer (CISO) are responsible for assessing and managing cybersecurity risks, including security incident detection, response, and recovery.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] The current CISO has over twenty-five years of experience in information security, and his background includes technical experience, strategy and architecture focused roles, cyber and threat experience, and various leadership roles.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] The Company’s Board of Directors oversees the overall risk management process, including cybersecurity risks, directly and through its committees. The Regulatory Compliance & Sustainability Committee (RCSC) of the board is primarily responsible for oversight of risk from cybersecurity threats and oversees compliance with applicable laws, regulations and Company policies related to, among others, privacy and cybersecurity.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true