|
Cybersecurity Risk Management, Strategy and Governance
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Item 1C. Cybersecurity.
We have developed and implemented a cybersecurity risk management program intended to protect the confidentiality, integrity, and availability of our critical systems and information. Our cybersecurity risk management program includes a cybersecurity incident response plan.
We use NIST Cybersecurity Framework and CIS Critical Security Controls as a guide to help us identify, assess, and manage cybersecurity relevant to our business. We are also structured to CMMC which aligns with DOD/Federal contractor program compliance. This does not imply that we meet any particular technical standards, specifications, or requirements.
Our cybersecurity risk management program is integrated with our overall enterprise risk management program, and shares common methodologies, reporting channels and governance processes that apply across the enterprise risk management program to other legal, compliance, strategic, operational, and financial risk areas. Our cybersecurity risk management program includes the following key elements:
•
risk assessments designed to help identify material cybersecurity risks to our critical systems, information, services, and our broader enterprise IT environment;
•
a team comprised of IT security, IT infrastructure, and IT compliance personnel principally responsible for directing (1) our cybersecurity risk assessment processes; (2) our security processes; and (3) our response to cybersecurity incidents;
•
the use of external cybersecurity service providers, where appropriate, to assess, test or otherwise assist with aspects of our security processes;
•
cybersecurity awareness training of employees with access to our IT systems;
•
a cybersecurity incident response plan and Security Operations Center to respond to cybersecurity incidents;
•
a third-party risk management process for service providers.
We have not identified risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents, that have materially affected us, including our operations, business strategy, results of operations, or financial condition. We face certain ongoing risks from cybersecurity threats that,
if realized, are reasonably likely to materially affect us, including our operations, business strategy, results of operations, or financial conditions, as we have described in the Risk Factors section of this Form 10-K.
Cybersecurity Governance
Our Board considers cybersecurity risk as critical to the enterprise and delegates the cybersecurity risk oversight function to the Audit and Risk Committee. The Audit and Risk Committee oversees management’s design, implementation, and enforcement of our cybersecurity risk management program.
Our Chief Security & Risk Officer reports to the Chief Technology Officer and works closely with the Chief Legal Officer to ensure that all disclosure or reporting requirements are satisfied if an incident were to occur. The Chief Security & Risk Officer leads Parsons’ overall cybersecurity function and provides quarterly reports to the Audit and Risk Committee on our cybersecurity risks, including briefings on our cybersecurity risk management program and cybersecurity incidents. The Audit and Risk Committee also receives periodic presentations on relevant cybersecurity topics as part of the Committee and the Board’s continuing education on topics that impact public companies.
Our Chief Security & Risk Officer supervises efforts to prevent, detect, mitigation and remediate cybersecurity risks and incidents through various means, which include briefings from internal security personnel; threat intelligence and other information obtained from governmental, public or private sources, including external cybersecurity service providers; and alerts and reports produced by security tools deployed in the IT environment. Our Chief Security & Risk Officer is responsible for assessing and managing our material risks from cybersecurity threats and has primary responsibility for leading our overall cybersecurity risks management program and supervises both our internal cybersecurity personnel and our external cybersecurity service providers. Our Chief Security & Risk Officer has significant global experience in managing and leading IT and cybersecurity teams.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|Our cybersecurity risk management program is integrated with our overall enterprise risk management program, and shares common methodologies, reporting channels and governance processes that apply across the enterprise risk management program to other legal, compliance, strategic, operational, and financial risk areas.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block]
| We face certain ongoing risks from cybersecurity threats that,
if realized, are reasonably likely to materially affect us, including our operations, business strategy, results of operations, or financial conditions, as we have described in the Risk Factors section of this Form 10-K.
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Our Board considers cybersecurity risk as critical to the enterprise and delegates the cybersecurity risk oversight function to the Audit and Risk Committee. The Audit and Risk Committee oversees management’s design, implementation, and enforcement of our cybersecurity risk management program.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Audit and Risk Committee oversees management’s design, implementation, and enforcement of our cybersecurity risk management program.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Our Chief Security & Risk Officer reports to the Chief Technology Officer and works closely with the Chief Legal Officer to ensure that all disclosure or reporting requirements are satisfied if an incident were to occur. The Chief Security & Risk Officer leads Parsons’ overall cybersecurity function and provides quarterly reports to the Audit and Risk Committee on our cybersecurity risks, including briefings on our cybersecurity risk management program and cybersecurity incidents.
|Cybersecurity Risk Role of Management [Text Block]
|
Our Chief Security & Risk Officer reports to the Chief Technology Officer and works closely with the Chief Legal Officer to ensure that all disclosure or reporting requirements are satisfied if an incident were to occur. The Chief Security & Risk Officer leads Parsons’ overall cybersecurity function and provides quarterly reports to the Audit and Risk Committee on our cybersecurity risks, including briefings on our cybersecurity risk management program and cybersecurity incidents. The Audit and Risk Committee also receives periodic presentations on relevant cybersecurity topics as part of the Committee and the Board’s continuing education on topics that impact public companies.
Our Chief Security & Risk Officer supervises efforts to prevent, detect, mitigation and remediate cybersecurity risks and incidents through various means, which include briefings from internal security personnel; threat intelligence and other information obtained from governmental, public or private sources, including external cybersecurity service providers; and alerts and reports produced by security tools deployed in the IT environment. Our Chief Security & Risk Officer is responsible for assessing and managing our material risks from cybersecurity threats and has primary responsibility for leading our overall cybersecurity risks management program and supervises both our internal cybersecurity personnel and our external cybersecurity service providers. Our Chief Security & Risk Officer has significant global experience in managing and leading IT and cybersecurity teams.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|Our Chief Security & Risk Officer is responsible for assessing and managing our material risks from cybersecurity threats and has primary responsibility for leading our overall cybersecurity risks management program and supervises both our internal cybersecurity personnel and our external cybersecurity service providers.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Our Chief Security & Risk Officer supervises efforts to prevent, detect, mitigation and remediate cybersecurity risks and incidents through various means, which include briefings from internal security personnel; threat intelligence and other information obtained from governmental, public or private sources, including external cybersecurity service providers; and alerts and reports produced by security tools deployed in the IT environment. Our Chief Security & Risk Officer is responsible for assessing and managing our material risks from cybersecurity threats and has primary responsibility for leading our overall cybersecurity risks management program and supervises both our internal cybersecurity personnel and our external cybersecurity service providers. Our Chief Security & Risk Officer has significant global experience in managing and leading IT and cybersecurity teams.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|Chief Security & Risk Officer supervises efforts to prevent, detect, mitigation and remediate cybersecurity risks and incidents through various means, which include briefings from internal security personnel; threat intelligence and other information obtained from governmental, public or private sources, including external cybersecurity service providers; and alerts and reports produced by security tools deployed in the IT environment.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef