|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 29, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|Cybersecurity Disclosures
We have developed and maintain a Material Cyber Incident Disclosure Program. The program includes processes for the identification, review and assessment of materiality of cyber events, notification of our senior leadership and Board of Directors of such events, and financial reporting disclosure where applicable. As part of the program, we also engage in due diligence regarding the cybersecurity capabilities of our current and potential third-party vendors in accordance with industry best practices. Under the program, all material cyber incidents will be reported to our Board of Directors. The program is led by our Cyber Event Disclosure Committee, which includes members of our Information Security, Corporate Legal, External Reporting and Enterprise Risk Management teams. In addition to assessing our own cybersecurity preparedness, we also consider and evaluate cybersecurity risks associated with use of third-party service providers. Our Internal Audit team conducts an annual review of third-party hosted applications with a specific focus on any sensitive data shared with third parties. For all critical third party service provides, we perform a review of the vendor's System and Organization Controls (SOC), which is referred to as a SOC 1 or SOC 2 report. If a third-party vendor is not able to provide a SOC 1 or SOC 2 report, we take additional steps to understand and mitigate any additional risks. Our assessment of risks associated with use of third-party providers is part of our overall risk management framework. We have implemented comprehensive cybersecurity initiatives for our employees, including education, training, and testing. These measures are conducted annually to ensure our employees remain up-to-date with the latest security practices, complementing our continuously improving processes and systems.
Our Chief Information Officer is responsible for developing and implementing our information security program. Our Information Security team monitors our exposure to external cybersecurity threats, leveraging automated tools and manual processes to ensure cybersecurity risk is effectively mitigated on a continuous basis. This team leverages internal IT resources, a managed security service provider, and additional third-party security software and technology services. When a specific incident has been identified, the Information Security team leverages our Cyber Incident Response Plan in conjunction with established Information Security policies to begin assessment of the incident. Depending on the type and/or severity of the incident, our Information Security team will determine (in compliance with our Cyber Incident Response Plan) whether third party expertise or consultation is necessary. If such expertise or consultation is determined to be necessary, our Information Security and Corporate Legal teams will engage with third-party experts. As part of its review of incidents, our Information Security team considers the risk exposure, potential impact, severity and implications with respect to our information technology systems. Our Information Security team is responsible for escalating incidents which are determined to be higher risk to our Cyber Event Disclosure Committee. The Cyber Event Disclosure Committee will work with our General Counsel to determine the materiality of the incident and any required disclosure. When an incident is determined to be material and is required to be disclosed, the Cyber Event Disclosure Committee will notify our senior leadership and our Board of Directors through the Audit Committee of our Board of Directors. The Cyber Event Disclosure Committee will collaborate with our Corporate Legal and Financial Reporting teams to develop any required Form 8-K Item 1.05 disclosure.
The oversight, monitoring, and testing of the program occurs under our Sarbanes-Oxley entity-level control reviews and the program is integrated into our Enterprise Risk Management processes. The Cyber Event Disclosure Committee convenes, at least monthly, to review recent developments in cybersecurity and in the cybersecurity risk landscape. The Cyber Event Disclosure Committee is comprised of representatives with relevant expertise for assessing and managing the applicable risks. Our Board of Directors is presented with updates on an annual, or as needed, basis regarding our cybersecurity preparedness. Additionally, our Board of Directors is provided with a comprehensive cyber training from our Chief Information Security Officer at least annually. Our Board of Directors annually reviews our cybersecurity program and the Audit Committee of our Board of Directors is specifically responsible for oversight of cybersecurity risk, which it regularly reviews with Company leadership.
We have not identified risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents, that have materially affected or are reasonably likely to materially affect us, including our operations, business strategy, results of operations or financial condition.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block]
|
We have not identified risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents, that have materially affected or are reasonably likely to materially affect us, including our operations, business strategy, results of operations or financial condition.
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|Our Information Security team is responsible for escalating incidents which are determined to be higher risk to our Cyber Event Disclosure Committee. The Cyber Event Disclosure Committee will work with our General Counsel to determine the materiality of the incident and any required disclosure. When an incident is determined to be material and is required to be disclosed, the Cyber Event Disclosure Committee will notify our senior leadership and our Board of Directors through the Audit Committee of our Board of Directors. The Cyber Event Disclosure Committee will collaborate with our Corporate Legal and Financial Reporting teams to develop any required Form 8-K Item 1.05 disclosure.
The oversight, monitoring, and testing of the program occurs under our Sarbanes-Oxley entity-level control reviews and the program is integrated into our Enterprise Risk Management processes. The Cyber Event Disclosure Committee convenes, at least monthly, to review recent developments in cybersecurity and in the cybersecurity risk landscape. The Cyber Event Disclosure Committee is comprised of representatives with relevant expertise for assessing and managing the applicable risks. Our Board of Directors is presented with updates on an annual, or as needed, basis regarding our cybersecurity preparedness. Additionally, our Board of Directors is provided with a comprehensive cyber training from our Chief Information Security Officer at least annually. Our Board of Directors annually reviews our cybersecurity program and the Audit Committee of our Board of Directors is specifically responsible for oversight of cybersecurity risk, which it regularly reviews with Company leadership.
|Cybersecurity Risk Role of Management [Text Block]
|Our Board of Directors annually reviews our cybersecurity program
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|Cyber Event Disclosure Committee, which includes members of our Information Security, Corporate Legal, External Reporting and Enterprise Risk Management teams.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Our Information Security team monitors our exposure to external cybersecurity threats, leveraging automated tools and manual processes to ensure cybersecurity risk is effectively mitigated on a continuous basis. This team leverages internal IT resources, a managed security service provider, and additional third-party security software and technology services. When a specific incident has been identified, the Information Security team leverages our Cyber Incident Response Plan in conjunction with established Information Security policies to begin assessment of the incident. Depending on the type and/or severity of the incident, our Information Security team will determine (in compliance with our Cyber Incident Response Plan) whether third party expertise or consultation is necessary. If such expertise or consultation is determined to be necessary, our Information Security and Corporate Legal teams will engage with third-party experts.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|The Cyber Event Disclosure Committee will work with our General Counsel to determine the materiality of the incident and any required disclosure. When an incident is determined to be material and is required to be disclosed, the Cyber Event Disclosure Committee will notify our senior leadership and our Board of Directors through the Audit Committee of our Board of Directors.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef