|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 28, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Cybersecurity risk management is an integral part of the Corporation’s enterprise risk management program. The cybersecurity risk management program is designed to align with industry best practices, is generally based on the framework established by the National Institute of Standards and Technology (NIST), provides a framework for handling cybersecurity threats and incidents, including threats and incidents associated with the use of applications and services provided by third parties, and facilitates coordination across different departments of the Corporation. This framework includes steps for assessing the severity of a cybersecurity threat, identifying the source of a threat, including whether the threat is associated with a third-party service provider, implementing countermeasures and mitigation strategies, and informing management and the Board of Directors of material cybersecurity threats, incidents, and impact.
The cybersecurity team under the direction of the Corporation’s Chief Information and Digital Officer ("CIDO"), is responsible for assessing, deploying, and managing the cybersecurity risk management program. Recognizing the complexity and evolving nature of cybersecurity threats, the cybersecurity team engages with a range of external experts, including cybersecurity assessors and consultants in evaluating and testing the Corporation’s risk management systems. The collaboration with these independent third-parties includes regular threat assessments, such as penetration tests and table-top exercises, and consultation on security enhancements. In addition, the cybersecurity team provides training to applicable members annually and ongoing cybersecurity education. Additionally, the Corporation maintains cyber risk insurance.
Depending on the products and services provided and the potential for data exchange and technology risk, suppliers and other third-party service providers are evaluated by the cybersecurity organization to assess their security and data protection capabilities. Additionally, security and data-focused contract provisions are incorporated where necessary in supplier and other
service provider agreements to include industry-standard security and resiliency requirements that include timely reporting of cybersecurity incidents. The Corporation periodically reviews independent assessments of major service providers.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|Cybersecurity risk management is an integral part of the Corporation’s enterprise risk management program. The cybersecurity risk management program is designed to align with industry best practices, is generally based on the framework established by the National Institute of Standards and Technology (NIST), provides a framework for handling cybersecurity threats and incidents, including threats and incidents associated with the use of applications and services provided by third parties, and facilitates coordination across different departments of the Corporation.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
The Board of Directors has overall oversight responsibility for risk management. Oversight of cybersecurity risks has been delegated to the Audit Committee of the Board of Directors. The Audit Committee also reports material cybersecurity risk to the full Board of Directors.
The Audit Committee is responsible for ensuring management has processes in place designed to identify and evaluate cybersecurity risks to which the Corporation is exposed and implement programs to manage cybersecurity risks and mitigate cybersecurity incidents.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
The Board of Directors has overall oversight responsibility for risk management. Oversight of cybersecurity risks has been delegated to the Audit Committee of the Board of Directors. The Audit Committee also reports material cybersecurity risk to the full Board of Directors.
The Audit Committee is responsible for ensuring management has processes in place designed to identify and evaluate cybersecurity risks to which the Corporation is exposed and implement programs to manage cybersecurity risks and mitigate cybersecurity incidents.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
Management under the CIDO is responsible for identifying, considering, and assessing material cybersecurity risks on an ongoing basis, establishing processes to ensure that such potential risk exposures are monitored, implementing appropriate mitigation measures and maintaining cybersecurity programs. The CIDO and cybersecurity team members are certified and/or experienced information systems security professionals and information security managers with many years of experience.
The CIDO receives reports from the cybersecurity team and monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents. Appropriate procedures for communication to the Audit Committee are also built into the incident response plan.
|Cybersecurity Risk Role of Management [Text Block]
|
Management under the CIDO is responsible for identifying, considering, and assessing material cybersecurity risks on an ongoing basis, establishing processes to ensure that such potential risk exposures are monitored, implementing appropriate mitigation measures and maintaining cybersecurity programs. The CIDO and cybersecurity team members are certified and/or experienced information systems security professionals and information security managers with many years of experience.
The CIDO receives reports from the cybersecurity team and monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents. Appropriate procedures for communication to the Audit Committee are also built into the incident response plan.
The CIDO regularly updates the Audit Committee and the full Board of Directors on the Corporation’s cybersecurity risk management program, material cybersecurity risks, and mitigation strategies. Management provides the Audit Committee with quarterly cybersecurity reports that cover, among other topics, third-party assessments of the Corporation’s cybersecurity risk management program, developments in cybersecurity, and updates to the Company’s cybersecurity risk management program and mitigation strategies.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|Management under the CIDO is responsible for identifying, considering, and assessing material cybersecurity risks on an ongoing basis, establishing processes to ensure that such potential risk exposures are monitored, implementing appropriate mitigation measures and maintaining cybersecurity programs.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|The CIDO and cybersecurity team members are certified and/or experienced information systems security professionals and information security managers with many years of experience.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|
Management under the CIDO is responsible for identifying, considering, and assessing material cybersecurity risks on an ongoing basis, establishing processes to ensure that such potential risk exposures are monitored, implementing appropriate mitigation measures and maintaining cybersecurity programs. The CIDO and cybersecurity team members are certified and/or experienced information systems security professionals and information security managers with many years of experience.
The CIDO receives reports from the cybersecurity team and monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents. Appropriate procedures for communication to the Audit Committee are also built into the incident response plan.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef