|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Risk Management and Strategy
Cybersecurity risk management is an integral part of our overall enterprise risk management program. Our cybersecurity risk management program, which is managed by PAR’s Information Security & Privacy team, is designed to identify, assess and manage risks from cybersecurity threats, and it provides a framework for handling cybersecurity threats and incidents. The program is also aligned with the risk assessment framework that has been established by our internal audit team.
Our cybersecurity risk management framework includes steps for assessing the severity of a cybersecurity threat (including an escalation process for potentially material cybersecurity threats and incidents to an internal committee comprised of members of senior management), identifying the source of a cybersecurity threat (including whether the cybersecurity threat is associated with a third-party service provider), and implementing cybersecurity countermeasures and mitigation strategies. The internal committee is responsible for assessing the materiality of cybersecurity threats and incidents, and it informs members of senior management and the audit committee of our board of directors of material cybersecurity threats and incidents.
PAR’s cybersecurity risk management program leverages industry-recognized security frameworks, including the U.S. National Institute of Standards and Technology (NIST) and the CIS Critical Security Controls. We also engage third-party independent auditors to attest to the implementation and operational effectiveness of security controls implemented within our product and service environments in scope for Payment Card Industry Data Security Standard ("PCI DSS") and American Institute of Certified Public Accountants ("AICPA") System and Organization Controls ("SOC") as well as financial systems in scope for Sarbanes-Oxley information technology general controls. Our internal audit team conducts regularly scheduled audits of our IT and business systems. The results of these audits are reported to senior management and the audit committee as part of the quarterly reporting process discussed above.
We require our vendors to comply with our privacy and cybersecurity requirements, and we perform risk assessments of vendors, including their ability to protect data from unauthorized access. We implement enterprise-wide information security policies and security awareness training to promote compliance and enhance security
awareness and vigilance among our workforce. This training is distributed to all employees and includes interactive training on the acceptable use of technology, secure software development practices and phishing simulations.
Based on the information available as of the date of this Annual Report, we believe that risks from cybersecurity threats, including as a result of previous cybersecurity incidents, have not materially affected us, including our business, strategy, results of operations or financial condition, and as of the date of this Annual Report, we are not aware of any material risks from cybersecurity threats that are reasonably likely to do so. However, we cannot eliminate all risks from cybersecurity threats or provide assurances that PAR will not be materially affected by cybersecurity risks in the future. Additional information on cybersecurity risks we face is discussed in "Item 1A. Risk Factors” which should be read in conjunction with the foregoing information.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
Cybersecurity risk management is an integral part of our overall enterprise risk management program. Our cybersecurity risk management program, which is managed by PAR’s Information Security & Privacy team, is designed to identify, assess and manage risks from cybersecurity threats, and it provides a framework for handling cybersecurity threats and incidents. The program is also aligned with the risk assessment framework that has been established by our internal audit team.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
As part of our overall enterprise risk management program, we prioritize the identification and management of cybersecurity risk at several levels. Our board of directors has overall oversight responsibility for our risk management, and delegates cybersecurity risk management oversight to the audit committee, which is responsible for overseeing that management has processes in place designed to identify and evaluate cybersecurity risks and that management has implemented processes and programs to manage cybersecurity risks and mitigate cybersecurity incidents.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Our board of directors has overall oversight responsibility for our risk management, and delegates cybersecurity risk management oversight to the audit committee, which is responsible for overseeing that management has processes in place designed to identify and evaluate cybersecurity risks and that management has implemented processes and programs to manage cybersecurity risks and mitigate cybersecurity incidents.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
Our audit committee, typically in joint session with our board of directors, meets quarterly with the Vice President of Information Security & Privacy, the Vice President of Information Technology, and/or the CTO who provide updates to it on, among other things, cybersecurity threat landscape, risk assessments, mitigation plans, notable incidents, the status of projects to strengthen our information security systems, engagement of third parties (e.g., consultants and auditors) and third-party tools, and our employee-training programs.
|Cybersecurity Risk Role of Management [Text Block]
|
Management is responsible for identifying, considering and assessing material cybersecurity risks on an ongoing basis, establishing processes to provide that such potential cybersecurity risk exposures are monitored, putting in place appropriate mitigation measures and maintaining cybersecurity programs.Our cyber risk assessment program is managed by our Information Security & Privacy team, which is led by our Vice President of Information Security & Privacy, who has over twenty-three (23) years of experience in the cybersecurity and technology industry. The Vice President of Information Security & Privacy reports to our Chief Financial Officer. The Vice President of Information Security & Privacy oversees multiple teams that are operationally responsible for PAR’s cybersecurity, including IT Security, Cloud Security, and Development, Security & Operations, each of which provides regular updates to the Vice President of Information Security & Privacy regarding threat intelligence, cyber incidents, and cyber risk mitigation strategies as part of their responsibilities. The Vice President of Information Security & Privacy works closely with the Vice President of IT, who is responsible for PAR's information technology and digital transformation strategy, and with the Chief Technology Officer (CTO), who is responsible for software engineering across most of PAR’s SaaS products. Together, the three individuals have a complementing set of responsibilities to align, implement and govern cybersecurity policies, standards and technology controls throughout PAR.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|Our cyber risk assessment program is managed by our Information Security & Privacy team, which is led by our Vice President of Information Security & Privacy, who has over twenty-three (23) years of experience in the cybersecurity and technology industry.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|our Vice President of Information Security & Privacy, who has over twenty-three (23) years of experience in the cybersecurity and technology industry.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|The Vice President of Information Security & Privacy reports to our Chief Financial Officer. The Vice President of Information Security & Privacy oversees multiple teams that are operationally responsible for PAR’s cybersecurity, including IT Security, Cloud Security, and Development, Security & Operations, each of which provides regular updates to the Vice President of Information Security & Privacy regarding threat intelligence, cyber incidents, and cyber risk mitigation strategies as part of their responsibilities. The Vice President of Information Security & Privacy works closely with the Vice President of IT, who is responsible for PAR's information technology and digital transformation strategy, and with the Chief Technology Officer (CTO), who is responsible for software engineering across most of PAR’s SaaS products. Together, the three individuals have a complementing set of responsibilities to align, implement and govern cybersecurity policies, standards and technology controls throughout PAR.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef