|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Apr. 30, 2025
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Our operations rely on both on-premises and cloud-hosted IT solutions for critical business processes such as compliance, reporting, marketing, e-commerce, operations, product development, manufacturing, distribution, data management, and stakeholder communication. Recognizing the paramount importance of cybersecurity in today's digital landscape, we are committed to safeguarding our information assets, protecting consumer data, and maintaining the integrity and availability of our systems. To this end, we have implemented a comprehensive cybersecurity risk management framework designed to identify, assess, mitigate, and prevent potential cybersecurity risks, aligning with industry best practices and all applicable regulatory requirements. We evaluate our cybersecurity risk management framework against the National Institute of Standards and Technology's Cybersecurity Framework ("NIST-CSF"), which outlines the core components and responsibilities necessary to sustain a robust and well-balanced cybersecurity program.
The foundation of our framework rests on these key principles: (i) risk assessment and threat intelligence gathering; (ii) implementing robust security controls; (iii) maintaining effective incident response capabilities; (iv) promoting employee awareness and providing cybersecurity training; (v) managing third-party risks; and (vi) providing governance aligning with business objectives and ensuring senior leadership accountability for cyber security risk management. We continue to integrate our cybersecurity framework into our overarching enterprise risk management processes, enabling us to capitalize on our extensive enterprise-wide experience in risk management and swiftly adapt to the ever-evolving cybersecurity threat landscape.
Risk Assessment and Threat Intelligence: Under the oversight of the Vice President of Information Security who operates as our Chief Information Security Officer ("CISO"), we conduct periodic risk assessments to pinpoint potential cybersecurity vulnerabilities and threats. These assessments entail evaluating the security posture of critical systems, networks, and applications, as well as analyzing the potential impact of cybersecurity threats on our business operations, financial condition, and reputation. Additionally, we perform continuous threat monitoring and deployed monitoring systems, encompassing
technologies such as intrusion detection systems, security information and event management tools, and threat intelligence programs.
To ensure the effectiveness of our existing cybersecurity controls and processes, and identify areas for improvement based on the latest industry best practices, we regularly engage third-party consulting services to conduct independent audits and assessments. Additionally, we leverage external expertise to evaluate our cybersecurity and risk management strategy, review policies and procedures to address emerging risks, and maintain ongoing compliance with evolving legal and regulatory requirements.
Security Controls: Our approach to cybersecurity employs a multi-layered strategy, implementing a range of technical administrative and physical controls to safeguard critical systems and data. These controls encompass (i) firewalls, intrusion detection, and prevention systems to monitor and block unauthorized access attempts, detect and prevent malicious activities, and protect network infrastructure; (ii) encryption, including secure protocols and multi-factor authentication, to secure information in transit and at rest; and (iii) a secure network architecture that segregates critical systems from the public internet, limiting exposure to potential threats. We also conduct regular security patching to mitigate emerging cyber threats proactively.
Incident Response: We have implemented an incident response plan and playbook, encompassing procedures designed to respond to and recover from internal cybersecurity incidents. In collaboration with third-party security consultants, we conduct ongoing reviews and tabletop exercises of these procedures, which provide detailed descriptions of the roles and responsibilities of key stakeholders, as well as the protocols for communication and coordination during an incident. The procedures also outline guidelines for escalating incident information to our Cybersecurity Steering Committee, senior management, our Audit Committee (which, as discussed below, has been delegated the responsibility for our Board cybersecurity risk oversight function), our full Board, and for providing timely public disclosure when necessary.
Employee Awareness and Training: Our employees play a pivotal role in maintaining a strong cybersecurity posture. Our Information Security Policy Framework outlines the requirements for employee conduct concerning company information and company-managed devices, encompassing relevant privacy, data security, and data retention policies. We believe our Information Security Policy Framework aligns with industry best practices and applicable legal and regulatory requirements. Complementing our Information Security Policy Framework, we conduct regular cybersecurity training campaigns that emphasize the importance of cybersecurity awareness. These campaigns address relevant cybersecurity topics, such as common cybersecurity threats, phishing awareness, and best practices for safeguarding sensitive information. Employees are held accountable for completing all assigned cybersecurity programs and meeting certain performance thresholds in phishing awareness and testing exercises.
Third-Party Risk Management: We recognize the potential cybersecurity risks inherent in our relationships with third parties. To address this, we are implementing a comprehensive third-party risk management program designed to identify and oversee such risks. This program will rely on key elements, including risk assessment, due diligence, contractual provisions, and ongoing monitoring, to identify and mitigate impacts from high-risk third parties and specific risks. We will utilize security risk assessment questionnaire tools to identify high-risk third parties, enabling us to proactively and effectively assess and mitigate potential security vulnerabilities.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
The foundation of our framework rests on these key principles: (i) risk assessment and threat intelligence gathering; (ii) implementing robust security controls; (iii) maintaining effective incident response capabilities; (iv) promoting employee awareness and providing cybersecurity training; (v) managing third-party risks; and (vi) providing governance aligning with business objectives and ensuring senior leadership accountability for cyber security risk management. We continue to integrate our cybersecurity framework into our overarching enterprise risk management processes, enabling us to capitalize on our extensive enterprise-wide experience in risk management and swiftly adapt to the ever-evolving cybersecurity threat landscape.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Governance: Our Board dedicates time and attention to our cybersecurity and information technology risks. The Board executes its cybersecurity risk oversight function collectively and by delegating responsibility to our Audit Committee. Our CISO presents to the Board at least annually and to our Audit Committee at least quarterly, covering a broad range of topics, such as recent and potential cybersecurity threats and incidents across our industry, best practices and policies, emerging trends, vulnerability assessments, and management's ongoing efforts to prevent, detect, and address internal and external cybersecurity threats specific to our organization. These briefings also include periodic third-party cybersecurity program assessments, benchmarks, and updates from our cybersecurity incident management exercises. Cybersecurity risks are documented and shared with our Audit Committee and the Board quarterly.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
While our Board and Audit Committee oversee cybersecurity risk, senior management is responsible for actively managing cybersecurity risk, including overseeing and executing the risk management strategies discussed above. Senior management reports to the Board annually on our enterprise risk management processes, ensuring transparency and accountability.
Additionally, our Cybersecurity Steering Committee is co-chaired by our CISO and Cybersecurity, Governance Risk and Compliance manager along with other key leaders, including the Chief Human Resources Officer, Vice President of Finance, Corporate Controller, Senior Corporate Risk Manager, Director of Enterprise Infrastructure and Vice President of Internal Audit, all overseeing the management of key cybersecurity risks and strategy for the organization. Our CISO has over 25 years of cybersecurity and corporate risk management experience. The Cybersecurity Steering Committee meets and receives quarterly updates, which provide ongoing visibility into cybersecurity risks and mitigation efforts.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
Governance: Our Board dedicates time and attention to our cybersecurity and information technology risks. The Board executes its cybersecurity risk oversight function collectively and by delegating responsibility to our Audit Committee. Our CISO presents to the Board at least annually and to our Audit Committee at least quarterly, covering a broad range of topics, such as recent and potential cybersecurity threats and incidents across our industry, best practices and policies, emerging trends, vulnerability assessments, and management's ongoing efforts to prevent, detect, and address internal and external cybersecurity threats specific to our organization. These briefings also include periodic third-party cybersecurity program assessments, benchmarks, and updates from our cybersecurity incident management exercises. Cybersecurity risks are documented and shared with our Audit Committee and the Board quarterly.
While our Board and Audit Committee oversee cybersecurity risk, senior management is responsible for actively managing cybersecurity risk, including overseeing and executing the risk management strategies discussed above. Senior management reports to the Board annually on our enterprise risk management processes, ensuring transparency and accountability.
Additionally, our Cybersecurity Steering Committee is co-chaired by our CISO and Cybersecurity, Governance Risk and Compliance manager along with other key leaders, including the Chief Human Resources Officer, Vice President of Finance, Corporate Controller, Senior Corporate Risk Manager, Director of Enterprise Infrastructure and Vice President of Internal Audit, all overseeing the management of key cybersecurity risks and strategy for the organization. Our CISO has over 25 years of cybersecurity and corporate risk management experience. The Cybersecurity Steering Committee meets and receives quarterly updates, which provide ongoing visibility into cybersecurity risks and mitigation efforts.
|Cybersecurity Risk Role of Management [Text Block]
|
Governance: Our Board dedicates time and attention to our cybersecurity and information technology risks. The Board executes its cybersecurity risk oversight function collectively and by delegating responsibility to our Audit Committee. Our CISO presents to the Board at least annually and to our Audit Committee at least quarterly, covering a broad range of topics, such as recent and potential cybersecurity threats and incidents across our industry, best practices and policies, emerging trends, vulnerability assessments, and management's ongoing efforts to prevent, detect, and address internal and external cybersecurity threats specific to our organization. These briefings also include periodic third-party cybersecurity program assessments, benchmarks, and updates from our cybersecurity incident management exercises. Cybersecurity risks are documented and shared with our Audit Committee and the Board quarterly.
While our Board and Audit Committee oversee cybersecurity risk, senior management is responsible for actively managing cybersecurity risk, including overseeing and executing the risk management strategies discussed above. Senior management reports to the Board annually on our enterprise risk management processes, ensuring transparency and accountability.
Additionally, our Cybersecurity Steering Committee is co-chaired by our CISO and Cybersecurity, Governance Risk and Compliance manager along with other key leaders, including the Chief Human Resources Officer, Vice President of Finance, Corporate Controller, Senior Corporate Risk Manager, Director of Enterprise Infrastructure and Vice President of Internal Audit, all overseeing the management of key cybersecurity risks and strategy for the organization. Our CISO has over 25 years of cybersecurity and corporate risk management experience. The Cybersecurity Steering Committee meets and receives quarterly updates, which provide ongoing visibility into cybersecurity risks and mitigation efforts.
Through this robust governance structure, involving Board oversight, senior management leadership, and a cross-functional committee, we maintain a proactive and comprehensive approach to managing cybersecurity risks across the organization.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|
While our Board and Audit Committee oversee cybersecurity risk, senior management is responsible for actively managing cybersecurity risk, including overseeing and executing the risk management strategies discussed above. Senior management reports to the Board annually on our enterprise risk management processes, ensuring transparency and accountability.
Additionally, our Cybersecurity Steering Committee is co-chaired by our CISO and Cybersecurity, Governance Risk and Compliance manager along with other key leaders, including the Chief Human Resources Officer, Vice President of Finance, Corporate Controller, Senior Corporate Risk Manager, Director of Enterprise Infrastructure and Vice President of Internal Audit, all overseeing the management of key cybersecurity risks and strategy for the organization. Our CISO has over 25 years of cybersecurity and corporate risk management experience. The Cybersecurity Steering Committee meets and receives quarterly updates, which provide ongoing visibility into cybersecurity risks and mitigation efforts.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Our CISO has over 25 years of cybersecurity and corporate risk management experience.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|
Governance: Our Board dedicates time and attention to our cybersecurity and information technology risks. The Board executes its cybersecurity risk oversight function collectively and by delegating responsibility to our Audit Committee. Our CISO presents to the Board at least annually and to our Audit Committee at least quarterly, covering a broad range of topics, such as recent and potential cybersecurity threats and incidents across our industry, best practices and policies, emerging trends, vulnerability assessments, and management's ongoing efforts to prevent, detect, and address internal and external cybersecurity threats specific to our organization. These briefings also include periodic third-party cybersecurity program assessments, benchmarks, and updates from our cybersecurity incident management exercises. Cybersecurity risks are documented and shared with our Audit Committee and the Board quarterly.
While our Board and Audit Committee oversee cybersecurity risk, senior management is responsible for actively managing cybersecurity risk, including overseeing and executing the risk management strategies discussed above. Senior management reports to the Board annually on our enterprise risk management processes, ensuring transparency and accountability.
Additionally, our Cybersecurity Steering Committee is co-chaired by our CISO and Cybersecurity, Governance Risk and Compliance manager along with other key leaders, including the Chief Human Resources Officer, Vice President of Finance, Corporate Controller, Senior Corporate Risk Manager, Director of Enterprise Infrastructure and Vice President of Internal Audit, all overseeing the management of key cybersecurity risks and strategy for the organization. Our CISO has over 25 years of cybersecurity and corporate risk management experience. The Cybersecurity Steering Committee meets and receives quarterly updates, which provide ongoing visibility into cybersecurity risks and mitigation efforts.
Through this robust governance structure, involving Board oversight, senior management leadership, and a cross-functional committee, we maintain a proactive and comprehensive approach to managing cybersecurity risks across the organization.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef