|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Reporting to the CIO, the CISO manages Cybersecurity at Clean Harbors and is a Certified Informational Systems Security Professional. The CISO leads the Clean Harbors’ cybersecurity response program based on the National Institute of Standards and Technology (“NIST”) Cybersecurity Framework providing a collaborative, balanced risk based approach to securing and defending the Company.
The CISO leverages open source and private threat intelligence sources to remain current about the latest developments in cybersecurity, including potential threats and risk management techniques. The CISO implements and
oversees processes and technologies for regular monitoring of our information systems. Third party cybersecurity advisory services are employed to consult on, monitor, respond and/or assess our IT landscape and cybersecurity response.
The CISO is also responsible for the ongoing cybersecurity awareness, training and education of the employees of Clean Harbors and any other parties that may interact with the Company’s information technology systems. Awareness activities include cybersecurity training, simulated exercises, cross functional tabletop exercises and internal communication updates. In the event of a cybersecurity incident, the CISO is equipped with a well-defined incident response plan which has been communicated to the IT and operational organization. This plan includes immediate actions to mitigate the impact, solutions to enable the restoration of business critical technology and long-term strategies for remediation and prevention of future incidents.
Risks from Cybersecurity ThreatsThe Company has not encountered cybersecurity challenges that have materially impacted our operations or financial results. The Company has included the relevant potential risks from cybersecurity threats as part of the Company’s Risk Factors in Item 1A herein.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
Clean Harbors recognizes the critical importance of developing, implementing and maintaining cybersecurity measures to safeguard our information technology. The Company has integrated cybersecurity risk management into our overall risk management framework to collectively assess and respond to operational, financial and cybersecurity risks.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
The Board of Directors is acutely aware of the critical nature of managing risks associated with cybersecurity threats. The Board, led by the Executive Chairman Alan McKim, who is also the Chief Technology Officer of the Company, has primary oversight responsibilities for cybersecurity risks and therefore has established oversight mechanisms to ensure effective governance in managing risks associated with cybersecurity threats.
We have a special subcommittee of the Board of Directors with the goal of reviewing the Company’s overall cybersecurity risk and response landscape. The special Cybersecurity subcommittee is comprised of board members with diverse expertise including risk management, technology and finance, with two members holding Cybersecurity Oversight Certificates issued by the National Association of Corporate Directors and Carnegie Mellon University.
The Chief Information Security Officer (“CISO”) and Chief Information Officer (“CIO”) provide comprehensive briefings throughout the year to the Cybersecurity subcommittee, which meets quarterly. The chair of the Cybersecurity subcommittee provides updates on the subcommittee’s activities to the Board of Directors and, from time to time as warranted, the CISO and CIO will present to the full Board of Directors as well. The briefings include the current landscape of cybersecurity risks and emerging threats, relevant Company infrastructure and tools employed to address these risk and threats, status of ongoing initiatives, incident reports and learnings and compliance with regulatory requirements and industry standards.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
The Board of Directors is acutely aware of the critical nature of managing risks associated with cybersecurity threats. The Board, led by the Executive Chairman Alan McKim, who is also the Chief Technology Officer of the Company, has primary oversight responsibilities for cybersecurity risks and therefore has established oversight mechanisms to ensure effective governance in managing risks associated with cybersecurity threats.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
The Chief Information Security Officer (“CISO”) and Chief Information Officer (“CIO”) provide comprehensive briefings throughout the year to the Cybersecurity subcommittee, which meets quarterly. The chair of the Cybersecurity subcommittee provides updates on the subcommittee’s activities to the Board of Directors and, from time to time as warranted, the CISO and CIO will present to the full Board of Directors as well. The briefings include the current landscape of cybersecurity risks and emerging threats, relevant Company infrastructure and tools employed to address these risk and threats, status of ongoing initiatives, incident reports and learnings and compliance with regulatory requirements and industry standards.
|Cybersecurity Risk Role of Management [Text Block]
|
Reporting to the CIO, the CISO manages Cybersecurity at Clean Harbors and is a Certified Informational Systems Security Professional. The CISO leads the Clean Harbors’ cybersecurity response program based on the National Institute of Standards and Technology (“NIST”) Cybersecurity Framework providing a collaborative, balanced risk based approach to securing and defending the Company.
The CISO leverages open source and private threat intelligence sources to remain current about the latest developments in cybersecurity, including potential threats and risk management techniques. The CISO implements and
oversees processes and technologies for regular monitoring of our information systems. Third party cybersecurity advisory services are employed to consult on, monitor, respond and/or assess our IT landscape and cybersecurity response.
The CISO is also responsible for the ongoing cybersecurity awareness, training and education of the employees of Clean Harbors and any other parties that may interact with the Company’s information technology systems. Awareness activities include cybersecurity training, simulated exercises, cross functional tabletop exercises and internal communication updates. In the event of a cybersecurity incident, the CISO is equipped with a well-defined incident response plan which has been communicated to the IT and operational organization. This plan includes immediate actions to mitigate the impact, solutions to enable the restoration of business critical technology and long-term strategies for remediation and prevention of future incidents.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|
The Chief Information Security Officer (“CISO”) and Chief Information Officer (“CIO”) provide comprehensive briefings throughout the year to the Cybersecurity subcommittee, which meets quarterly. The chair of the Cybersecurity subcommittee provides updates on the subcommittee’s activities to the Board of Directors and, from time to time as warranted, the CISO and CIO will present to the full Board of Directors as well. The briefings include the current landscape of cybersecurity risks and emerging threats, relevant Company infrastructure and tools employed to address these risk and threats, status of ongoing initiatives, incident reports and learnings and compliance with regulatory requirements and industry standards.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Reporting to the CIO, the CISO manages Cybersecurity at Clean Harbors and is a Certified Informational Systems Security Professional.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|
The Chief Information Security Officer (“CISO”) and Chief Information Officer (“CIO”) provide comprehensive briefings throughout the year to the Cybersecurity subcommittee, which meets quarterly. The chair of the Cybersecurity subcommittee provides updates on the subcommittee’s activities to the Board of Directors and, from time to time as warranted, the CISO and CIO will present to the full Board of Directors as well. The briefings include the current landscape of cybersecurity risks and emerging threats, relevant Company infrastructure and tools employed to address these risk and threats, status of ongoing initiatives, incident reports and learnings and compliance with regulatory requirements and industry standards.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef