XML 55 R36.htm IDEA: XBRL DOCUMENT v3.25.0.1
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
Our cybersecurity program is designed to protect the integrity of our information and the proper functioning and availability of the information systems that help operate our business. We utilize the National Institute of Standards and Technology's Cybersecurity Framework (NIST CSF) to inform our cybersecurity program and maintain International Organization for Standardization 27001 (ISO 27001) certification. We have created and implemented processes that assess, identify, respond to and manage cybersecurity threats and incidents, and we oversee these processes to minimize the occurrence and impact of any unauthorized access, disruption or use of our information or that of our customers. We have a robust set of information security policies related to encryption of data, anti-virus, firewalls, multi-factor authentication, training of employees, as well as incident response capabilities designed to proactively identify risks and mitigate attacks and unauthorized access attempts to our systems, amongst other measures.
Our cybersecurity program is also evaluated at least annually by external experts, and the results of those reviews are reported to our leadership team and the board of directors. Cybersecurity risk is also evaluated as an enterprise-wide risk via our enterprise risk management program, which is reviewed by our leadership team and the board of directors. All employees are required to complete semiannual cybersecurity trainings and have access to more frequent cybersecurity trainings through online simulations. We also require employees in certain roles to complete additional role-based, specialized cybersecurity trainings.While we have experienced cybersecurity threats and breaches targeting our information technology systems, networks and information, and those of our third-party providers and customers, to date, these incidents have not had a material impact on our financial condition or results of operations. In the event of a cybersecurity incident, we assess whether such incident had a material impact, and in certain cases, such assessment is reviewed by our leadership team, including the Chief Executive Officer, outside legal advisors and other third-party advisors.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block]
Our cybersecurity program is designed to protect the integrity of our information and the proper functioning and availability of the information systems that help operate our business. We utilize the National Institute of Standards and Technology's Cybersecurity Framework (NIST CSF) to inform our cybersecurity program and maintain International Organization for Standardization 27001 (ISO 27001) certification. We have created and implemented processes that assess, identify, respond to and manage cybersecurity threats and incidents, and we oversee these processes to minimize the occurrence and impact of any unauthorized access, disruption or use of our information or that of our customers. We have a robust set of information security policies related to encryption of data, anti-virus, firewalls, multi-factor authentication, training of employees, as well as incident response capabilities designed to proactively identify risks and mitigate attacks and unauthorized access attempts to our systems, amongst other measures.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block] Our cybersecurity program is evaluated by both our management and board of directors. Our Chief Information Officer supervises our cybersecurity program, and our Chief Information Security Officer (CISO) manages its daily operation.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] The CISO provides quarterly reports to the audit committee of our board of directors, which is responsible for overseeing cybersecurity and information technology and notifying the board of directors of any significant risks or updates.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] The CISO provides quarterly reports to the audit committee of our board of directors, which is responsible for overseeing cybersecurity and information technology and notifying the board of directors of any significant risks or updates. These reports may include updates on our enterprise-wide cybersecurity strategy, policies, processes and standards, as well as potential cybersecurity or information technology risks and threats.
Cybersecurity Risk Role of Management [Text Block]
Our cybersecurity program is evaluated by both our management and board of directors. Our Chief Information Officer supervises our cybersecurity program, and our Chief Information Security Officer (CISO) manages its daily operation. Our CISO has over two decades of experience in the cybersecurity and risk management fields, including over 15 years of experience leading cybersecurity oversight, as well as various industry-recognized certifications, such as the Certified Information Systems Security Professional and Auditors certifications. The CISO provides quarterly reports to the audit committee of our board of directors, which is responsible for overseeing cybersecurity and information technology and notifying the board of directors of any significant risks or updates. These reports may include updates on our enterprise-wide cybersecurity strategy, policies, processes and standards, as well as potential cybersecurity or information technology risks and threats. Our cybersecurity program is also evaluated at least annually by external experts, and the results of those reviews are reported to our leadership team and the board of directors. Cybersecurity risk is also evaluated as an enterprise-wide risk via our enterprise risk management program, which is reviewed by our leadership team and the board of directors. All employees are required to complete semiannual cybersecurity trainings and have access to more frequent cybersecurity trainings through online simulations. We also require employees in certain roles to complete additional role-based, specialized cybersecurity trainings.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] Our Chief Information Officer supervises our cybersecurity program, and our Chief Information Security Officer (CISO) manages its daily operation.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] Our CISO has over two decades of experience in the cybersecurity and risk management fields, including over 15 years of experience leading cybersecurity oversight, as well as various industry-recognized certifications, such as the Certified Information Systems Security Professional and Auditors certifications.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
Our cybersecurity program is evaluated by both our management and board of directors. Our Chief Information Officer supervises our cybersecurity program, and our Chief Information Security Officer (CISO) manages its daily operation. Our CISO has over two decades of experience in the cybersecurity and risk management fields, including over 15 years of experience leading cybersecurity oversight, as well as various industry-recognized certifications, such as the Certified Information Systems Security Professional and Auditors certifications. The CISO provides quarterly reports to the audit committee of our board of directors, which is responsible for overseeing cybersecurity and information technology and notifying the board of directors of any significant risks or updates. These reports may include updates on our enterprise-wide cybersecurity strategy, policies, processes and standards, as well as potential cybersecurity or information technology risks and threats. Our cybersecurity program is also evaluated at least annually by external experts, and the results of those reviews are reported to our leadership team and the board of directors. Cybersecurity risk is also evaluated as an enterprise-wide risk via our enterprise risk management program, which is reviewed by our leadership team and the board of directors. All employees are required to complete semiannual cybersecurity trainings and have access to more frequent cybersecurity trainings through online simulations. We also require employees in certain roles to complete additional role-based, specialized cybersecurity trainings.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true