XML 79 R36.htm IDEA: XBRL DOCUMENT v3.25.4
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Dec. 31, 2025
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
We maintain a technology and cybersecurity program, which includes information security, as part of our overall risk management process with the aim that our information systems, including those of our vendors and other third parties, will be resilient, effective and capable of safeguarding against emerging risks and cybersecurity threats. We endeavor to assure our program is appropriately resourced and to attract and retain expert talent to execute it.
In designing, operating, evaluating and maintaining our program we use internal and external resources and frameworks, including cybersecurity expert consultants, industry working groups, the U.S. NIST Cybersecurity Framework and the U.S. Cybersecurity Agency's National Cyber Incident Scoring System model to benchmark, inform and evaluate the design of our program, our operational capabilities and our program maturity.
We have designed our cybersecurity policies and procedures to align with international regulatory frameworks, including the NIS2 Directive in the E.U. Our program integrates periodic reviews and updates to ensure our controls remain effective and compliant with evolving international regulations.
Consistent with NIST 800-53, our technology and cybersecurity program and controls include a third party and vendor risk management component. As part of our vendor risk management program, we conduct security assessments prior to engagement of high-risk vendors and other third-party providers and have a monitoring program to evaluate ongoing compliance with our cybersecurity standards.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block] We maintain a technology and cybersecurity program, which includes information security, as part of our overall risk management process with the aim that our information systems, including those of our vendors and other third parties, will be resilient, effective and capable of safeguarding against emerging risks and cybersecurity threats. We endeavor to assure our program is appropriately resourced and to attract and retain expert talent to execute it.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block]
We are committed to appropriate cybersecurity governance and oversight. Our technology and cybersecurity program is the principal responsibility of our Chief Information Officer and CISO, each of whom have over 20 years of
experience in information systems, including cybersecurity training and experience. Additionally, we have a Cybersecurity steering committee that includes senior representatives from our Legal, Finance and IT departments, which meets regularly to discuss cybersecurity matters.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] Our technology and cybersecurity program is the principal responsibility of our Chief Information Officer and CISO, each of whom have over 20 years of
experience in information systems, including cybersecurity training and experience. Additionally, we have a Cybersecurity steering committee that includes senior representatives from our Legal, Finance and IT departments, which meets regularly to discuss cybersecurity matters.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
We are committed to appropriate cybersecurity governance and oversight. Our technology and cybersecurity program is the principal responsibility of our Chief Information Officer and CISO, each of whom have over 20 years of
experience in information systems, including cybersecurity training and experience. Additionally, we have a Cybersecurity steering committee that includes senior representatives from our Legal, Finance and IT departments, which meets regularly to discuss cybersecurity matters.
Our Board of Directors oversees management's processes for identifying and mitigating risks, including cybersecurity and information security risks. Our Board of Directors regularly reviews our technology and cybersecurity program and effectiveness, internal audits of our program, independent external expert evaluations of our program's maturity and operational readiness and the results of penetration testing. Our Board of Directors also receives cybersecurity updates and education on a broad range of topics, including:
Current cybersecurity landscape and emerging threats;
Status of ongoing cybersecurity initiatives and strategies;
Incident report and learnings from any cybersecurity events; and
Compliance with regulatory requirements and industry standards, including international regulations such as the NIS2 Directive in the E.U.
Cybersecurity Risk Role of Management [Text Block]
When a potential threat or incident is identified, our cyber security incident response team will assign a risk level classification and initiate the escalation and other steps called for by our plan. All incidents that are initially assessed by the cybersecurity incident response team as potentially high-risk are escalated promptly to our CISO. Our CISO, Chief Legal Officer and Chief Financial Officer, will determine whether and what elements of our cybersecurity crisis response and management plan should be activated, including escalation to other senior management or our Executive Committee. Our Executive Committee will inform our Board of Directors of cybersecurity incidents, as appropriate, considering a variety of factors, including financial, operational, legal or reputational impact.
Our program's maturity and operational readiness are regularly evaluated by internal audit and independent experts using the U.S. NIST's CyberSecurity Framework and penetration tests. Our program, and the results of these independent evaluations and testing, are regularly reviewed by our senior management and members of our Board of Directors.
CYBERSECURITY RISK GOVERNANCE
We are committed to appropriate cybersecurity governance and oversight. Our technology and cybersecurity program is the principal responsibility of our Chief Information Officer and CISO, each of whom have over 20 years of
experience in information systems, including cybersecurity training and experience. Additionally, we have a Cybersecurity steering committee that includes senior representatives from our Legal, Finance and IT departments, which meets regularly to discuss cybersecurity matters.
Our Board of Directors oversees management's processes for identifying and mitigating risks, including cybersecurity and information security risks. Our Board of Directors regularly reviews our technology and cybersecurity program and effectiveness, internal audits of our program, independent external expert evaluations of our program's maturity and operational readiness and the results of penetration testing. Our Board of Directors also receives cybersecurity updates and education on a broad range of topics, including:
Current cybersecurity landscape and emerging threats;
Status of ongoing cybersecurity initiatives and strategies;
Incident report and learnings from any cybersecurity events; and
Compliance with regulatory requirements and industry standards, including international regulations such as the NIS2 Directive in the E.U.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] Our technology and cybersecurity program is the principal responsibility of our Chief Information Officer and CISO, each of whom have over 20 years of
experience in information systems, including cybersecurity training and experience. Additionally, we have a Cybersecurity steering committee that includes senior representatives from our Legal, Finance and IT departments, which meets regularly to discuss cybersecurity matters.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] 20 years of experience in information systems, including cybersecurity training and experience
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
We are committed to appropriate cybersecurity governance and oversight. Our technology and cybersecurity program is the principal responsibility of our Chief Information Officer and CISO, each of whom have over 20 years of
experience in information systems, including cybersecurity training and experience. Additionally, we have a Cybersecurity steering committee that includes senior representatives from our Legal, Finance and IT departments, which meets regularly to discuss cybersecurity matters.
Our Board of Directors oversees management's processes for identifying and mitigating risks, including cybersecurity and information security risks. Our Board of Directors regularly reviews our technology and cybersecurity program and effectiveness, internal audits of our program, independent external expert evaluations of our program's maturity and operational readiness and the results of penetration testing. Our Board of Directors also receives cybersecurity updates and education on a broad range of topics, including:
Current cybersecurity landscape and emerging threats;
Status of ongoing cybersecurity initiatives and strategies;
Incident report and learnings from any cybersecurity events; and
Compliance with regulatory requirements and industry standards, including international regulations such as the NIS2 Directive in the E.U.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true