XML 50 R29.htm IDEA: XBRL DOCUMENT v3.25.0.1
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Dec. 28, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
Our cybersecurity risk management program, which is designed to protect the confidentiality, integrity and availability of our critical systems and information, includes a comprehensive cybersecurity incident response plan.
We design and assess our program based on the ISO 27000 and the National Institute of Standards and Technology (NIST) SP-800 and Cybersecurity Framework. We use these frameworks to help us identify, assess and manage cybersecurity risks relevant to our business and do not intend to suggest that we meet any particular technical standards, specifications or requirements.
Our cybersecurity risk management program complements our overall enterprise risk management program, using similar methodologies and governance processes to identify risks and mitigating strategies.
Our cybersecurity risk management program includes risk assessments designed to help identify potentially material cybersecurity risks to our critical systems, information, products and services, as well as our broader enterprise information technology environment; an information technology security team principally responsible for managing our cybersecurity risk assessment processes, security controls and response to any cybersecurity events; the use of third party experts and service providers, where appropriate, to assess, test and otherwise assist with protecting our security environment; cybersecurity awareness training for our employees and further training for our incident response personnel and senior management; a cybersecurity incident response plan that includes procedures for assessing and coordinating our response to cybersecurity events; and a third-party risk management process for service providers, suppliers and vendors.
We have not experienced cybersecurity events that have materially affected our operations, results of operations, or financial condition. However, we face certain ongoing risks from cybersecurity threats that, if realized, would be reasonably likely to materially affect us, including our operations, results of operations, or financial condition.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block]
We design and assess our program based on the ISO 27000 and the National Institute of Standards and Technology (NIST) SP-800 and Cybersecurity Framework. We use these frameworks to help us identify, assess and manage cybersecurity risks relevant to our business and do not intend to suggest that we meet any particular technical standards, specifications or requirements.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block]
Our Board of Directors (our “Board”) considers cybersecurity risk as part of its risk oversight function and has delegated to the Audit Committee primary responsibility for overseeing our cybersecurity risk management program and engaging with management on cybersecurity and other risks related to our information technology controls and security. Our Information Security Officer (“ISO”) reports directly to our Chief Information Officer (“CIO”), a member of our Company Leadership Team and direct report of our Chief Executive Officer (“CEO”). The CIO and ISO together provide updates and discuss our cybersecurity preparedness with the Audit Committee at least semiannually, which its Chair then reports on to our full Board. Management updates the Audit Committee, if and as needed, regarding any significant cybersecurity events, as well as events that may have had lesser potential impact.
Our cybersecurity leadership team ("CSLT"), which includes leaders accountable for security operations, incident response, risk and compliance, data security, application security, digital solutions security, vulnerability management and operational technology security, is responsible for assessing and managing our risks from cybersecurity threats. The team has primary responsibility for our overall cybersecurity risk management program and supervises both our internal cybersecurity personnel and our external cybersecurity consultants. Information security personnel maintain a variety of technical and managerial security certifications and have broad security experience in manufacturing, finance, software and information technology environments.
The CSLT supervises our efforts to prevent, detect, mitigate and remediate cybersecurity risks and incidents through a variety of means, which may include briefings from internal security personnel; threat intelligence and other information obtained from governmental, public or private sources, including external consultants; and reports from cybersecurity systems deployed in our information technology environment.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] Our Board of Directors (our “Board”) considers cybersecurity risk as part of its risk oversight function and has delegated to the Audit Committee primary responsibility for overseeing our cybersecurity risk management program and engaging with management on cybersecurity and other risks related to our information technology controls and security.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] Management updates the Audit Committee, if and as needed, regarding any significant cybersecurity events, as well as events that may have had lesser potential impact.
Cybersecurity Risk Role of Management [Text Block] Our cybersecurity leadership team ("CSLT"), which includes leaders accountable for security operations, incident response, risk and compliance, data security, application security, digital solutions security, vulnerability management and operational technology security, is responsible for assessing and managing our risks from cybersecurity threats. The team has primary responsibility for our overall cybersecurity risk management program and supervises both our internal cybersecurity personnel and our external cybersecurity consultants.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
Our Board of Directors (our “Board”) considers cybersecurity risk as part of its risk oversight function and has delegated to the Audit Committee primary responsibility for overseeing our cybersecurity risk management program and engaging with management on cybersecurity and other risks related to our information technology controls and security. Our Information Security Officer (“ISO”) reports directly to our Chief Information Officer (“CIO”), a member of our Company Leadership Team and direct report of our Chief Executive Officer (“CEO”). The CIO and ISO together provide updates and discuss our cybersecurity preparedness with the Audit Committee at least semiannually, which its Chair then reports on to our full Board. Management updates the Audit Committee, if and as needed, regarding any significant cybersecurity events, as well as events that may have had lesser potential impact.
Our cybersecurity leadership team ("CSLT"), which includes leaders accountable for security operations, incident response, risk and compliance, data security, application security, digital solutions security, vulnerability management and operational technology security, is responsible for assessing and managing our risks from cybersecurity threats. The team has primary responsibility for our overall cybersecurity risk management program and supervises both our internal cybersecurity personnel and our external cybersecurity consultants. Information security personnel maintain a variety of technical and managerial security certifications and have broad security experience in manufacturing, finance, software and information technology environments.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] Information security personnel maintain a variety of technical and managerial security certifications and have broad security experience in manufacturing, finance, software and information technology environments.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] Our Board of Directors (our “Board”) considers cybersecurity risk as part of its risk oversight function and has delegated to the Audit Committee primary responsibility for overseeing our cybersecurity risk management program and engaging with management on cybersecurity and other risks related to our information technology controls and security.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true