XML 44 R30.htm IDEA: XBRL DOCUMENT v3.25.2
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Jun. 28, 2025
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

The Company has processes for overseeing and identifying cybersecurity threats, vulnerabilities, and controls associated with third-party service providers, including evaluating providers’ (i) cybersecurity ratings, (ii) public disclosures related to cybersecurity, (iii) cybersecurity questionnaire responses, and (iv) cybersecurity and IT certifications.

The Company provides quarterly updates to, and receives oversight from, the Technology and Risk Committee on the Company’s cybersecurity program, cybersecurity incidents, and the cybersecurity threat landscape. Responsible members of management provide updates to the Company’s senior executive team regarding all cybersecurity incidents, the cybersecurity program, and the threat landscape.

The Company’s enterprise risk management program (ERM) considers cybersecurity risks (including likelihood, potential severity, and mitigation) alongside other enterprise-wide risks as part of its overall ERM process. The GC&C team administers an IT risk management program that identifies and assesses cybersecurity risks. Its assessments are shared with the Company’s enterprise risk management council (ERM Council).

The GC&C team applies an incident response procedure. Among other things, the team appropriately escalates some incidents in real-time, depending on the incident’s potential impact and scope. Further, the GC&C team regularly collaborates with other departments—such as legal, corporate security, and human resources—when assessing, identifying, and managing cybersecurity incidents. The Company also retains external cybersecurity response consultants to assist internal resources as needed.

The Company regularly tests the effectiveness of its security program through internal audit and external assessments. The Company makes investments for continual improvements in risk and vulnerability mitigation, including ongoing monitoring, network and system updates, and employee cybersecurity awareness training.

The Company’s cybersecurity assessments and auditing include:

Regular penetration tests conducted by external consultants;

Regular maturity assessments conducted by external consultants;

Quarterly self-assessments of internal cybersecurity capabilities; and

Ongoing internal audits of cybersecurity systems and practices.

The Company’s employee communication and training program includes:

Annual tabletop exercises performed with its executive team;

Annual tabletop exercises with its cybersecurity incident response team;

Annually distributing the Global Information Security Policy (GISP) to all employees;

New hire and biennial computer-based training on data privacy and cybersecurity for all employees, with in-person training for high-risk positions;

Cybersecurity awareness training videos available to employees and updated quarterly;

Phishing simulations conducted with employees monthly; and

Newsletters distributed to all employees on relevant cybersecurity threats.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block] The Company’s enterprise risk management program (ERM) considers cybersecurity risks (including likelihood, potential severity, and mitigation) alongside other enterprise-wide risks as part of its overall ERM process. The GC&C team administers an IT risk management program that identifies and assesses cybersecurity risks. Its assessments are shared with the Company’s enterprise risk management council (ERM Council).
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block]

The Company provides quarterly updates to, and receives oversight from, the Technology and Risk Committee on the Company’s cybersecurity program, cybersecurity incidents, and the cybersecurity threat landscape. Responsible members of management provide updates to the Company’s senior executive team regarding all cybersecurity incidents, the cybersecurity program, and the threat landscape.

The Company’s enterprise risk management program (ERM) considers cybersecurity risks (including likelihood, potential severity, and mitigation) alongside other enterprise-wide risks as part of its overall ERM process. The GC&C team administers an IT risk management program that identifies and assesses cybersecurity risks. Its assessments are shared with the Company’s enterprise risk management council (ERM Council).

Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] Technology and Risk Committee
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]

The Company provides quarterly updates to, and receives oversight from, the Technology and Risk Committee on the Company’s cybersecurity program, cybersecurity incidents, and the cybersecurity threat landscape. Responsible members of management provide updates to the Company’s senior executive team regarding all cybersecurity incidents, the cybersecurity program, and the threat landscape.

Cybersecurity Risk Role of Management [Text Block] The GC&C team applies an incident response procedure. Among other things, the team appropriately escalates some incidents in real-time, depending on the incident’s potential impact and scope. Further, the GC&C team regularly collaborates with other departments—such as legal, corporate security, and human resources—when assessing, identifying, and managing cybersecurity incidents.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] Chief Information Officer
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] extensive knowledge and experience regarding cybersecurity and the Company’s information technology systems
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]

The Company provides quarterly updates to, and receives oversight from, the Technology and Risk Committee on the Company’s cybersecurity program, cybersecurity incidents, and the cybersecurity threat landscape. Responsible members of management provide updates to the Company’s senior executive team regarding all cybersecurity incidents, the cybersecurity program, and the threat landscape.

The Company’s enterprise risk management program (ERM) considers cybersecurity risks (including likelihood, potential severity, and mitigation) alongside other enterprise-wide risks as part of its overall ERM process. The GC&C team administers an IT risk management program that identifies and assesses cybersecurity risks. Its assessments are shared with the Company’s enterprise risk management council (ERM Council).

Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true