Cybersecurity Risk Management and Strategy Disclosure |
12 Months Ended |
|---|---|
Dec. 26, 2024 | |
| Cybersecurity Risk Management, Strategy, and Governance [Line Items] | |
| Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] |
We maintain a system of data protection and cybersecurity resources, technology, and processes. We regularly evaluate new and emerging risks and ever-changing legal and compliance requirements. We make strategic investments to address these risks and compliance requirements. We also perform annual and ongoing cybersecurity awareness training, which includes regular simulated phishing campaigns. We also run tabletop exercises, including with external advisors, to simulate a response to a cybersecurity incident, and we use the findings to improve our practices, procedures, incident response plan, and technologies. In the event of a cybersecurity incident, we have worked with external advisors to develop an incident response plan, which provides guidelines for responding to an incident and facilitates coordination across multiple parts of our Company. The incident response plan includes a procedure for notifying the CISO and CIO of any incident as well as a procedure for reporting any material incidents to the Audit Committee of our Board (the “Audit Committee”) and Board as appropriate.
Our cybersecurity risk program is structured according to the National Institute of Standards and Technology (NIST) Cybersecurity framework. This program includes multiple layers of security controls, including network segmentation, security monitoring, endpoint protection, and identity and access management. The Company annually engages third parties to advise and assess the Company’s cybersecurity programs, including to engage in penetration testing. The results of these assessments are reported to the CISO, and our CISO, in consultation with our CIO and CLO, uses the findings to improve our practices, procedures, and technologies. A summary of our cybersecurity efforts is reported periodically to the Audit Committee, which has primary responsibility for oversight and review of guidelines and policies with respect to risk assessment and risk management, including cybersecurity. Our Board also receives periodic updates relating to information security and cybersecurity risks. We have also purchased cyber liability insurance to provide a level of financial protection against the potential losses arising from a cybersecurity incident. However, there is no assurance that our insurance coverage will cover or be sufficient to cover all losses or claims that may result from a cybersecurity incident.
Our CISO, CIO, and CLO collectively have over 35 years of business experience managing risks from cybersecurity threats and developing and implementing cybersecurity policies and procedures. Team members who support our information security program have relevant educational and industry experience.
During fiscal years 2024, 2023, and 2022, we did not experience a material information security breach incident, and the expenses we have incurred from information security breach incidents have been immaterial. We are not currently aware of any cybersecurity risks that are reasonably likely to materially affect our business. However, future incidents could have a material impact on our business strategy, results of operations, or financial condition. For additional discussion of the risks posed by cybersecurity threats that are reasonably likely to materially affect us, refer to Item 1A, “Risk Factors” in Part I of this Annual Report.
|
| Cybersecurity Risk Management Processes Integrated [Flag] | true |
| Cybersecurity Risk Management Processes Integrated [Text Block] | We maintain a system of data protection and cybersecurity resources, technology, and processes.This program includes multiple layers of security controls, including network segmentation, security monitoring, endpoint protection, and identity and access management. |
| Cybersecurity Risk Management Third Party Engaged [Flag] | true |
| Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] | true |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] | false |
| Cybersecurity Risk Board of Directors Oversight [Text Block] | Our enterprise risk management program is reviewed annually with our Board. |
| Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] | Cybersecurity is the responsibility of our information security team, overseen by our Chief Information Security Officer (“CISO”). Our CISO reports to our Chief Information Officer (“CIO”), and our CISO and CIO regularly meet with our Chief Legal Officer (“CLO”) to review cybersecurity risks and evaluate their nature and severity, as well as identify potential mitigations and assess the impact of those mitigations on residual risk.Our enterprise risk management program is reviewed annually with our Board. |
| Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] |
Cybersecurity is the responsibility of our information security team, overseen by our Chief Information Security Officer (“CISO”). Our CISO reports to our Chief Information Officer (“CIO”), and our CISO and CIO regularly meet with our Chief Legal Officer (“CLO”) to review cybersecurity risks and evaluate their nature and severity, as well as identify potential mitigations and assess the impact of those mitigations on residual risk. Our enterprise risk management program also considers cybersecurity risks, including risks associated with our use of third-party service providers, alongside other company risks, and as part of these efforts, we gather information necessary to identify cybersecurity risks and evaluate their nature and severity, as well as identify mitigations and assess the impact of those mitigations on residual risk. Our enterprise risk management program is reviewed annually with our Board.
|
| Cybersecurity Risk Role of Management [Text Block] |
Cybersecurity is the responsibility of our information security team, overseen by our Chief Information Security Officer (“CISO”). Our CISO reports to our Chief Information Officer (“CIO”), and our CISO and CIO regularly meet with our Chief Legal Officer (“CLO”) to review cybersecurity risks and evaluate their nature and severity, as well as identify potential mitigations and assess the impact of those mitigations on residual risk. Our enterprise risk management program also considers cybersecurity risks, including risks associated with our use of third-party service providers, alongside other company risks, and as part of these efforts, we gather information necessary to identify cybersecurity risks and evaluate their nature and severity, as well as identify mitigations and assess the impact of those mitigations on residual risk. Our enterprise risk management program is reviewed annually with our Board.
We maintain a system of data protection and cybersecurity resources, technology, and processes. We regularly evaluate new and emerging risks and ever-changing legal and compliance requirements. We make strategic investments to address these risks and compliance requirements. We also perform annual and ongoing cybersecurity awareness training, which includes regular simulated phishing campaigns. We also run tabletop exercises, including with external advisors, to simulate a response to a cybersecurity incident, and we use the findings to improve our practices, procedures, incident response plan, and technologies. In the event of a cybersecurity incident, we have worked with external advisors to develop an incident response plan, which provides guidelines for responding to an incident and facilitates coordination across multiple parts of our Company. The incident response plan includes a procedure for notifying the CISO and CIO of any incident as well as a procedure for reporting any material incidents to the Audit Committee of our Board (the “Audit Committee”) and Board as appropriate.
Our cybersecurity risk program is structured according to the National Institute of Standards and Technology (NIST) Cybersecurity framework. This program includes multiple layers of security controls, including network segmentation, security monitoring, endpoint protection, and identity and access management. The Company annually engages third parties to advise and assess the Company’s cybersecurity programs, including to engage in penetration testing. The results of these assessments are reported to the CISO, and our CISO, in consultation with our CIO and CLO, uses the findings to improve our practices, procedures, and technologies. A summary of our cybersecurity efforts is reported periodically to the Audit Committee, which has primary responsibility for oversight and review of guidelines and policies with respect to risk assessment and risk management, including cybersecurity. Our Board also receives periodic updates relating to information security and cybersecurity risks. We have also purchased cyber liability insurance to provide a level of financial protection against the potential losses arising from a cybersecurity incident. However, there is no assurance that our insurance coverage will cover or be sufficient to cover all losses or claims that may result from a cybersecurity incident.
|
| Cybersecurity Risk Management Positions or Committees Responsible [Flag] | true |
| Cybersecurity Risk Management Positions or Committees Responsible [Text Block] | Cybersecurity is the responsibility of our information security team, overseen by our Chief Information Security Officer (“CISO”). Our CISO reports to our Chief Information Officer (“CIO”), and our CISO and CIO regularly meet with our Chief Legal Officer (“CLO”) to review cybersecurity risks and evaluate their nature and severity, as well as identify potential mitigations and assess the impact of those mitigations on residual risk. |
| Cybersecurity Risk Management Expertise of Management Responsible [Text Block] |
Our CISO, CIO, and CLO collectively have over 35 years of business experience managing risks from cybersecurity threats and developing and implementing cybersecurity policies and procedures. Team members who support our information security program have relevant educational and industry experience.
|
| Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] | The incident response plan includes a procedure for notifying the CISO and CIO of any incident as well as a procedure for reporting any material incidents to the Audit Committee of our Board (the “Audit Committee”) and Board as appropriate. |
| Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] | true |