Cybersecurity Risk Management and Strategy Disclosure |
12 Months Ended |
|---|---|
Apr. 30, 2025 | |
| Cybersecurity Risk Management, Strategy, and Governance [Line Items] | |
| Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] | Our Chief Information Security Officer (CISO) leads our Global Information Security team, reports to the Chief Information Officer (CIO), and meets regularly with other members of senior management. Our CISO holds advanced degrees in Computer Science and Business Administration, in addition to relevant IT and cybersecurity certifications from organizations such as the EC Council, ISACA, and CSA. She has served in various IT roles for over 20 years, including leading the IT Security function. Our Global Information Security team is responsible for the information security strategy, policy, security engineering, operations, and cyberthreat detection and response. Our Global Information Security team, which includes a security operations center, seeks to protect the company against reasonably foreseeable cyberthreats and risks. The cybersecurity team members have the qualifications and certifications required for their roles. In addition, they have relevant industry experience in selecting, deploying, and operating cybersecurity technologies, initiatives, and processes globally. In order to stay ahead of potential threats and enhance our overall security posture, we rely on threat intelligence as well as other information obtained from governmental, public, or private sources, including external consultants that we engage. We have made significant investments in people, processes, and technology to protect the confidentiality, integrity, and availability of our IT systems. As part of that effort, we utilize the National Institute of Standards and Technology Cybersecurity Framework as a guide for our security controls. We are continuing to advance towards an architecture based on “Zero-Trust” principles, where we continuously validate the identity and security posture of every user, device, application, or network component trying to leverage our IT resources. We temper this architecture with a business-risk-based approach that ensures we protect our digital assets while aligning our security measures with our overall organizational goals and priorities. In addition, our employees undergo annual security awareness training to improve their understanding of cybersecurity threats, and their ability to identify and escalate potential threats. In the event of an incident, we leverage a multi-layered set of plans that include Endpoint Detection and Response software, Security Information and Event Management tools for detection, a Cybersecurity Incident Response Plan, and a Disaster Recovery Response Plan for recovery. The recovery plans outline the steps to be followed from incident detection to mitigation, recovery, and notification, including notifying designated functional leadership teams, the Disclosure Committee, the General Counsel, other senior leadership, and the Board of Directors, as appropriate. These designated leaders assess various factors, including operational, financial, legal, regulatory, and reputational impacts on the Company to determine the materiality of the incident and the appropriate response. We have established a tiered risk management strategy that helps us to evaluate our ability to protect assets (data and systems) by identifying, assessing, and prioritizing associated risk through, among other tools, the use of a non-affiliated third-party assessor, audits by our internal audit team, tabletop exercises, penetration and vulnerability tests, and simulations. We report the results of these assessments to the Audit Committee of the Board of Directors. We rely on third-party service providers to deliver our products and services to our customers, including many of our technology initiatives. A cybersecurity incident at a supplier, subcontractor, or joint venture partner could materially adversely impact us. We evaluate third-party providers from a cybersecurity risk perspective, which may include an assessment of that service provider’s cybersecurity posture through a questionnaire, and include security and privacy addenda to our contracts where applicable. However, we rely on the third parties we use to implement security programs commensurate with their risk, and we cannot ensure in all circumstances that their efforts will be successful. Our systems periodically experience directed attacks intended to lead to interruptions and delays in our service and operations as well as loss, misuse, or theft of personal information (of third parties, employees and their beneficiaries, and customers) and other data. These incidents have not had a material impact on our services, systems, or business. However, despite our capabilities, processes, and other security measures we employ, we may not be aware of all vulnerabilities or might not accurately assess the risk of an incident. Additional information on cybersecurity risks we face can be found in Item 1A. Risk Factors, which should be read in conjunction with the foregoing information.
|
| Cybersecurity Risk Management Processes Integrated [Flag] | true |
| Cybersecurity Risk Management Processes Integrated [Text Block] | We have established a tiered risk management strategy that helps us to evaluate our ability to protect assets (data and systems) by identifying, assessing, and prioritizing associated risk through, among other tools, the use of a non-affiliated third-party assessor, audits by our internal audit team, tabletop exercises, penetration and vulnerability tests, and simulations. |
| Cybersecurity Risk Management Third Party Engaged [Flag] | true |
| Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] | true |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] | false |
| Cybersecurity Risk Board of Directors Oversight [Text Block] | The Board of Directors oversees management’s processes for identifying and mitigating risks, including cybersecurity risks, to help align our risk exposure with our strategic objectives. The Board of Directors has delegated oversight of risks related to cybersecurity to the Audit Committee. |
| Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] | The Audit Committee oversees our cybersecurity posture to assess key strategic, operational, and compliance risks. |
| Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] | Our CIO and CISO update the Audit Committee quarterly regarding cyber risks, the threat landscape, reports on our security roadmap, risk mitigation and governance, and any cybersecurity incidents. |
| Cybersecurity Risk Role of Management [Text Block] | Our Chief Information Security Officer (CISO) leads our Global Information Security team, reports to the Chief Information Officer (CIO), and meets regularly with other members of senior management. Our CISO holds advanced degrees in Computer Science and Business Administration, in addition to relevant IT and cybersecurity certifications from organizations such as the EC Council, ISACA, and CSA. She has served in various IT roles for over 20 years, including leading the IT Security function. Our Global Information Security team is responsible for the information security strategy, policy, security engineering, operations, and cyberthreat detection and response. Our Global Information Security team, which includes a security operations center, seeks to protect the company against reasonably foreseeable cyberthreats and risks. The cybersecurity team members have the qualifications and certifications required for their roles. In addition, they have relevant industry experience in selecting, deploying, and operating cybersecurity technologies, initiatives, and processes globally. In order to stay ahead of potential threats and enhance our overall security posture, we rely on threat intelligence as well as other information obtained from governmental, public, or private sources, including external consultants that we engage.
|
| Cybersecurity Risk Management Positions or Committees Responsible [Flag] | true |
| Cybersecurity Risk Management Positions or Committees Responsible [Text Block] | Our Chief Information Security Officer (CISO) leads our Global Information Security team, reports to the Chief Information Officer (CIO), and meets regularly with other members of senior management. |
| Cybersecurity Risk Management Expertise of Management Responsible [Text Block] | Our CISO holds advanced degrees in Computer Science and Business Administration, in addition to relevant IT and cybersecurity certifications from organizations such as the EC Council, ISACA, and CSA. She has served in various IT roles for over 20 years, including leading the IT Security function. |
| Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] | The Company’s Information Technology, Enterprise Security, Internal Audit, as well as the Legal and Privacy teams work closely to identify issues and incidents in a timely manner and report them to senior leadership, the Board of Directors, and regulatory bodies, as appropriate. |
| Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] | true |