Cybersecurity Risk Management and Strategy Disclosure |
12 Months Ended |
|---|---|
Mar. 31, 2026 | |
| Cybersecurity Risk Management, Strategy, and Governance [Line Items] | |
| Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] | Our cybersecurity risk management program is intended to protect the confidentiality, integrity, and availability of our critical information technology ("IT") systems and data. We have integrated this program into our broader enterprise risk management framework, which is designed to identify, assess, prioritize and mitigate risks across the organization to enhance our resilience and support the achievement of our strategic objectives. We have designed and assess our cybersecurity risk management program based on multiple cybersecurity frameworks, including the National Institute of Standards and Technology Cybersecurity Framework ("NIST 2.0 CSF") and information security standards issued by the International Organization for Standardization, including ISO 27001. These frameworks guide us in identifying, assessing, and managing cybersecurity risks relevant to our business. Our global information security management program is ISO 27001:2022 certified. Our cybersecurity risk management program is led by our Chief Information Officer (“CIO”) on an interim basis, supported by our security team principally responsible for managing our cybersecurity risk assessment processes, security controls, and detection and response to cybersecurity incidents. Our program includes protocols for preventing, detecting, and responding to cybersecurity incidents, as well as cross-functional coordination of business continuity and disaster recovery plans. Key components of our program include: •risk assessments designed to help identify cybersecurity threats to our critical IT systems, information, and our broader enterprise IT environment; •the periodic engagement of independent security firms and other third-party experts, where appropriate, to assess, test, and certify components of our cybersecurity program, and to otherwise assist with aspects of our cybersecurity processes and controls; • annual cybersecurity awareness training for our employees; •regular assessments of the design and operational effectiveness of the program’s key processes and controls by our internal audit team as well as external consultants; and • a risk management process for third-party service providers and vendors that includes security due diligence during the selection process, contractual security requirements, and periodic monitoring of adherence to applicable cybersecurity standards. We maintain a cybersecurity incident response plan that establishes procedures to assess and manage cybersecurity incidents. The plan includes escalation protocols based on the nature and severity of the incident, including escalation to the Audit Committee and the Board when appropriate. We conduct tabletop exercises at least annually to test our incident response procedures, identify gaps, and evaluate team preparedness. As part of our overall risk mitigation strategy, we maintain insurance coverage intended to address certain aspects of cybersecurity risks. However, this insurance may not be sufficient in type or amount to cover all claims related to cybersecurity breaches, cyberattacks, or other related incidents. As of the date of this report, we do not believe that any risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, have materially affected or are reasonably likely to materially affect our Company, including our business strategy, results of operations or financial condition. Despite our security measures, however, there can be no assurance that we, or third parties with which we interact, will not experience a cybersecurity incident in the future that could materially affect us. For more information on our cybersecurity-related risks, see Item 1A, "Risk Factors - A breach of our IT or physical security systems, or a cybersecurity incident affecting our operations, products, or third parties upon which we rely, could materially disrupt our business, damage our reputation, and expose us to significant costs and liability."
|
| Cybersecurity Risk Management Processes Integrated [Flag] | true |
| Cybersecurity Risk Management Processes Integrated [Text Block] | Our cybersecurity risk management program is intended to protect the confidentiality, integrity, and availability of our critical information technology ("IT") systems and data. We have integrated this program into our broader enterprise risk management framework, which is designed to identify, assess, prioritize and mitigate risks across the organization to enhance our resilience and support the achievement of our strategic objectives. We have designed and assess our cybersecurity risk management program based on multiple cybersecurity frameworks, including the National Institute of Standards and Technology Cybersecurity Framework ("NIST 2.0 CSF") and information security standards issued by the International Organization for Standardization, including ISO 27001. These frameworks guide us in identifying, assessing, and managing cybersecurity risks relevant to our business. Our global information security management program is ISO 27001:2022 certified.
|
| Cybersecurity Risk Management Third Party Engaged [Flag] | true |
| Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] | true |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] | false |
| Cybersecurity Risk Board of Directors Oversight [Text Block] | The Audit Committee of our Board of Directors has primary oversight responsibility for cybersecurity risks and other information technology risks. This oversight includes reviewing our plans to mitigate cybersecurity risks and our preparedness to respond to data breaches or other cybersecurity incidents. The Audit Committee receives reports on cybersecurity matters at least quarterly from our Chief Information Security Officer ("CISO") (and currently on an interim basis, our CIO). These reports cover a range of topics, including our cybersecurity risk profile, the current and emerging threat landscape, the status of ongoing cybersecurity initiatives, incident reports, and the results of internal and external assessments. The Audit Committee also annually reviews the adequacy and effectiveness of our information security policies and related internal controls, and receives periodic updates from our internal audit function on the results of cybersecurity audits and related mitigation activities. The Chair of the Audit Committee reports to the full Board on these matters as appropriate. The full Board also receives briefings on cybersecurity matters annually from our CISO (and currently on an interim basis, our CIO). In addition, Board members periodically receive presentations on cybersecurity topics from external experts as part of the Board’s continuing education and overall risk oversight responsibilities. At the management level, our CIO has assumed interim oversight of our enterprise-wide cybersecurity program following the departure of our former CISO in April 2026. In this role, he monitors the prevention, detection, mitigation, and remediation of cybersecurity risks and incidents through participation in the cybersecurity risk management and strategy processes described above, including the operation of our incident response plan. Our CIO reports to our Chief Operating Officer, a member of our executive leadership team. Our CIO has over 20 years of experience in information technology and has led teams in the design, implementation, and continuous improvement of enterprise-wide digital and cybersecurity programs. Our CIO has managed material risks from cybersecurity threats, including the development and operation of incident response plans. Our CIO holds a Bachelor's degree in Computer Engineering and a Master's degree in Information Technology.
|
| Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] | The Audit Committee of our Board of Directors has primary oversight responsibility for cybersecurity risks and other information technology risks. This oversight includes reviewing our plans to mitigate cybersecurity risks and our preparedness to respond to data breaches or other cybersecurity incidents. The Audit Committee receives reports on cybersecurity matters at least quarterly from our Chief Information Security Officer ("CISO") (and currently on an interim basis, our CIO). These reports cover a range of topics, including our cybersecurity risk profile, the current and emerging threat landscape, the status of ongoing cybersecurity initiatives, incident reports, and the results of internal and external assessments. The Audit Committee also annually reviews the adequacy and effectiveness of our information security policies and related internal controls, and receives periodic updates from our internal audit function on the results of cybersecurity audits and related mitigation activities. The Chair of the Audit Committee reports to the full Board on these matters as appropriate.
|
| Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] | The Audit Committee receives reports on cybersecurity matters at least quarterly from our Chief Information Security Officer ("CISO") (and currently on an interim basis, our CIO). These reports cover a range of topics, including our cybersecurity risk profile, the current and emerging threat landscape, the status of ongoing cybersecurity initiatives, incident reports, and the results of internal and external assessments. The Audit Committee also annually reviews the adequacy and effectiveness of our information security policies and related internal controls, and receives periodic updates from our internal audit function on the results of cybersecurity audits and related mitigation activities. The Chair of the Audit Committee reports to the full Board on these matters as appropriate.
|
| Cybersecurity Risk Role of Management [Text Block] | At the management level, our CIO has assumed interim oversight of our enterprise-wide cybersecurity program following the departure of our former CISO in April 2026. In this role, he monitors the prevention, detection, mitigation, and remediation of cybersecurity risks and incidents through participation in the cybersecurity risk management and strategy processes described above, including the operation of our incident response plan. Our CIO reports to our Chief Operating Officer, a member of our executive leadership team.
|
| Cybersecurity Risk Management Positions or Committees Responsible [Flag] | true |
| Cybersecurity Risk Management Positions or Committees Responsible [Text Block] | Our cybersecurity risk management program is led by our Chief Information Officer (“CIO”) on an interim basis, supported by our security team principally responsible for managing our cybersecurity risk assessment processes, security controls, and detection and response to cybersecurity incidents. Our program includes protocols for preventing, detecting, and responding to cybersecurity incidents, as well as cross-functional coordination of business continuity and disaster recovery plans. Key components of our program include: •risk assessments designed to help identify cybersecurity threats to our critical IT systems, information, and our broader enterprise IT environment; •the periodic engagement of independent security firms and other third-party experts, where appropriate, to assess, test, and certify components of our cybersecurity program, and to otherwise assist with aspects of our cybersecurity processes and controls; • annual cybersecurity awareness training for our employees; •regular assessments of the design and operational effectiveness of the program’s key processes and controls by our internal audit team as well as external consultants; and • a risk management process for third-party service providers and vendors that includes security due diligence during the selection process, contractual security requirements, and periodic monitoring of adherence to applicable cybersecurity standards.
|
| Cybersecurity Risk Management Expertise of Management Responsible [Text Block] | Our CIO has over 20 years of experience in information technology and has led teams in the design, implementation, and continuous improvement of enterprise-wide digital and cybersecurity programs. Our CIO has managed material risks from cybersecurity threats, including the development and operation of incident response plans. Our CIO holds a Bachelor's degree in Computer Engineering and a Master's degree in Information Technology.
|
| Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] | At the management level, our CIO has assumed interim oversight of our enterprise-wide cybersecurity program following the departure of our former CISO in April 2026. In this role, he monitors the prevention, detection, mitigation, and remediation of cybersecurity risks and incidents through participation in the cybersecurity risk management and strategy processes described above, including the operation of our incident response plan. Our CIO reports to our Chief Operating Officer, a member of our executive leadership team.
|
| Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] | true |