Cybersecurity Risk Management, Strategy and Governance |
12 Months Ended |
|---|---|
Mar. 27, 2026 | |
| Cybersecurity Risk Management, Strategy, and Governance [Line Items] | |
| Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] | Item 1C. Cybersecurity. Cybersecurity Risk Management and Strategy We have developed and implemented a cybersecurity risk management program informed by the National Institute of Standards and Technology Cybersecurity Framework and other applicable industry standards and intended to protect the confidentiality, integrity, and availability of our critical systems and information. Our cybersecurity risk management program is integrated into our overall enterprise risk management program, and shares common methodologies, reporting channels and governance processes that apply across the enterprise risk management program to other legal, compliance, strategic, operational, and financial risk areas. Key elements of our cybersecurity risk management program include: • risk assessments designed to help identify material cybersecurity risks to our critical systems and information; • a formal IT risk register documenting and mitigating identified risks, reviewed by management on a quarterly basis; • a security team principally responsible for managing (1) our cybersecurity risk assessment processes, (2) our security controls, and (3) our response to cybersecurity incidents; • the regular use of external service providers to independently assess and test security posture, as well as to otherwise assist with aspects of our security processes on an as needed basis; • cybersecurity awareness training of our employees, including incident response personnel and senior management; • a written cybersecurity incident response plan that includes procedures for responding to cybersecurity incidents; • periodic tabletop exercises conducted by outside firms to evaluate our incident response plan and response capabilities; and • a third-party risk management process for key service providers based on our assessment of their criticality to our operations and respective risk profile. We have not identified risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents, which have materially affected us, including our operations, business strategy, results of operations, or financial condition. We face risks from cybersecurity threats that, if realized, are reasonably likely to materially affect us, including our operations, business strategy, results of operations, or financial condition. See “Risk Factors—Risks Related to our Information Technology, Intellectual Property, AI Technologies, and Data Security and Privacy.” Cybersecurity Governance Our Board considers cybersecurity risk as part of its risk oversight function and has delegated to the Audit Committee (the “Committee”) oversight of risk assessment and risk management, including cybersecurity and other information technology risks. The Committee oversees management’s implementation of our cybersecurity risk management program. The Committee receives periodic reports from management on our cybersecurity risks. These presentations may cover a range of topics, including: • the current cybersecurity landscape and emerging threats; • progress on cybersecurity projects; • reports about cybersecurity incidents it considers significant or potentially significant; • lessons learned from past events; and • adherence to regulatory requirements and/or industry standards, as appropriate. The Committee reports to the full Board regarding its activities, including those related to cybersecurity. The full Board also periodically receives briefings from management on our cyber risk management program. Board members receive presentations on cybersecurity topics from our Chief Digital and Information Officer. Our Chief Digital and Information Officer is primarily responsible for assessing and managing material risks from cybersecurity threats. Our Chief Digital and Information Officer also has primary responsibility for our overall cybersecurity risk management program and supervises both our internal cybersecurity personnel and our retained external cybersecurity consultants. Our Chief Digital and Information Officer has more than 30 years of experience in information technology, including prior experience in cybersecurity architecture. We have an operational information security team with a broad range of backgrounds, years of experience and levels of information security certifications, including Certified Information Systems Security Professional and ISO27001 certified lead auditor. Our management team works closely with our Chief Digital and Information Officer to stay informed about and monitor efforts to prevent, detect, mitigate, and remediate cybersecurity risks and incidents through various means, which may include briefings from internal security personnel, threat intelligence and other information obtained from governmental, public or private sources, including external consultants engaged by us, and alerts and reports produced by security tools deployed in our IT environment. |
| Cybersecurity Risk Management Processes Integrated [Flag] | true |
| Cybersecurity Risk Management Processes Integrated [Text Block] | Our cybersecurity risk management program is integrated into our overall enterprise risk management program, and shares common methodologies, reporting channels and governance processes that apply across the enterprise risk management program to other legal, compliance, strategic, operational, and financial risk areas. |
| Cybersecurity Risk Management Third Party Engaged [Flag] | true |
| Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] | true |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] | false |
| Cybersecurity Risk Board of Directors Oversight [Text Block] | Cybersecurity Governance Our Board considers cybersecurity risk as part of its risk oversight function and has delegated to the Audit Committee (the “Committee”) oversight of risk assessment and risk management, including cybersecurity and other information technology risks. The Committee oversees management’s implementation of our cybersecurity risk management program. The Committee receives periodic reports from management on our cybersecurity risks. These presentations may cover a range of topics, including: • the current cybersecurity landscape and emerging threats; • progress on cybersecurity projects; • reports about cybersecurity incidents it considers significant or potentially significant; • lessons learned from past events; and • adherence to regulatory requirements and/or industry standards, as appropriate. The Committee reports to the full Board regarding its activities, including those related to cybersecurity. The full Board also periodically receives briefings from management on our cyber risk management program. Board members receive presentations on cybersecurity topics from our Chief Digital and Information Officer. Our Chief Digital and Information Officer is primarily responsible for assessing and managing material risks from cybersecurity threats. Our Chief Digital and Information Officer also has primary responsibility for our overall cybersecurity risk management program and supervises both our internal cybersecurity personnel and our retained external cybersecurity consultants. Our Chief Digital and Information Officer has more than 30 years of experience in information technology, including prior experience in cybersecurity architecture. We have an operational information security team with a broad range of backgrounds, years of experience and levels of information security certifications, including Certified Information Systems Security Professional and ISO27001 certified lead auditor. Our management team works closely with our Chief Digital and Information Officer to stay informed about and monitor efforts to prevent, detect, mitigate, and remediate cybersecurity risks and incidents through various means, which may include briefings from internal security personnel, threat intelligence and other information obtained from governmental, public or private sources, including external consultants engaged by us, and alerts and reports produced by security tools deployed in our IT environment. |
| Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] | Our Board considers cybersecurity risk as part of its risk oversight function and has delegated to the Audit Committee (the “Committee”) oversight of risk assessment and risk management, including cybersecurity and other information technology risks. The Committee oversees management’s implementation of our cybersecurity risk management program. |
| Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] | The Committee receives periodic reports from management on our cybersecurity risks. |
| Cybersecurity Risk Role of Management [Text Block] | The Committee reports to the full Board regarding its activities, including those related to cybersecurity. The full Board also periodically receives briefings from management on our cyber risk management program. Board members receive presentations on cybersecurity topics from our Chief Digital and Information Officer. |
| Cybersecurity Risk Management Positions or Committees Responsible [Flag] | true |
| Cybersecurity Risk Management Positions or Committees Responsible [Text Block] | Our Chief Digital and Information Officer is primarily responsible for assessing and managing material risks from cybersecurity threats. Our Chief Digital and Information Officer also has primary responsibility for our overall cybersecurity risk management program and supervises both our internal cybersecurity personnel and our retained external cybersecurity consultants. |
| Cybersecurity Risk Management Expertise of Management Responsible [Text Block] | Our Chief Digital and Information Officer has more than 30 years of experience in information technology, including prior experience in cybersecurity architecture. We have an operational information security team with a broad range of backgrounds, years of experience and levels of information security certifications, including Certified Information Systems Security Professional and ISO27001 certified lead auditor. |
| Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] | Our management team works closely with our Chief Digital and Information Officer to stay informed about and monitor efforts to prevent, detect, mitigate, and remediate cybersecurity risks and incidents through various means, which may include briefings from internal security personnel, threat intelligence and other information obtained from governmental, public or private sources, including external consultants engaged by us, and alerts and reports produced by security tools deployed in our IT environment. |
| Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] | true |