Cybersecurity Risk Management and Strategy Disclosure |
12 Months Ended |
|---|---|
Mar. 28, 2026 | |
| Cybersecurity Risk Management, Strategy, and Governance [Line Items] | |
| Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] | We have established a cybersecurity risk management program that is integrated into our overall enterprise risk management system and provides support in assessing, identifying, and managing material risks from cybersecurity threats. Our enterprise risk management program is reviewed annually and periodically updated and supplemented as new risks and opportunities are identified by management, including those related to cybersecurity risks. Our longstanding information security risk program is structured according to the National Institute of Standards and Technology Cybersecurity Framework, industry best practices, privacy legislation, and other global and local standards and regulations. This program includes a defense-in-depth approach with multiple layers of security controls, including network segmentation, AI augmented security monitoring, endpoint protection, and identity and access management, as well as data protection best practices and data loss prevention controls. Our cybersecurity awareness program includes regular phishing simulations, annual general cybersecurity awareness training, and data protection modules, as well as more contextual and personalized modules for targeted users and roles. We incorporate external expertise and guidance in various aspects of our cybersecurity program. We complete annual internal security audits and vulnerability assessments of the Company's information systems and related controls, including systems affecting personal data. In addition, we leverage cybersecurity specialists to complete annual external audits and objective assessments of our cybersecurity program and practices, including our data protection practices, as well as to conduct targeted attack simulations. We continually enhance our information security capabilities in order to protect against emerging threats, while also increasing our ability to detect and respond to cyber incidents and maximize our resilience to recover from potential cyber-attacks. We have a robust incident response plan in place that provides a documented runbook for handling high severity cybersecurity incidents and facilitates coordination across various corporate functions. We also perform simulations and drills at both a technical and leadership level at least annually. Additionally, we have purchased network security and cyber liability insurance in order to provide a level of financial protection should a data breach occur. Our cybersecurity framework incorporates a robust third-party information technology ("IT") risk management program to ensure our vendors meet our high security standards. We leverage industry best practices like Standardized Information Gathering and recognized security certifications, including SOC 2, ISO 27001, and PCI-DSS, to assess our vendors. We also conduct thorough penetration testing of our assets hosted at third parties and require vendors to adopt appropriate security controls through contractual agreements. We assess potential vendors based on their role and the sensitivity of the IT resources they access. Our vendors are required to follow a consistent risk management process in order to meet our high standards. We select vendors who prioritize data protection and comply with relevant privacy regulations. Furthermore, we enforce strict protocols, including limiting access to necessary information, ensuring data usage is confined to agreed-upon purposes, and contractually mandating the deletion or return of data upon service termination. Through these measures, we collaborate with third-party vendors while implementing controls to safeguard our information. Our business strategy, results of operations, and financial condition have not been materially affected by risks from cybersecurity threats, including as a result of any previous cybersecurity incidents; however, we cannot assure that cybersecurity threats resulting in an incident will not be material to us in the future. During the three fiscal years presented within this Form 10-K, we have not experienced a known material information security breach nor incurred material breach-related expenses. For a detailed discussion of significant risk factors regarding cybersecurity threats, see Item 1A — "Risk Factors — Risks Related to Information Systems and Data Security."
|
| Cybersecurity Risk Management Processes Integrated [Flag] | true |
| Cybersecurity Risk Management Processes Integrated [Text Block] | We have established a cybersecurity risk management program that is integrated into our overall enterprise risk management system and provides support in assessing, identifying, and managing material risks from cybersecurity threats. Our enterprise risk management program is reviewed annually and periodically updated and supplemented as new risks and opportunities are identified by management, including those related to cybersecurity risks. Our longstanding information security risk program is structured according to the National Institute of Standards and Technology Cybersecurity Framework, industry best practices, privacy legislation, and other global and local standards and regulations. This program includes a defense-in-depth approach with multiple layers of security controls, including network segmentation, AI augmented security monitoring, endpoint protection, and identity and access management, as well as data protection best practices and data loss prevention controls.
|
| Cybersecurity Risk Management Third Party Engaged [Flag] | true |
| Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] | true |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] | false |
| Cybersecurity Risk Board of Directors Oversight [Text Block] | Our Board of Directors is responsible for overseeing management's overall approach to risk management, including cybersecurity risk. In addition, the Committees of the Board report to the full Board at regularly scheduled Board meetings on any identified material risks within that Committee's area of responsibilities and oversight, as well as when new risks arise. |
| Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] | The Audit Committee has responsibility for oversight of the Company's cybersecurity risks. |
| Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] | The Audit Committee reviews our cybersecurity program on a quarterly basis, including review of a quarterly enterprise risk management report, and periodically convenes special meetings to conduct deeper preparedness, enterprise risk and business continuity reviews. These special meetings are open to the full Board to attend. In addition, the full Board periodically receives cybersecurity updates. Our Chief Information Officer ("CIO") and Chief Information Security Officer ("CISO") attend all of these meetings and provide updates to them.
|
| Cybersecurity Risk Role of Management [Text Block] | Reporting directly to our CIO, who is also a seasoned leader in the cybersecurity field, the interim CISO leads a dedicated team of information security and risk professionals. Together they are entrusted with the crucial task of managing our information security and data protection operations. |
| Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] | The interim CISO informs our management leadership team on security matters and fosters a strong partnership with our corporate legal team to ensure compliance with legal, regulatory, privacy, and contractual security requirements.
|
| Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] | true |