Cybersecurity Risk Management and Strategy Disclosure |
12 Months Ended |
|---|---|
Mar. 31, 2026 | |
| Cybersecurity Risk Management, Strategy, and Governance [Line Items] | |
| Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] | At STERIS, the ERM program is designed to identify, assess, and manage risks across STERIS’s enterprise. Cybersecurity risk management is integrated into STERIS’s ERM program, under which we regularly assess cybersecurity risks in accordance with what we believe are industry cybersecurity best practices. Further, we implement controls to protect the confidentiality, integrity and availability of STERIS’s information systems and information. We maintain cybersecurity and incident response procedures to address our security standards and requirements and provide a framework for assessing and responding to cybersecurity threats and incidents. Additionally, as part of our ERM program, STERIS oversees and identifies risks associated with third-party service providers with whom we do business, which process includes due diligence, risk management assessments and contractual safeguards. We also maintain cyber liability insurance to help mitigate potential liabilities resulting from cybersecurity issues. STERIS has an Executive Cybersecurity Steering Committee consisting of the Senior Vice President & Chief Financial Officer, the Vice President, Corporate Controller, the Vice President, Investor Relations & Corporate Communications, the Vice President & Chief Information Officer (“CIO”), the Vice President, Chief Compliance and Quality Officer, the Senior Vice President, General Counsel & Company Secretary, and the Vice President, Chief Information Security Officer (“CISO”) that is responsible for providing governance, risk and compliance oversight for STERIS’s incident response program, providing guidance and support for cybersecurity non-technical initiatives, and for verifying that appropriate actions are taken following an incident occurrence. We have adopted and maintain an incident response policy that covers our incident response program and the duties and responsibilities of our Incident Response Team (“IRT”) responsible for managing and responding to cybersecurity incidents, including data breaches. Our IRT is led by the CISO and is comprised of senior management and others, including external resources, as required. Our incident response policy includes steps for detecting and investigating cybersecurity incidents, assessing the nature, scope, and severity of cybersecurity threats, identifying the impact of cybersecurity incidents, communicating cybersecurity incident disclosures, and implementing cybersecurity countermeasures and mitigation strategies. A subcommittee of our IRT reviews and assesses associated public reporting implications of cybersecurity incidents. Our process also includes informing the Board of Directors and the Audit Committee following a material cybersecurity incident. We engage third-party security experts to support our risk assessment activities and to provide system security enhancements. Our program includes regular vulnerability and penetration testing (internal and external) of our enterprise systems by independent external security experts. Education and awareness training on information security and data protection is conducted regularly for employees. Members of the IRT, the Executive Cybersecurity Steering Committee and the Board of Directors receive additional training on responding to cybersecurity incidents. In fiscal year 2026, STERIS did not experience any known cyberattack or other attempted intrusion or other incident with respect to our information systems that materially affected or was likely to materially affect our business strategy, results of operations, financial condition or cash flows. However, despite our efforts, we cannot eliminate all risks from cybersecurity threats, or provide assurances that we have not experienced or will not experience in the future undetected cybersecurity incidents. For more information about these risks, please see “Item 1A Risk Factors” in this annual report on Form 10-K.
|
| Cybersecurity Risk Management Processes Integrated [Flag] | true |
| Cybersecurity Risk Management Processes Integrated [Text Block] | At STERIS, the ERM program is designed to identify, assess, and manage risks across STERIS’s enterprise. Cybersecurity risk management is integrated into STERIS’s ERM program, under which we regularly assess cybersecurity risks in accordance with what we believe are industry cybersecurity best practices. Further, we implement controls to protect the confidentiality, integrity and availability of STERIS’s information systems and information. We maintain cybersecurity and incident response procedures to address our security standards and requirements and provide a framework for assessing and responding to cybersecurity threats and incidents. Additionally, as part of our ERM program, STERIS oversees and identifies risks associated with third-party service providers with whom we do business, which process includes due diligence, risk management assessments and contractual safeguards. We also maintain cyber liability insurance to help mitigate potential liabilities resulting from cybersecurity issues.
|
| Cybersecurity Risk Management Third Party Engaged [Flag] | true |
| Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] | true |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] | false |
| Cybersecurity Risk Board of Directors Oversight [Text Block] | Our Board of Directors has oversight responsibility for the ERM program, and delegates the risk management assessment and risk management approach, including risks related to cybersecurity, to its Audit Committee. Among other responsibilities, the Audit Committee is responsible for monitoring internal controls, including those related to cybersecurity risk.
|
| Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] | Management is responsible for identifying, considering, and assessing material cybersecurity risks on an ongoing basis, establishing processes to monitor such potential cybersecurity risk exposures, putting in place appropriate mitigation measures and maintaining the cybersecurity program. |
| Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] | Management is responsible for identifying, considering, and assessing material cybersecurity risks on an ongoing basis, establishing processes to monitor such potential cybersecurity risk exposures, putting in place appropriate mitigation measures and maintaining the cybersecurity program. Our cybersecurity program for our information systems is directed by our CIO and, with the cybersecurity team, our CIO monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents. Our CIO has a Bachelor of Science in Computer Engineering, a Master of Business Administration, and over 35 years of experience working in the information technology field, including approximately 20 years of CIO positions. Our CISO is CISSP-ISSMP and CISM certified and is part of a team of experienced information system security professionals with diverse certifications, including CISSP, CISM, CNSS, CEH, CySA+, CompTIA - Security+, CySA+, PenTest+, and CASP+ and others. Management, including the CIO and CISO, update the Audit Committee on a regular basis on our cybersecurity program, material cybersecurity risks, mitigation strategies, cybersecurity metrics, developments in cybersecurity and proposed updates to our cybersecurity program.
|
| Cybersecurity Risk Role of Management [Text Block] | Our Board of Directors has oversight responsibility for the ERM program, and delegates the risk management assessment and risk management approach, including risks related to cybersecurity, to its Audit Committee. Among other responsibilities, the Audit Committee is responsible for monitoring internal controls, including those related to cybersecurity risk. Management is responsible for identifying, considering, and assessing material cybersecurity risks on an ongoing basis, establishing processes to monitor such potential cybersecurity risk exposures, putting in place appropriate mitigation measures and maintaining the cybersecurity program. Our cybersecurity program for our information systems is directed by our CIO and, with the cybersecurity team, our CIO monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents. Our CIO has a Bachelor of Science in Computer Engineering, a Master of Business Administration, and over 35 years of experience working in the information technology field, including approximately 20 years of CIO positions. Our CISO is CISSP-ISSMP and CISM certified and is part of a team of experienced information system security professionals with diverse certifications, including CISSP, CISM, CNSS, CEH, CySA+, CompTIA - Security+, CySA+, PenTest+, and CASP+ and others. Management, including the CIO and CISO, update the Audit Committee on a regular basis on our cybersecurity program, material cybersecurity risks, mitigation strategies, cybersecurity metrics, developments in cybersecurity and proposed updates to our cybersecurity program.
|
| Cybersecurity Risk Management Positions or Committees Responsible [Flag] | true |
| Cybersecurity Risk Management Positions or Committees Responsible [Text Block] | Management is responsible for identifying, considering, and assessing material cybersecurity risks on an ongoing basis, establishing processes to monitor such potential cybersecurity risk exposures, putting in place appropriate mitigation measures and maintaining the cybersecurity program. Our cybersecurity program for our information systems is directed by our CIO and, with the cybersecurity team, our CIO monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents. Our CIO has a Bachelor of Science in Computer Engineering, a Master of Business Administration, and over 35 years of experience working in the information technology field, including approximately 20 years of CIO positions. |
| Cybersecurity Risk Management Expertise of Management Responsible [Text Block] | Our CISO is CISSP-ISSMP and CISM certified and is part of a team of experienced information system security professionals with diverse certifications, including CISSP, CISM, CNSS, CEH, CySA+, CompTIA - Security+, CySA+, PenTest+, and CASP+ and others. |
| Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] | Management, including the CIO and CISO, update the Audit Committee on a regular basis on our cybersecurity program, material cybersecurity risks, mitigation strategies, cybersecurity metrics, developments in cybersecurity and proposed updates to our cybersecurity program |
| Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] | true |