Cybersecurity Risk Management and Strategy Disclosure |
12 Months Ended |
|---|---|
Dec. 29, 2024 | |
| Cybersecurity Risk Management, Strategy, and Governance [Line Items] | |
| Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] |
Risk Management and Strategy
The Company has an enterprise risk management program to identify, assess, monitor, and manage significant risks of the Company. The Company evaluates cybersecurity risks alongside other critical business risks under this program, and the Company also has a standalone cybersecurity program. The Company's approach to assessing, identifying, and managing material risks from cybersecurity threats is grounded in established frameworks, including those set forth by the National Institute of Standards and Technology (NIST) and other industry standards and requirements as defined by various compliance frameworks. Our cybersecurity program prioritizes key areas such as:
•Policies, Standards, and Practices: We maintain comprehensive policies, standards, and practices aligned with industry practices and regulatory requirements. These documents serve as the foundation for our cybersecurity program, providing clear guidelines for safeguarding our information systems and data assets.
•Threat Monitoring and Assessment: Continuous monitoring and assessment of cyber threats and vulnerabilities are integral to our risk management strategy. We utilize advanced monitoring tools and threat intelligence sources to proactively identify and address potential security risks. The Company uses third-party service providers to support its operations. The Company evaluates third-party service providers from a cybersecurity risk perspective, which may include an assessment of that service provider’s cybersecurity posture or a recommendation of specific mitigation controls.
•Audits and Assessments: Regular audits and assessments are conducted by both internal and external experts (consultants, auditors, and other third parties) to evaluate the effectiveness of our cybersecurity controls and processes
and recommend improvements. These assessments help us achieve compliance with internal policies as well as external regulations and standards.
•Incident Response Planning: We have developed comprehensive incident response plans to mitigate cybersecurity incidents. These plans outline clear procedures for detecting, responding to, and recovering from security breaches, minimizing the impact on our operations and stakeholders. External technical, legal, and law enforcement support is engaged as needed to support response efforts.
The Company employs a multifaceted approach through in house capabilities and in partnership with external cybersecurity experts to safeguard its assets, including technical and organizational measures. These include the deployment of technology focused on identifying and remediating threats, ongoing employee training exercises, regular incident response capability reviews and exercises, cybersecurity insurance coverage, and business continuity mechanisms.
|
| Cybersecurity Risk Management Processes Integrated [Flag] | true |
| Cybersecurity Risk Management Processes Integrated [Text Block] |
The Company has an enterprise risk management program to identify, assess, monitor, and manage significant risks of the Company. The Company evaluates cybersecurity risks alongside other critical business risks under this program, and the Company also has a standalone cybersecurity program. The Company's approach to assessing, identifying, and managing material risks from cybersecurity threats is grounded in established frameworks, including those set forth by the National Institute of Standards and Technology (NIST) and other industry standards and requirements as defined by various compliance frameworks. Our cybersecurity program prioritizes key areas such as:
•Policies, Standards, and Practices: We maintain comprehensive policies, standards, and practices aligned with industry practices and regulatory requirements. These documents serve as the foundation for our cybersecurity program, providing clear guidelines for safeguarding our information systems and data assets.
•Threat Monitoring and Assessment: Continuous monitoring and assessment of cyber threats and vulnerabilities are integral to our risk management strategy. We utilize advanced monitoring tools and threat intelligence sources to proactively identify and address potential security risks. The Company uses third-party service providers to support its operations. The Company evaluates third-party service providers from a cybersecurity risk perspective, which may include an assessment of that service provider’s cybersecurity posture or a recommendation of specific mitigation controls.
•Audits and Assessments: Regular audits and assessments are conducted by both internal and external experts (consultants, auditors, and other third parties) to evaluate the effectiveness of our cybersecurity controls and processes
and recommend improvements. These assessments help us achieve compliance with internal policies as well as external regulations and standards.
•Incident Response Planning: We have developed comprehensive incident response plans to mitigate cybersecurity incidents. These plans outline clear procedures for detecting, responding to, and recovering from security breaches, minimizing the impact on our operations and stakeholders. External technical, legal, and law enforcement support is engaged as needed to support response efforts.
|
| Cybersecurity Risk Management Third Party Engaged [Flag] | true |
| Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] | true |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] | false |
| Cybersecurity Risk Board of Directors Oversight [Text Block] |
Our Board, with the assistance of our Audit Committee, oversees the Company’s cybersecurity program and strategies. The Audit Committee receives regular reports and updates, typically quarterly, from senior management on a wide range of cybersecurity topics. These reports include detailed insights into risk assessments, mitigation strategies, emerging threats, vulnerabilities, incidents, and prevailing industry trends. After each such report, the Chair of the Audit Committee updates the full Board for transparency and accountability in cybersecurity governance. Additionally, at least annually and as needed from time to time, the Board receives similar cybersecurity updates directly from senior management. Further, the Board oversees cybersecurity as part of our enterprise risk management program.
To further bolster the Board's understanding of cybersecurity issues, management facilitates ongoing educational opportunities. The Board routinely engages in discussions with cybersecurity experts on building resilience to cyber risk and receives updates regarding management tabletop exercises. These educational initiatives empower Board members to make informed decisions and actively contribute to the oversight of cybersecurity governance.
Currently, our Vice President of Infrastructure and Security assumes primary responsibility for assessing and managing material cybersecurity risks. With experience spanning restaurant, retail, financial, and technology brands, including serving in similar roles overseeing information security programs at other companies, and a degree in Computer Science, our Vice President of Infrastructure and Security brings experience and expertise to the role. Our Vice President of Infrastructure and Security leads a team of professionals who oversee the prevention, detection, and remediation activities within our cybersecurity environment.
Our Company has established robust policies and processes governing the assessment, response, and notifications associated with cybersecurity incidents. These protocols ensure a systematic and coordinated approach to incident management, with collaboration among engineering, legal, and senior leadership to oversee compliance with legal and regulatory requirements and have clear mechanisms in place for escalating notifications to our CEO and the Board based on the nature and severity of each incident.
|
| Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] | Our Board, with the assistance of our Audit Committee, oversees the Company’s cybersecurity program and strategies. The Audit Committee receives regular reports and updates, typically quarterly, from senior management on a wide range of cybersecurity topics. |
| Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] | The Audit Committee receives regular reports and updates, typically quarterly, from senior management on a wide range of cybersecurity topics. These reports include detailed insights into risk assessments, mitigation strategies, emerging threats, vulnerabilities, incidents, and prevailing industry trends. After each such report, the Chair of the Audit Committee updates the full Board for transparency and accountability in cybersecurity governance. Additionally, at least annually and as needed from time to time, the Board receives similar cybersecurity updates directly from senior management. Further, the Board oversees cybersecurity as part of our enterprise risk management program. |
| Cybersecurity Risk Role of Management [Text Block] |
Our Board, with the assistance of our Audit Committee, oversees the Company’s cybersecurity program and strategies. The Audit Committee receives regular reports and updates, typically quarterly, from senior management on a wide range of cybersecurity topics. These reports include detailed insights into risk assessments, mitigation strategies, emerging threats, vulnerabilities, incidents, and prevailing industry trends. After each such report, the Chair of the Audit Committee updates the full Board for transparency and accountability in cybersecurity governance. Additionally, at least annually and as needed from time to time, the Board receives similar cybersecurity updates directly from senior management. Further, the Board oversees cybersecurity as part of our enterprise risk management program.
To further bolster the Board's understanding of cybersecurity issues, management facilitates ongoing educational opportunities. The Board routinely engages in discussions with cybersecurity experts on building resilience to cyber risk and receives updates regarding management tabletop exercises. These educational initiatives empower Board members to make informed decisions and actively contribute to the oversight of cybersecurity governance.
Currently, our Vice President of Infrastructure and Security assumes primary responsibility for assessing and managing material cybersecurity risks. With experience spanning restaurant, retail, financial, and technology brands, including serving in similar roles overseeing information security programs at other companies, and a degree in Computer Science, our Vice President of Infrastructure and Security brings experience and expertise to the role. Our Vice President of Infrastructure and Security leads a team of professionals who oversee the prevention, detection, and remediation activities within our cybersecurity environment.
Our Company has established robust policies and processes governing the assessment, response, and notifications associated with cybersecurity incidents. These protocols ensure a systematic and coordinated approach to incident management, with collaboration among engineering, legal, and senior leadership to oversee compliance with legal and regulatory requirements and have clear mechanisms in place for escalating notifications to our CEO and the Board based on the nature and severity of each incident.
|
| Cybersecurity Risk Management Positions or Committees Responsible [Flag] | true |
| Cybersecurity Risk Management Positions or Committees Responsible [Text Block] |
Currently, our Vice President of Infrastructure and Security assumes primary responsibility for assessing and managing material cybersecurity risks. With experience spanning restaurant, retail, financial, and technology brands, including serving in similar roles overseeing information security programs at other companies, and a degree in Computer Science, our Vice President of Infrastructure and Security brings experience and expertise to the role. Our Vice President of Infrastructure and Security leads a team of professionals who oversee the prevention, detection, and remediation activities within our cybersecurity environment.
|
| Cybersecurity Risk Management Expertise of Management Responsible [Text Block] |
To further bolster the Board's understanding of cybersecurity issues, management facilitates ongoing educational opportunities. The Board routinely engages in discussions with cybersecurity experts on building resilience to cyber risk and receives updates regarding management tabletop exercises. These educational initiatives empower Board members to make informed decisions and actively contribute to the oversight of cybersecurity governance.
Currently, our Vice President of Infrastructure and Security assumes primary responsibility for assessing and managing material cybersecurity risks. With experience spanning restaurant, retail, financial, and technology brands, including serving in similar roles overseeing information security programs at other companies, and a degree in Computer Science, our Vice President of Infrastructure and Security brings experience and expertise to the role. Our Vice President of Infrastructure and Security leads a team of professionals who oversee the prevention, detection, and remediation activities within our cybersecurity environment.
|
| Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] |
Currently, our Vice President of Infrastructure and Security assumes primary responsibility for assessing and managing material cybersecurity risks. With experience spanning restaurant, retail, financial, and technology brands, including serving in similar roles overseeing information security programs at other companies, and a degree in Computer Science, our Vice President of Infrastructure and Security brings experience and expertise to the role. Our Vice President of Infrastructure and Security leads a team of professionals who oversee the prevention, detection, and remediation activities within our cybersecurity environment.
Our Company has established robust policies and processes governing the assessment, response, and notifications associated with cybersecurity incidents. These protocols ensure a systematic and coordinated approach to incident management, with collaboration among engineering, legal, and senior leadership to oversee compliance with legal and regulatory requirements and have clear mechanisms in place for escalating notifications to our CEO and the Board based on the nature and severity of each incident.
|
| Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] | true |