Cybersecurity Risk Management and Strategy Disclosure |
12 Months Ended | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Dec. 28, 2024 | |||||||||||||||||||
| Cybersecurity Risk Management, Strategy, and Governance [Line Items] | |||||||||||||||||||
| Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] |
Risk Management and Strategy Because it is essential to our operations and business strategy that our website, app, technology and network infrastructure remain secure, we have processes in place for assessing, identifying, and managing material risks from cybersecurity threats. We have integrated these processes into our cybersecurity risk management program. The key processes, or components, of our cybersecurity risk management include:
We sometimes engage external cybersecurity experts, or applications, to enhance our cybersecurity program. These serve to assist our internal cybersecurity team in mitigating cyber threats, in addition to monitoring and responding to potential cyber incidents. As previously disclosed, in June 2020, we were the subject of a ransomware attack on our network that briefly disrupted access to some of our systems. Although we did not pay the ransomware and did not incur any fines or settlements, we did incur out of pocket expenses costs related to this incident of $100,000. We have not encountered any other cybersecurity challenges that have materially impaired our operations or business. Additional information regarding risks from cybersecurity threats is discussed in Part I, Item IA, “Risk Factors,” under the heading “Security threats, such as ransomware attacks, to our IT infrastructure could expose us to liability, and damage our reputation and business,” which should be read in conjunction with the information herein. |
||||||||||||||||||
| Cybersecurity Risk Management Processes Integrated [Flag] | true | ||||||||||||||||||
| Cybersecurity Risk Management Processes Integrated [Text Block] |
The key processes, or components, of our cybersecurity risk management include:
|
||||||||||||||||||
| Cybersecurity Risk Management Third Party Engaged [Flag] | true | ||||||||||||||||||
| Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] | true | ||||||||||||||||||
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] | false | ||||||||||||||||||
| Cybersecurity Risk Board of Directors Oversight [Text Block] |
Governance Cybersecurity risk management is an important priority integrated into our overall governance structure. Our Board of Directors oversees risks from cybersecurity threats and includes the involvement of the Audit Committee in the governance strategy. Our IT security management team, led by our Chief Technology Officer, reports quarterly in meetings to our Audit Committee and periodically to our Board of Directors regarding updates to our cybersecurity program and related risks. We have a cybersecurity expert on the Board of Directors and its Audit Committee to provide expanded expertise and oversight on our cybersecurity processes and systems. Topics in the meetings include discussion of the company-wide cybersecurity strategic roadmap and risks, protocols to mitigate such rusks, and the progress of initiatives in the cybersecurity program. Specific cybersecurity briefing areas may include topics such as security, infrastructure, cybersecurity tooling/applications, and compliance. |
||||||||||||||||||
| Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] | Audit Committee | ||||||||||||||||||
| Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] | We have a cybersecurity expert on the Board of Directors and its Audit Committee to provide expanded expertise and oversight on our cybersecurity processes and systems. Topics in the meetings include discussion of the company-wide cybersecurity strategic roadmap and risks, protocols to mitigate such rusks, and the progress of initiatives in the cybersecurity program. Specific cybersecurity briefing areas may include topics such as security, infrastructure, cybersecurity tooling/applications, and compliance. | ||||||||||||||||||
| Cybersecurity Risk Role of Management [Text Block] | Our IT security management team, led by our Chief Technology Officer, reports quarterly in meetings to our Audit Committee and periodically to our Board of Directors regarding updates to our cybersecurity program and related risks. We have a cybersecurity expert on the Board of Directors and its Audit Committee to provide expanded expertise and oversight on our cybersecurity processes and systems. Topics in the meetings include discussion of the company-wide cybersecurity strategic roadmap and risks, protocols to mitigate such rusks, and the progress of initiatives in the cybersecurity program. Specific cybersecurity briefing areas may include topics such as security, infrastructure, cybersecurity tooling/applications, and compliance. | ||||||||||||||||||
| Cybersecurity Risk Management Positions or Committees Responsible [Flag] | true | ||||||||||||||||||
| Cybersecurity Risk Management Positions or Committees Responsible [Text Block] | Chief Technology Officer | ||||||||||||||||||
| Cybersecurity Risk Management Expertise of Management Responsible [Text Block] | We have a cybersecurity expert on the Board of Directors and its Audit Committee to provide expanded expertise and oversight on our cybersecurity processes and systems. | ||||||||||||||||||
| Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] | Our IT security management team, led by our Chief Technology Officer, reports quarterly in meetings to our Audit Committee and periodically to our Board of Directors regarding updates to our cybersecurity program and related risks. | ||||||||||||||||||
| Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] | true |