Cybersecurity Risk Management and Strategy Disclosure |
12 Months Ended |
|---|---|
Dec. 31, 2024 | |
| Cybersecurity Risk Management, Strategy, and Governance [Line Items] | |
| Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] |
Risk Management and Strategy Risk Assessment. We have incorporated policies and procedures aimed at securing and protecting company records and operations. At a minimum, our cybersecurity programs are benchmarked against and aligned to the Center for Internet Security (CIS) Version 8 framework ⸺ a universally accepted and recognized controls standard published in 2021 ⸺ to guide periodic risk assessments and ongoing control monitoring activities. External experts are also utilized for cybersecurity evaluations, as needed, to ensure broad and in-depth evaluations of the transforming cybersecurity environment. Incident Response and Recovery Planning. We have established comprehensive incident response and recovery plans and continue to regularly test and evaluate the effectiveness of these plans, while also providing necessary training tools and guidance for company personnel. All of these items are incorporated into our overall risk management program. Third-Party Risk Management. As part of our risk identification efforts and overall cybersecurity risk management framework, we have processes in place to assess and manage third-party service provider cybersecurity risks. Such processes include initial and periodic reviews of independent attestation reports, as well as additional evaluation and due diligence that are dependent on our classification of data stored or processed by the third-party provider. |
| Cybersecurity Risk Management Processes Integrated [Flag] | true |
| Cybersecurity Risk Management Processes Integrated [Text Block] |
Risk Assessment. We have incorporated policies and procedures aimed at securing and protecting company records and operations. At a minimum, our cybersecurity programs are benchmarked against and aligned to the Center for Internet Security (CIS) Version 8 framework ⸺ a universally accepted and recognized controls standard published in 2021 ⸺ to guide periodic risk assessments and ongoing control monitoring activities. External experts are also utilized for cybersecurity evaluations, as needed, to ensure broad and in-depth evaluations of the transforming cybersecurity environment. Incident Response and Recovery Planning. We have established comprehensive incident response and recovery plans and continue to regularly test and evaluate the effectiveness of these plans, while also providing necessary training tools and guidance for company personnel. All of these items are incorporated into our overall risk management program. Third-Party Risk Management. As part of our risk identification efforts and overall cybersecurity risk management framework, we have processes in place to assess and manage third-party service provider cybersecurity risks. Such processes include initial and periodic reviews of independent attestation reports, as well as additional evaluation and due diligence that are dependent on our classification of data stored or processed by the third-party provider. |
| Cybersecurity Risk Management Third Party Engaged [Flag] | true |
| Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] | true |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] | false |
| Cybersecurity Risk Board of Directors Oversight [Text Block] |
Board Oversight. Our Board, with direct oversight by the Audit Committee and senior management, ultimately presides over our management of cybersecurity risk. The Board routinely receives reports from the Cybersecurity Committee, via the Audit Committee, about the prevention, detection, mitigation, and remediation of cybersecurity incidents, including material security risks and information system security vulnerabilities. |
| Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] | Audit Committee |
| Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] | The Board routinely receives reports from the Cybersecurity Committee, via the Audit Committee, about the prevention, detection, mitigation, and remediation of cybersecurity incidents, including material security risks and information system security vulnerabilities. |
| Cybersecurity Risk Role of Management [Text Block] |
Qualifications. We view cybersecurity as a shared responsibility. To that end, the members of our Cybersecurity Committee represent a range of functions from across our company, including our property information technology directors, Corporate Controller, Vice President of Internal Audit and Compliance, Corporate Secretary and General Counsel, and the Western Director of Finance. This group has primary responsibility for assessing and managing material cybersecurity risks. The combined experience of this group consists of approximately 14 decades of direct information technology leadership experience, in addition to multiple degrees and specialized training and certifications in the information technology and cybersecurity field. Management’s Role. Our Cybersecurity Committee members and external experts meet quarterly, at a minimum, with the primary purpose of identifying emerging company risks and related solutions, and evaluating the progress of previously-identified risk mitigation activities. |
| Cybersecurity Risk Management Positions or Committees Responsible [Flag] | true |
| Cybersecurity Risk Management Positions or Committees Responsible [Text Block] | the members of our Cybersecurity Committee represent a range of functions from across our company, including our property information technology directors, Corporate Controller, Vice President of Internal Audit and Compliance, Corporate Secretary and General Counsel, and the Western Director of Finance. |
| Cybersecurity Risk Management Expertise of Management Responsible [Text Block] | The combined experience of this group consists of approximately 14 decades of direct information technology leadership experience, in addition to multiple degrees and specialized training and certifications in the information technology and cybersecurity field. |
| Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] |
Management’s Role. Our Cybersecurity Committee members and external experts meet quarterly, at a minimum, with the primary purpose of identifying emerging company risks and related solutions, and evaluating the progress of previously-identified risk mitigation activities. |
| Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] | true |