Annual and transition report of foreign private issuers [Sections 13 or 15(d)]

Cybersecurity Risk Management, Strategy and Governance

v3.25.0.1
Cybersecurity Risk Management, Strategy and Governance
12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

We believe cybersecurity is key to the Company achieving its strategic goals and objectives. Based on the nature of our business and the industry in which we operate, we are faced with a variety of cybersecurity threats including phishing emails, ransomware attacks, malicious attachments, social engineering attacks and denial of service attacks, among others. Our customers, suppliers, subcontractors and partners face similar cybersecurity threats, and a cybersecurity incident impacting us or any of these entities could materially adversely affect our operations, performance and results of operations.

Our information security organization has implemented a governance structure and processes to assess, identify, manage and report cybersecurity risks. We engage third-party service providers to conduct evaluations of our security controls, including testing both the design and operational effectiveness of security controls.

In the event of an incident, we intend to follow our security incident management procedures, which outline the steps to be followed from incident detection to mitigation, recovery and notification, including notifying functional areas (e.g., legal, compliance and internal audit), as well as senior leadership and the Board, as appropriate.

On a regular basis, the Company analyzes its internet-based services and performs penetration tests and attack simulations to assess the protection and the detection capabilities. The cybersecurity compliance status of assets is centrally evaluated across the Company's global sites and business and operational functions. Results are shared within the Company's relevant business units and across global functions. The Company implements corrective measures and improvement actions in response to these processes, as appropriate. Data classification and protection tools are in place, such as the implementation of a specific process and technology aimed at detecting and responding to abnormal data flows.

Governance

The Board of Directors and our Audit Committee oversee management’s processes for identifying and mitigating risks, including cybersecurity risks, to help align our risk exposure with our strategic objectives. Senior leadership, including our Chief Information Officer (CIO), have developed a process to regularly brief the Audit Committee and Board of Directors on our cybersecurity and information security policies and procedures, and the Board of Directors will be apprised of cybersecurity incidents deemed to have a potential material impact on the Company.

Our information security organization, led by our CIO, is responsible for our overall information security strategy, policy, cyber threat detection and response, cyber architecture and processes for the security of our enterprise network, information assets and medical device technologies. The CIO’s organization monitors and manages, and works to identify and assess, cybersecurity risk through various technologies, resources, processes and policies that are regularly updated to align with the changing threat landscape, our evolving business needs as well as global regulatory requirements. The current CIO and his organization, comprised of both internal and external resources, have extensive information technology and program management experience. This organization manages and is continually enhancing and building an enterprise security structure with the ultimate goal of preventing cybersecurity incidents to the extent feasible, while simultaneously engaging in efforts to minimize the business impact should an incident occur.

Cybersecurity risks and threats, including as a result of any previous cybersecurity incidents, have not materially impacted and are not reasonably expected to materially impact us or our operations to date. However, we recognize the ever-evolving cyber risk landscape and cannot provide any assurances that we will not be subject to a material cybersecurity incident in the future. See Item 1A, “Risk Factors” for a discussion of cybersecurity risks.

Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block]

Governance

The Board of Directors and our Audit Committee oversee management’s processes for identifying and mitigating risks, including cybersecurity risks, to help align our risk exposure with our strategic objectives. Senior leadership, including our Chief Information Officer (CIO), have developed a process to regularly brief the Audit Committee and Board of Directors on our cybersecurity and information security policies and procedures, and the Board of Directors will be apprised of cybersecurity incidents deemed to have a potential material impact on the Company.

Our information security organization, led by our CIO, is responsible for our overall information security strategy, policy, cyber threat detection and response, cyber architecture and processes for the security of our enterprise network, information assets and medical device technologies. The CIO’s organization monitors and manages, and works to identify and assess, cybersecurity risk through various technologies, resources, processes and policies that are regularly updated to align with the changing threat landscape, our evolving business needs as well as global regulatory requirements. The current CIO and his organization, comprised of both internal and external resources, have extensive information technology and program management experience. This organization manages and is continually enhancing and building an enterprise security structure with the ultimate goal of preventing cybersecurity incidents to the extent feasible, while simultaneously engaging in efforts to minimize the business impact should an incident occur.

Cybersecurity risks and threats, including as a result of any previous cybersecurity incidents, have not materially impacted and are not reasonably expected to materially impact us or our operations to date. However, we recognize the ever-evolving cyber risk landscape and cannot provide any assurances that we will not be subject to a material cybersecurity incident in the future. See Item 1A, “Risk Factors” for a discussion of cybersecurity risks.

Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] The Board of Directors and our Audit Committee oversee management’s processes for identifying and mitigating risks, including cybersecurity risks, to help align our risk exposure with our strategic objectives. Senior leadership, including our Chief Information Officer (CIO), have developed a process to regularly brief the Audit Committee and Board of Directors on our cybersecurity and information security policies and procedures
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] Senior leadership, including our Chief Information Officer (CIO), have developed a process to regularly brief the Audit Committee and Board of Directors on our cybersecurity and information security policies and procedures
Cybersecurity Risk Role of Management [Text Block]

Our information security organization, led by our CIO, is responsible for our overall information security strategy, policy, cyber threat detection and response, cyber architecture and processes for the security of our enterprise network, information assets and medical device technologies. The CIO’s organization monitors and manages, and works to identify and assess, cybersecurity risk through various technologies, resources, processes and policies that are regularly updated to align with the changing threat landscape, our evolving business needs as well as global regulatory requirements. The current CIO and his organization, comprised of both internal and external resources, have extensive information technology and program management experience. This organization manages and is continually enhancing and building an enterprise security structure with the ultimate goal of preventing cybersecurity incidents to the extent feasible, while simultaneously engaging in efforts to minimize the business impact should an incident occur.

Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] Our information security organization, led by our CIO, is responsible for our overall information security strategy, policy, cyber threat detection and response, cyber architecture and processes for the security of our enterprise network, information assets and medical device technologies.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] The current CIO and his organization, comprised of both internal and external resources, have extensive information technology and program management experience
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] The CIO’s organization monitors and manages, and works to identify and assess, cybersecurity risk through various technologies, resources, processes and policies that are regularly updated to align with the changing threat landscape, our evolving business needs as well as global regulatory requirements.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true