Cybersecurity Risk Management and Strategy Disclosure |
12 Months Ended | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Dec. 31, 2024 | |||||||||||||||||||
Cybersecurity Risk Management, Strategy, and Governance [Line Items] | |||||||||||||||||||
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] |
Cybersecurity Risk Management and Strategy We have a cybersecurity risk management program designed to protect the confidentiality, integrity, and availability of our critical systems and information. Our cybersecurity risk management program is integrated into and serves as an important component of our overall enterprise risk management program, and utilizes cross-functional teams to proactively assess risk and ensure that security controls are built-in prior to deployment. Our cyber risk management program is informed by recognized standards for cybersecurity and information technology, including the National Institute of Standards and Technology Cybersecurity Framework (“CSF”), the International Organization Standardization (“ISO”) 27001:2013 Information Security Management System Requirements and the AICPA Trust Services Criteria, which are independently validated and attested via our SOC 2 Type II report. Our cybersecurity risk management program includes:
|
||||||||||||||||||
Cybersecurity Risk Management Processes Integrated [Flag] | true | ||||||||||||||||||
Cybersecurity Risk Management Processes Integrated [Text Block] |
We have a cybersecurity risk management program designed to protect the confidentiality, integrity, and availability of our critical systems and information. Our cybersecurity risk management program is integrated into and serves as an important component of our overall enterprise risk management program, and utilizes cross-functional teams to proactively assess risk and ensure that security controls are built-in prior to deployment. |
||||||||||||||||||
Cybersecurity Risk Management Third Party Engaged [Flag] | true | ||||||||||||||||||
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] | true | ||||||||||||||||||
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] | false | ||||||||||||||||||
Cybersecurity Risk Board of Directors Oversight [Text Block] |
Cybersecurity Governance Cybersecurity is an important part of our risk management processes and an area of focus for the Board of Directors of DoubleVerify (the “Board”) and management. Our Board as a whole has responsibility for overseeing our risk management program. The Board exercises this oversight responsibility directly and through its committees. The Board has primary responsibility for evaluating strategic and operational risk management, including cybersecurity risk management, and has delegated to the Audit Committee of the Board (the “Audit Committee”) oversight of the adequacy and effectiveness of the Company’s information and technology security policies as well as the internal controls regarding information and technology security, cybersecurity and privacy related areas. The Audit Committee also oversees management’s implementation of our cybersecurity risk management program. The Audit Committee receives reports from management at least quarterly on a broad range of relevant topics, which include cybersecurity risks attendant to our business, recent developments in the cybersecurity landscape and practice, third-party and independent reviews, benchmarking and resource allocation, among other topics. In addition, management updates the Audit Committee regarding material or potentially material cybersecurity incidents. The Audit Committee provides reports to the full Board regarding these and other matters at least quarterly. The full Board also receives periodic briefings from management on our information security organization and risk management programs. The Company’s Chief Information Security Officer reports to our Chief Information Officer and leads the Company’s cybersecurity team. This team is principally responsible for managing the Company’s cybersecurity risk management program, in cross-functional partnership with business leaders across the Company, reporting cybersecurity risks and incidents, among other things, to the Audit Committee, and supervising both our internal cybersecurity personnel and our retained external cybersecurity consultants. Collectively, our cybersecurity team has decades of experience managing cybersecurity risk worldwide and members hold accreditations such as the Certified Information Systems Security Professional, Certified Ethical Hacker and Certified Information Security Manager certifications. |
||||||||||||||||||
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] | Audit Committee | ||||||||||||||||||
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] | The Board has primary responsibility for evaluating strategic and operational risk management, including cybersecurity risk management, and has delegated to the Audit Committee of the Board (the “Audit Committee”) oversight of the adequacy and effectiveness of the Company’s information and technology security policies as well as the internal controls regarding information and technology security, cybersecurity and privacy related areas. The Audit Committee also oversees management’s implementation of our cybersecurity risk management program. | ||||||||||||||||||
Cybersecurity Risk Role of Management [Text Block] |
The Company’s Chief Information Security Officer reports to our Chief Information Officer and leads the Company’s cybersecurity team. This team is principally responsible for managing the Company’s cybersecurity risk management program, in cross-functional partnership with business leaders across the Company, reporting cybersecurity risks and incidents, among other things, to the Audit Committee, and supervising both our internal cybersecurity personnel and our retained external cybersecurity consultants. Collectively, our cybersecurity team has decades of experience managing cybersecurity risk worldwide and members hold accreditations such as the Certified Information Systems Security Professional, Certified Ethical Hacker and Certified Information Security Manager certifications. |
||||||||||||||||||
Cybersecurity Risk Management Positions or Committees Responsible [Flag] | true | ||||||||||||||||||
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] | The Company’s Chief Information Security Officer reports to our Chief Information Officer and leads the Company’s cybersecurity team. This team is principally responsible for managing the Company’s cybersecurity risk management program, in cross-functional partnership with business leaders across the Company, reporting cybersecurity risks and incidents, among other things, to the Audit Committee, and supervising both our internal cybersecurity personnel and our retained external cybersecurity consultants. | ||||||||||||||||||
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] | our cybersecurity team has decades of experience managing cybersecurity risk worldwide and members hold accreditations such as the Certified Information Systems Security Professional, Certified Ethical Hacker and Certified Information Security Manager certifications. | ||||||||||||||||||
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] |
The Audit Committee receives reports from management at least quarterly on a broad range of relevant topics, which include cybersecurity risks attendant to our business, recent developments in the cybersecurity landscape and practice, third-party and independent reviews, benchmarking and resource allocation, among other topics. In addition, management updates the Audit Committee regarding material or potentially material cybersecurity incidents. The Audit Committee provides reports to the full Board regarding these and other matters at least quarterly. The full Board also receives periodic briefings from management on our information security organization and risk management programs. |
||||||||||||||||||
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] | true |