Cybersecurity Risk Management and Strategy Disclosure |
12 Months Ended | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Mar. 29, 2025 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Cybersecurity Risk Management, Strategy, and Governance [Line Items] | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] |
Our business operations and relationships with consumers, customers, employees and business partners rely heavily on information technology (“IT”) systems and data. We also recognize the need to continually assess cybersecurity risk and evolve our management approach in the face of a rapidly and ever-changing environment. Accordingly, we aim to protect our business operations, including consumer, employee and confidential business records and information, against known and evolving cybersecurity threats. We have established processes for identifying, assessing, and managing material risks from cybersecurity threats using a systematic framework intended to protect the confidentiality, integrity, and availability of the Company’s important IT systems and data.
Oversight responsibility in this area is shared by the Board, its Audit Committee, and management.
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Cybersecurity Risk Management Processes Integrated [Flag] | true | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Cybersecurity Risk Management Processes Integrated [Text Block] | We have integrated the identification, assessment and management of cybersecurity risks into VF’s enterprise risk management program, ensuring alignment with our overall approach to risk oversight by the Board, its committees, and management. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Cybersecurity Risk Management Third Party Engaged [Flag] | true | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] | true | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] | false | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Cybersecurity Risk Board of Directors Oversight [Text Block] |
Oversight responsibility in this area is shared by the Board, its Audit Committee, and management.
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] | Audit CommitteePrimary oversight responsibility for cybersecurity, including internal controls designed to identify, assess, and manage risks related to cybersecurity | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] | The Board receives an annual update from VF senior leadership on cybersecurity and information security matters. The Audit Committee receives regular reports from VF senior leadership, including the CISO, on cyber threats, information security risks and controls, and other program updates, as well as enterprise risk management program updates. The Audit Committee regularly briefs the Board on these cybersecurity matters, and the Board also receives periodic briefings on cyber threats and best practices to enhance our directors’ literacy on cybersecurity and information security issues. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Cybersecurity Risk Role of Management [Text Block] |
Oversight responsibility in this area is shared by the Board, its Audit Committee, and management.
Management receives a cybersecurity and information security maturity assessment from a third-party assessor biennially to gain a third-party view of our cybersecurity and information security program. We have integrated the identification, assessment and management of cybersecurity risks into VF’s enterprise risk management program, ensuring alignment with our overall approach to risk oversight by the Board, its committees, and management. The Board receives an annual update from VF senior leadership on cybersecurity and information security matters. The Audit Committee receives regular reports from VF senior leadership, including the CISO, on cyber threats, information security risks and controls, and other program updates, as well as enterprise risk management program updates. The Audit Committee regularly briefs the Board on these cybersecurity matters, and the Board also receives periodic briefings on cyber threats and best practices to enhance our directors’ literacy on cybersecurity and information security issues.
We place a high priority on securing confidential business information and the sensitive personal information we receive and store about our consumers, customers and employees. We have systems in place to securely receive and store that information and to detect, contain, and respond to cybersecurity incidents. We also have processes to manage risk from cybersecurity threats associated with third parties, including service providers, such as risk assessments and contractual requirements that include cybersecurity measures. In addition, we have a cybersecurity and information security training and compliance program in place to support our teams who work in areas of cybersecurity and information security risk. As part of this program, VF employees who have access to confidential information receive training at least annually on cybersecurity
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Cybersecurity Risk Management Positions or Committees Responsible [Flag] | true | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Cybersecurity Risk Management Positions or Committees Responsible [Text Block] | Our Chief Information Security Officer ("CISO”), Chief Operating Officer (“COO”), Chief Legal Officer, and other senior members of our digital and technology and risk teams are responsible for identifying, assessing, and managing risks related to these topics, and reporting to the Audit Committee and/or the full Board of Directors | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Cybersecurity Risk Management Expertise of Management Responsible [Text Block] | Our CISO has over thirty years of experience as a cybersecurity professional, including experience as the CISO of two large retailers, and reports to our COO, who leads our digital and technology functions and has nearly twenty years of experience enabling digital transformation for global companies. In addition, members of VF’s information security, IT and privacy teams have broad experience and expertise in selecting, deploying and operating cybersecurity technologies, initiatives and processes around the world. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] |
We place a high priority on securing confidential business information and the sensitive personal information we receive and store about our consumers, customers and employees. We have systems in place to securely receive and store that information and to detect, contain, and respond to cybersecurity incidents. We also have processes to manage risk from cybersecurity threats associated with third parties, including service providers, such as risk assessments and contractual requirements that include cybersecurity measures. In addition, we have a cybersecurity and information security training and compliance program in place to support our teams who work in areas of cybersecurity and information security risk. As part of this program, VF employees who have access to confidential information receive training at least annually on cybersecurity and information security. To respond to the threat of security breaches and cyberattacks, VF maintains a program, overseen by VF’s CISO and COO, that is designed to protect and preserve the confidentiality, integrity and continued availability of all information and systems owned by, or in the care of, VF. This program also includes a cyber incident response plan that provides processes for timely and accurate reporting of any material cybersecurity incident. Our CISO has over thirty years of experience as a cybersecurity professional, including experience as the CISO of two large retailers, and reports to our COO, who leads our digital and technology functions and has nearly twenty years of experience enabling digital transformation for global companies. In addition, members of VF’s information security, IT and privacy teams have broad experience and expertise in selecting, deploying and operating cybersecurity technologies, initiatives and processes around the world. VF also engages service providers, consultants and other third parties in connection with these processes to provide augmented cybersecurity capabilities, deliver strategic advice, provide assurance regarding the effectiveness of certain processes and assist in cybersecurity incident response efforts, as needed. VF also maintains a cybersecurity risk insurance policy.
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] | true | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||