Cybersecurity Risk Management and Strategy Disclosure |
12 Months Ended |
---|---|
Dec. 31, 2024 | |
Cybersecurity Risk Management, Strategy, and Governance [Line Items] | |
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] |
We maintain a cybersecurity risk assessment program and framework as set forth in our cybersecurity policies and standards. We have designed our security program around the International Organization for Standardization International Electrotechnical Commission (ISO/IEC) 27001 standard on a strategic and tactical level. This does not imply that we meet
any particular technical standards, specifications, or requirements, only that we use the ISO/IEC standard as a guide to help us identify, assess, and manage cybersecurity risks relevant to our business. Additionally, in furtherance of identifying, assessing, and managing material cybersecurity risks, we:
•Perform risk assessments designed to help identify material cybersecurity risks to our critical systems, information, products, services, and our broader enterprise information technology (“IT”) environment, including those related to use of external cyber security partners. This risk management process consists of risk assessments for identification and decisions on risk treatment strategies with related risk treatment plans. All risks identified in this process are registered in Allego’s Risk Register;
•Perform regular internal assessments of our cybersecurity program against the -ISO/IEC 27001 standard. The results of these assessments are then reviewed and, based on such findings, action plans are developed and progress tracked through completion;
•Maintain security teams principally responsible for managing (1) our cybersecurity risk assessment processes, (2) our security controls, and (3) our response to cybersecurity incidents;
•Analyze cybersecurity incidents to determine applicability to our environment and industry. Findings from such analyses are then reviewed and utilized to create action plans where applicable and relevant to our environment and industry;
•Perform regular cybersecurity awareness trainings for our employees, and senior management; and
•Implemented a cybersecurity incident response plan that includes procedures for responding to cybersecurity threats.
The risk management process also includes third party risk assessments for third party service providers (e.g. Microsoft Azure Cloud and so-called Software as a Service providers). For this we have a Vendor Information Security Questionnaire (VISQ) which is being performed when introducing a new third-party service provider. Through contractual agreements, we also monitor compliance with our cybersecurity requirements periodically. With respect to our third-party risk management processes, we employ third-party due diligence, onboarding, and other procedures designed to assess the data protection, data privacy, and cybersecurity practices of third-party service providers, suppliers and vendors. However, our ability to monitor or control such practices is limited and there can be no assurance that we can detect, prevent, mitigate, or remediate the risk of any weakness, compromise, or failure in the systems, networks, and information owned or controlled by such third parties. When we become aware that a third-party service provider, supplier, or vendor has experienced any compromise or failure, we attempt to mitigate our risk, including by terminating such third party’s connections to our systems, networks and information where appropriate.
We have not identified any risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents, that have materially affected or are reasonably likely to materially affect us, including our operations, business strategy, results of operations, or financial condition. See also “Item 3. Risk Factors—D. Risk Factors—Risks Related to Allego's Technology, Intellectual Property and Infrastructure—Allego may need to defend against intellectual property infringement or misappropriation claims, which may be time consuming and expensive,” “—Allego’s business may be adversely affected if it is unable to maintain, protect or enforce its rights in its technology and intellectual property,” and “—Computer malware, viruses, ransomware, hacking, phishing attacks and similar disruptions could result in security and privacy breaches and interruption in service, which could harm Allego’s business.”
|
Cybersecurity Risk Management Processes Integrated [Flag] | true |
Cybersecurity Risk Management Processes Integrated [Text Block] |
We maintain a cybersecurity risk assessment program and framework as set forth in our cybersecurity policies and standards. We have designed our security program around the International Organization for Standardization International Electrotechnical Commission (ISO/IEC) 27001 standard on a strategic and tactical level. This does not imply that we meet any particular technical standards, specifications, or requirements, only that we use the ISO/IEC standard as a guide to help us identify, assess, and manage cybersecurity risks relevant to our business.
|
Cybersecurity Risk Management Third Party Engaged [Flag] | true |
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] | true |
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] | false |
Cybersecurity Risk Board of Directors Oversight [Text Block] |
Our Board of Directors has ultimate oversight for risks relating to our cybersecurity program and practices and receives regular updates from our internal cybersecurity teams on cybersecurity risks and threats. For the majority of the year, Allego has chief information security officer (CISO), as per 31 December 2024 this function was vacant, but on 1 April 2025 a new CISO has been onboarded. Additionally, within its IT team Allego has several experts on information and cybersecurity.
|
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] |
Our Board of Directors has ultimate oversight for risks relating to our cybersecurity program and practices and receives regular updates from our internal cybersecurity teams on cybersecurity risks and threats. For the majority of the year, Allego has chief information security officer (CISO), as per 31 December 2024 this function was vacant, but on 1 April 2025 a new CISO has been onboarded. Additionally, within its IT team Allego has several experts on information and cybersecurity.
|
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] | Our management team, including our Information Security team and IT management team, is responsible for assessing and managing our material risks from cybersecurity threats. |
Cybersecurity Risk Role of Management [Text Block] |
In addition, our Audit Committee provides Board-level oversight for management’s actions with respect to organization and global strategy used to identify, assess and manage our key cybersecurity programs and risks. The Audit Committee receives regular reports from management on our cybersecurity risks, including, as necessary, any updates on material cybersecurity incidents, as well as any incidents with lower impacts.
Our management team, including our Information Security team and IT management team, is responsible for assessing and managing our material risks from cybersecurity threats. The team has primary responsibility for our overall cybersecurity risk management program and supervises both our internal cybersecurity personnel and our related external cyber security partners. Our management team takes steps to stay informed about and monitor the identification, prevention, detection,
protection, mitigation, and remediation of key cybersecurity risks and incidents through various means, which may include briefings with internal cybersecurity team members and external consultants, threat intelligence and other information obtained from governmental, public or private sources, and alerts and reports that are generated by security tools deployed in the information systems’ environments.
|
Cybersecurity Risk Management Positions or Committees Responsible [Flag] | true |
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] |
Our Board of Directors has ultimate oversight for risks relating to our cybersecurity program and practices and receives regular updates from our internal cybersecurity teams on cybersecurity risks and threats. For the majority of the year, Allego has chief information security officer (CISO), as per 31 December 2024 this function was vacant, but on 1 April 2025 a new CISO has been onboarded. Additionally, within its IT team Allego has several experts on information and cybersecurity.
|
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] | Our management team, including our Information Security team and IT management team, is responsible for assessing and managing our material risks from cybersecurity threats. |
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] |
Our management team, including our Information Security team and IT management team, is responsible for assessing and managing our material risks from cybersecurity threats. The team has primary responsibility for our overall cybersecurity risk management program and supervises both our internal cybersecurity personnel and our related external cyber security partners. Our management team takes steps to stay informed about and monitor the identification, prevention, detection,
protection, mitigation, and remediation of key cybersecurity risks and incidents through various means, which may include briefings with internal cybersecurity team members and external consultants, threat intelligence and other information obtained from governmental, public or private sources, and alerts and reports that are generated by security tools deployed in the information systems’ environments.
|
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] | true |