|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Cybersecurity is an important component of our overall risk management program. Our cybersecurity policies and practices are integrated into our risk management program and are based on recognized frameworks. ON24 is certified under ISO 27001:2013 and 27701:2019, which sets forth a strict framework for managing security and privacy risks, including the necessary internal process and policies to deal with cybersecurity risks and incidents.
Risk Management and Strategy
Our cybersecurity program focuses on the following key areas:
•Governance: Our Chief Information Officer (“CIO”) leads our cybersecurity risk management program, with oversight from our board of directors. Our CIO closely collaborates with Information Security and Legal/Privacy leaders with the support of other members of management and teams comprised of personnel with a broad range of experience in the technology industry.
•Collaboration: We have implemented a comprehensive, cross-functional approach to identifying, preventing and mitigating cybersecurity threats and incidents.
•Technical Safeguards: We deploy technical safeguards that are designed to protect our information systems from cybersecurity threats, including firewalls, intrusion prevention, data leak prevention and detection systems, anti-malware functionality and access controls.
•Incident Response and Recovery Planning: We have established and maintain comprehensive cybersecurity incident response and recovery plans, including legal obligations to report incidents, which we test and evaluate from time to time.
•Third-Party Risk Management: We maintain a comprehensive, risk-based approach to identifying and overseeing cybersecurity risks presented by third parties, including vendors and customers, that could adversely impact our business in the event of a cybersecurity incident affecting third-party systems.
•Education: We provide regular, mandatory training for staff regarding cybersecurity and privacy awareness.
We periodically assess and test our cybersecurity policies and practices. These efforts include tabletop exercises, vulnerability and penetration tests, and other exercises focused on evaluating the effectiveness of our cybersecurity measures and planning. We also engage third parties to assess our cybersecurity measures. As of December 31, 2024, we are not aware of any risks from cybersecurity threats that have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations or financial condition, although we are unable to provide any assurance that such risks will not become material in the future.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
Cybersecurity is an important component of our overall risk management program. Our cybersecurity policies and practices are integrated into our risk management program and are based on recognized frameworks. ON24 is certified under ISO 27001:2013 and 27701:2019, which sets forth a strict framework for managing security and privacy risks, including the necessary internal process and policies to deal with cybersecurity risks and incidents.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Our board of directors oversees cybersecurity as part of its risk oversight function. The audit committee also assists our board of directors in fulfilling its responsibilities with respect to oversight of our cybersecurity programs, including assisting with reviewing the adequacy and effectiveness of our cybersecurity policies and practices and receiving regular presentations and reports from management. The audit committee provides regular briefings to our board of directors as appropriate. We follow an incident response plan that includes reporting prompt and timely information regarding material cybersecurity incidents, remediation, and related matters.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The audit committee also assists our board of directors in fulfilling its responsibilities with respect to oversight of our cybersecurity programs, including assisting with reviewing the adequacy and effectiveness of our cybersecurity policies and practices and receiving regular presentations and reports from management.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The audit committee provides regular briefings to our board of directors as appropriate. We follow an incident response plan that includes reporting prompt and timely information regarding material cybersecurity incidents, remediation, and related matters.
|Cybersecurity Risk Role of Management [Text Block]
|
Our CIO and other leaders work collaboratively across our organization to protect our information systems from cybersecurity threats and to promptly respond to incidents in accordance with our incident response plan, including the necessary steps to ensure remediation. Through ongoing communications, these teams monitor the prevention, detection, mitigation and remediation of cybersecurity threats and incidents in real time and report such threats and incidents to our board of directors when appropriate.
Our CIO has over 20 years of professional experience specializing in business transformation, change management, executive leadership, and IT strategy, and has worked with technology security, banking and media companies. Our head of Information Security also brings over 20 years of security, privacy, and compliance experience from public and private sector roles, including leading the security programs at SaaS companies for over a decade.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|The audit committee also assists our board of directors in fulfilling its responsibilities with respect to oversight of our cybersecurity programs, including assisting with reviewing the adequacy and effectiveness of our cybersecurity policies and practices and receiving regular presentations and reports from management. The audit committee provides regular briefings to our board of directors as appropriate. We follow an incident response plan that includes reporting prompt and timely information regarding material cybersecurity incidents, remediation, and related matters.
Our CIO and other leaders work collaboratively across our organization to protect our information systems from cybersecurity threats and to promptly respond to incidents in accordance with our incident response plan, including the necessary steps to ensure remediation. Through ongoing communications, these teams monitor the prevention, detection, mitigation and remediation of cybersecurity threats and incidents in real time and report such threats and incidents to our board of directors when appropriate.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|
Our CIO has over 20 years of professional experience specializing in business transformation, change management, executive leadership, and IT strategy, and has worked with technology security, banking and media companies. Our head of Information Security also brings over 20 years of security, privacy, and compliance experience from public and private sector roles, including leading the security programs at SaaS companies for over a decade.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|
Our board of directors oversees cybersecurity as part of its risk oversight function. The audit committee also assists our board of directors in fulfilling its responsibilities with respect to oversight of our cybersecurity programs, including assisting with reviewing the adequacy and effectiveness of our cybersecurity policies and practices and receiving regular presentations and reports from management. The audit committee provides regular briefings to our board of directors as appropriate. We follow an incident response plan that includes reporting prompt and timely information regarding material cybersecurity incidents, remediation, and related matters.
Our CIO and other leaders work collaboratively across our organization to protect our information systems from cybersecurity threats and to promptly respond to incidents in accordance with our incident response plan, including the necessary steps to ensure remediation. Through ongoing communications, these teams monitor the prevention, detection, mitigation and remediation of cybersecurity threats and incidents in real time and report such threats and incidents to our board of directors when appropriate.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef