|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Abstract]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|Risk
management and strategy
We have implemented and maintain various information security processes designed to identify, assess and manage material risks from cybersecurity threats to our critical computer networks, third-party hosted services, communications systems, hardware and software, and our critical data, including intellectual property, confidential information that is proprietary, strategic or competitive in nature, and clinical trial data (Information Systems and Data).
The Company engages two external cybersecurity and information technology consultants to work with the Company, including the general counsel, to help identify, assess and manage the Company’s cybersecurity threats and risks, including through the use of the Company’s information security risk register. This group works to identify and assess risks from cybersecurity threats by monitoring and evaluating our threat environment using various methods, including, for example: manual and automated tools, subscribing to reports and services that identify cybersecurity threats, analyzing reports of threats and actors, conducting scans of the threat environment, and conducting third-party threat assessments.
Depending on the environment, we implement and maintain various technical, physical, and organizational measures, processes, standards and policies designed to manage and mitigate material risks from cybersecurity threats to our Information Systems and Data, including, for example: a vulnerability management policy, disaster recovery and business continuity plans, network security controls and data segregation (for certain systems), employee training, and cybersecurity insurance.
Our assessment and management of material risks from cybersecurity threats are integrated into the Company’s overall risk management processes. Cybersecurity risk is addressed as a component of the Company’s enterprise risk management program and identified in the Company’s risk register and senior management prioritizes our risk management processes and reports to the Audit Committee of the Board of Directors, which evaluates our overall enterprise risk.
We use third-party service providers to assist us from time to time to identify, assess, and manage material risks from cybersecurity threats, including, for example cybersecurity consultants and professional services firms (including legal counsel).
We also use third-party service providers to perform a variety of other functions throughout our business, such as application providers, hosting companies, contract research organizations, contract manufacturing organizations, and distributors. We have a vendor management program to manage cybersecurity risks associated with our use of these providers. The program includes a review of certain vendors’ written security program, a risk assessment for certain vendors, and imposition of information security contractual obligations on certain vendors.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|Our assessment and management of material risks from cybersecurity threats are integrated into the Company’s overall risk management processes. Cybersecurity risk is addressed as a component of the Company’s enterprise risk management program and identified in the Company’s risk register and senior management prioritizes our risk management processes and reports to the Audit Committee of the Board of Directors, which evaluates our overall enterprise risk.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|true
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|Governance
Our Board of Directors addresses the Company’s cybersecurity risk management as part of its general oversight function. The Audit Committee is responsible for overseeing the Company’s cybersecurity risk management processes, including oversight of mitigation of risks from cybersecurity threats.
Our cybersecurity risk assessment and management processes are implemented and maintained by our Cybersecurity Risk Management Team, (which includes our General Counsel) an external cybersecurity consultant with over 15 years of experience providing cybersecurity services and training (who is also a member of the Company’s Cybersecurity Risk Management Team) and an external information technology consultant.
Our Chief Executive Officer (CEO) is responsible for hiring appropriate personnel, helping to integrate cybersecurity risk considerations into the Company’s overall risk management strategy, and communicating key priorities to relevant personnel. The Company’s Cybersecurity Risk Management Team is responsible for developing budgets, helping prepare for cybersecurity incidents, approving cybersecurity processes, and reviewing security assessments and other security-related reports.
Our cybersecurity incident response and vulnerability management processes are designed to escalate certain cybersecurity incidents to members of management depending on the circumstances, including our Chief Financial Officer (CFO) and CEO. Our CFO and CEO work with the Company’s Incident Response Team to help the Company triage, contain, mitigate and remediate cybersecurity incidents of which they are notified. In addition, the Company’s incident response and vulnerability management processes include reporting to the Audit Committee for certain cybersecurity incidents.
The Board of Directors and Audit Committee receive regular reports from the Company’s Cybersecurity Risk Management Team concerning the Company’s significant cybersecurity threats and risk and the processes the Company has implemented to address them. The Board of Directors and Audit Committee also receive various reports, summaries and presentations related to cybersecurity threats, risk and mitigation.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Our Board of Directors addresses the Company’s cybersecurity risk management as part of its general oversight function.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Audit Committee is responsible for overseeing the Company’s cybersecurity risk management processes, including oversight of mitigation of risks from cybersecurity threats.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|Our cybersecurity risk assessment and management processes are implemented and maintained by our Cybersecurity Risk Management Team, (which includes our General Counsel) an external cybersecurity consultant with over 15 years of experience providing cybersecurity services and training (who is also a member of the Company’s Cybersecurity Risk Management Team) and an external information technology consultant.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|The Board of Directors and Audit Committee receive regular reports from the Company’s Cybersecurity Risk Management Team concerning the Company’s significant cybersecurity threats and risk and the processes the Company has implemented to address them. The Board of Directors and Audit Committee also receive various reports, summaries and presentations related to cybersecurity threats, risk and mitigation.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef