|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
IRadimed employs a multilayer approach to addressing cybersecurity risk based on the National Institute of Standards and Technology (NIST) framework. It has established a cybersecurity team that utilizes internal and external assessments, automated monitoring tools, and input from public and private partners to identify potential cyber threats. External third-party security firms are engaged to assist with cybersecurity risk assessments, penetration testing and system security analysis.
Our cybersecurity team works in conjunction with management, legal, finance, accounting, operations, and information technology areas to assess the risk these identified cybersecurity threats present to the organization. The Chief Executive Officer is responsible for overseeing our information technology leadership team and leading the Company’s efforts to mitigate technology risks in partnership with various business leaders in the organization. To ensure consistency, these cybersecurity risk assessments are incorporated into IRadimed’s enterprise risk management process, and our information technology leadership team reviews the Company’s enterprise risk management-level cybersecurity risks on a quarterly basis, and key cybersecurity risks are incorporated into the enterprise risk management framework. Cybersecurity risks are managed and controlled through multiple overlapping layers of cybersecurity defenses that include:
The Board provides enterprise-level oversight of risks associated with cybersecurity threats through the Audit Committee, which serves and functions as the Board’s primary oversight body to monitor the Company’s cybersecurity and related information technology risks and assists the Board of Directors in fulfilling its oversight responsibilities regarding Company policies and processes with respect to risk assessment and risk management, including any significant non-financial risk exposures; reviewing and discussing our information security policies and internal controls regarding information security; and reviewing the annual disclosures concerning the role of the Board in the risk oversight of the Company. The Audit Committee performs an annual review of the cybersecurity program and receives regular updates on key cybersecurity risks, the cybersecurity risk management plan, and cyber incident event trends. The Audit Committee
oversees the Company’s disclosure of any cybersecurity incident deemed material (and such materiality determination will be made by the Board upon recommendation of the Audit Committee) as required by the SEC or any other governmental authority, as applicable.
In addition to managing our own cybersecurity preparedness, we also consider and evaluate cybersecurity risks associated with the use of third-party service providers. Risk assessments are performed against third-party service providers with a specific focus on any sensitive data that is to be shared with them. The internal business owners of vertical applications are required to document user access reviews regularly. We request a System and Organizational Controls (“SOC”) 2 report from the vendors of our enterprise cloud applications. If they do not provide us with a SOC 2, we seek additional compensating risk assurance in our contract language with them. Risks associated with the use of third-party service providers are managed as part of our overall cybersecurity risk management framework.
To continually manage and control the material risks that cybersecurity threats present to the organization, IRadimed invests significantly in the cybersecurity elements outlined above. In addition, the Company has made investments to fulfill the operational and financial regulatory requirements laid out by the Sarbanes-Oxley Act of 2002.
IRadimed faces a number of cybersecurity risks in connection with its business. Although such risks have not materially affected us, including our business strategy, results of operations, or financial conditions, to date, we have, from time to time, experienced threats to and breaches of our data systems, including malware, phishing and computer virus attacks.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|Cybersecurity risks are managed and controlled through multiple overlapping layers of cybersecurity defenses that include:
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
The Board provides enterprise-level oversight of risks associated with cybersecurity threats through the Audit Committee, which serves and functions as the Board’s primary oversight body to monitor the Company’s cybersecurity and related information technology risks and assists the Board of Directors in fulfilling its oversight responsibilities regarding Company policies and processes with respect to risk assessment and risk management, including any significant non-financial risk exposures; reviewing and discussing our information security policies and internal controls regarding information security; and reviewing the annual disclosures concerning the role of the Board in the risk oversight of the Company. The Audit Committee performs an annual review of the cybersecurity program and receives regular updates on key cybersecurity risks, the cybersecurity risk management plan, and cyber incident event trends. The Audit Committee
oversees the Company’s disclosure of any cybersecurity incident deemed material (and such materiality determination will be made by the Board upon recommendation of the Audit Committee) as required by the SEC or any other governmental authority, as applicable.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Audit Committee
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Audit Committee performs an annual review of the cybersecurity program and receives regular updates on key cybersecurity risks, the cybersecurity risk management plan, and cyber incident event trends.
|Cybersecurity Risk Role of Management [Text Block]
|Our cybersecurity team works in conjunction with management, legal, finance, accounting, operations, and information technology areas to assess the risk these identified cybersecurity threats present to the organization. The Chief Executive Officer is responsible for overseeing our information technology leadership team and leading the Company’s efforts to mitigate technology risks in partnership with various business leaders in the organization
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|The Chief Executive Officer
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef