|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
We regularly assess risks from cybersecurity threats; monitor our information systems for potential vulnerabilities; and test those systems pursuant to our cybersecurity policies, processes, and practices, which are integrated into our overall risk management program. To protect our information systems from cybersecurity threats, we use various security tools that are designed to help identify, escalate, investigate, resolve, and recover from security incidents in a timely manner.
The company has an ERM program to identify, evaluate, and manage risks. Cybersecurity risks are evaluated alongside other critical business risks under the ERM program to align cybersecurity efforts with the company’s broader business goals and objectives. We believe that integrating cybersecurity risks into our ERM program fosters a proactive and holistic approach to cybersecurity, which helps safeguard the company’s operations, financial condition, and reputation in an ever-evolving threat landscape.
The company maintains a cybersecurity program that is designed to identify, protect from, detect, respond to, and recover from cybersecurity threats and risks, and protect the confidentiality, integrity, and availability of its information systems, including the information residing on such systems.
Cybersecurity threats, including those resulting from any previous cybersecurity incidents, have not materially affected the company, including our business strategy, results of operations, or financial condition. We do not believe that cybersecurity threats resulting from any previous cybersecurity incidents of which we are aware are reasonably likely to materially affect our company. See Item 1A. “Risk Factors—Our systems, infrastructure or data, or those used by our CROs, CMOs, clinical sites or other contractors or consultants, may or may be perceived to fail or suffer a cyberattack, security breach or other incident, including a breakdown or compromise of the confidentiality, integrity and availability of our systems, networks or data, which could adversely affect the operation of our business and reputation” for more information regarding cybersecurity risks and the potential impact on the company.
Incident ResponseThe company has a dedicated incident management team responsible for managing and coordinating its cybersecurity incident response efforts. This team also collaborates closely with other teams in identifying, protecting from, detecting, responding to, and recovering from cybersecurity incidents. Cybersecurity incidents that meet certain thresholds are escalated to the executive incident team and cross-functional teams on an as-needed basis for support and guidance. Additionally, this team tracks cybersecurity incidents to help identify and analyze them. The company’s incident response team partners with other key stakeholders as appropriate to respond to cybersecurity incidents. The company maintains a cybersecurity and incident response program to prepare for and respond to cybersecurity incidents, which includes standard processes for reporting and escalating cybersecurity incidents to the executive incident team. Additionally, the company conducts at least one incident response test exercise on an annual basis, where members of a cross-functional team engage in a simulated incident scenario.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|We regularly assess risks from cybersecurity threats; monitor our information systems for potential vulnerabilities; and test those systems pursuant to our cybersecurity policies, processes, and practices, which are integrated into our overall risk management program. To protect our information systems from cybersecurity threats, we use various security tools that are designed to help identify, escalate, investigate, resolve, and recover from security incidents in a timely manner.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Our Board of Directors oversees our risk management process, including as it pertains to cybersecurity risks, directly and through its committees. The Audit Committee (the Committee) of the Board of Directors oversees our cybersecurity and data privacy. The Committee meets periodically to review and discuss with management risks relating to significant cybersecurity matters and concerns involving the company, including information security, data privacy, backup of information systems and related regulatory matters and compliance. The Committee regularly reports to the Board of Directors with respect to the Committee’s activities and recommendations, including those relating to cybersecurity matters and concerns. The CIO provides quarterly reports to the Committee on information security matters, including the adequacy and effectiveness of the company’s information security policies and practices and the internal controls regarding information security, and notifies the chairperson of the Committee as soon as practicable of significant information security matters and concerns as they arise.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The company has a dedicated cybersecurity organization within its technology department that focuses on current and emerging cybersecurity matters. The company’s cybersecurity function is led by the company’s director of information security, who reports to the CIO. The director of information security and CIO (collectively, the Cybersecurity Leaders) are actively involved in assessing and managing cybersecurity risks, and are responsible for implementing cybersecurity policies, programs, procedures, and strategies.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
The company has a dedicated cybersecurity organization within its technology department that focuses on current and emerging cybersecurity matters. The company’s cybersecurity function is led by the company’s director of information security, who reports to the CIO. The director of information security and CIO (collectively, the Cybersecurity Leaders) are actively involved in assessing and managing cybersecurity risks, and are responsible for implementing cybersecurity policies, programs, procedures, and strategies. The responsibilities and relevant experience of each of the Cybersecurity Leaders are as follows:
The CIO provides leadership for the company’s technology department. She holds a Bachelor of Science, Communication from Arizona State University, has served in various roles in information technology for over 25 years, holds multiple certifications, and has been actively involved in the information security and cybersecurity domains for over 20 years.
The director of information security is responsible for all aspects of cybersecurity across the company’s locations and data centers, including security engineering, security operations, incident response, threat intelligence, risk and compliance, and vulnerability management. He holds a Bachelor of Science in Business Administration, Management Information Systems from the University of Arizona, holds various certifications, and has served in various roles in information technology for over 25 years at numerous technology companies and consulting firms.
The company’s cybersecurity department is comprised of teams that engage in a range of cybersecurity activities such as threat intelligence, security architecture, and incident response. These teams conduct vulnerability management and penetration testing to identify, classify, prioritize, remediate, and mitigate vulnerabilities. Leaders from each team regularly meet with the Cybersecurity Leaders to provide visibility to major issues and seek alignment with strategy. As discussed above, the company’s cybersecurity incident response plan includes standard processes for reporting and escalating cybersecurity incidents to senior management. Cybersecurity incidents that meet certain thresholds are escalated to the Cybersecurity Leaders and cross-functional teams on an as-needed basis for support and guidance. The company’s incident response team also coordinates with external legal advisors, communication specialists, and other key stakeholders.
|Cybersecurity Risk Role of Management [Text Block]
|
The company has a dedicated cybersecurity organization within its technology department that focuses on current and emerging cybersecurity matters. The company’s cybersecurity function is led by the company’s director of information security, who reports to the CIO. The director of information security and CIO (collectively, the Cybersecurity Leaders) are actively involved in assessing and managing cybersecurity risks, and are responsible for implementing cybersecurity policies, programs, procedures, and strategies. The responsibilities and relevant experience of each of the Cybersecurity Leaders are as follows:
The CIO provides leadership for the company’s technology department. She holds a Bachelor of Science, Communication from Arizona State University, has served in various roles in information technology for over 25 years, holds multiple certifications, and has been actively involved in the information security and cybersecurity domains for over 20 years.
The director of information security is responsible for all aspects of cybersecurity across the company’s locations and data centers, including security engineering, security operations, incident response, threat intelligence, risk and compliance, and vulnerability management. He holds a Bachelor of Science in Business Administration, Management Information Systems from the University of Arizona, holds various certifications, and has served in various roles in information technology for over 25 years at numerous technology companies and consulting firms.
The company’s cybersecurity department is comprised of teams that engage in a range of cybersecurity activities such as threat intelligence, security architecture, and incident response. These teams conduct vulnerability management and penetration testing to identify, classify, prioritize, remediate, and mitigate vulnerabilities. Leaders from each team regularly meet with the Cybersecurity Leaders to provide visibility to major issues and seek alignment with strategy. As discussed above, the company’s cybersecurity incident response plan includes standard processes for reporting and escalating cybersecurity incidents to senior management. Cybersecurity incidents that meet certain thresholds are escalated to the Cybersecurity Leaders and cross-functional teams on an as-needed basis for support and guidance. The company’s incident response team also coordinates with external legal advisors, communication specialists, and other key stakeholders.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|The company has a dedicated cybersecurity organization within its technology department that focuses on current and emerging cybersecurity matters. The company’s cybersecurity function is led by the company’s director of information security, who reports to the CIO. The director of information security and CIO (collectively, the Cybersecurity Leaders) are actively involved in assessing and managing cybersecurity risks, and are responsible for implementing cybersecurity policies, programs, procedures, and strategies.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|
The CIO provides leadership for the company’s technology department. She holds a Bachelor of Science, Communication from Arizona State University, has served in various roles in information technology for over 25 years, holds multiple certifications, and has been actively involved in the information security and cybersecurity domains for over 20 years.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|
The company has a dedicated cybersecurity organization within its technology department that focuses on current and emerging cybersecurity matters. The company’s cybersecurity function is led by the company’s director of information security, who reports to the CIO. The director of information security and CIO (collectively, the Cybersecurity Leaders) are actively involved in assessing and managing cybersecurity risks, and are responsible for implementing cybersecurity policies, programs, procedures, and strategies. The responsibilities and relevant experience of each of the Cybersecurity Leaders are as follows:
The CIO provides leadership for the company’s technology department. She holds a Bachelor of Science, Communication from Arizona State University, has served in various roles in information technology for over 25 years, holds multiple certifications, and has been actively involved in the information security and cybersecurity domains for over 20 years.
The director of information security is responsible for all aspects of cybersecurity across the company’s locations and data centers, including security engineering, security operations, incident response, threat intelligence, risk and compliance, and vulnerability management. He holds a Bachelor of Science in Business Administration, Management Information Systems from the University of Arizona, holds various certifications, and has served in various roles in information technology for over 25 years at numerous technology companies and consulting firms.
The company’s cybersecurity department is comprised of teams that engage in a range of cybersecurity activities such as threat intelligence, security architecture, and incident response. These teams conduct vulnerability management and penetration testing to identify, classify, prioritize, remediate, and mitigate vulnerabilities. Leaders from each team regularly meet with the Cybersecurity Leaders to provide visibility to major issues and seek alignment with strategy. As discussed above, the company’s cybersecurity incident response plan includes standard processes for reporting and escalating cybersecurity incidents to senior management. Cybersecurity incidents that meet certain thresholds are escalated to the Cybersecurity Leaders and cross-functional teams on an as-needed basis for support and guidance. The company’s incident response team also coordinates with external legal advisors, communication specialists, and other key stakeholders.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef