|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Cybersecurity Risk Management
We collect and maintain information in digital form that is necessary to conduct operations and engage with our customers and business partners, and we are increasingly dependent on information technology systems and network infrastructure to operate our business. We rely on information technology systems to keep financial records, manage our manufacturing operations, maintain quality control, fulfill customer orders, facilitate our research and development initiatives, maintain corporate records, communicate with staff and external parties and operate other critical functions. We operate some of these systems, but we also rely on third-party providers for a range of software, products and services that are critical to our operations and business. Both our and our third-party providers’ information technology systems are vulnerable to threat from cyber intrusion, ransomware, denial of service, phishing, account takeover, data manipulation, and other cyber misconduct.
Our information technology organization seeks to employ best practices, including the implementation of a cybersecurity risk management program intended to protect the confidentiality, integrity and availability of our critical systems and information. Our cybersecurity risk management program includes several processes, including, but not limited to, the following:
We designed and assessed our program based on industry standards and framework, including ISO (“International Organization for Standardization”), NIST (“National Institute of Standards and Technology”), and ITIL (“Information Technology Infrastructure Library”). While this does not imply that we meet any particular technical standards, specifications or requirements, we use these industry standards and framework as a guide to assist us to identify, assess and manage cybersecurity risks relevant to our business.
We work with third party cybersecurity professionals to conduct security assessments of our enterprise-wide cybersecurity practices, including penetration testing, and identify areas for continuous improvement within the information security program.
Although we have implemented various measures to protect our information technology systems and mitigate cybersecurity threats, cybersecurity risk can never be eliminated, and we may from time to time be exposed to risks from cybersecurity threats. While we have not experienced any material cybersecurity threats or incidents as of the date of this Annual Report on Form 20-F, there can be no guarantee that we will not be the subject of future successful attacks, threats, or incidents that may materially affect us, including our business strategy, results of operations, or financial condition.
For more information regarding the risks associated with cybersecurity incidents, see “Item 3. Key Information—D. Risk Factors—Risks Related to Our Company and Our Industry—Interruption, security breaches or failures of information technology, control and communication systems could disrupt our business and expose us to liability” and “—Risks Related to Doing Business in China—Failure to comply with PRC regulations and other legal obligations concerning cybersecurity, privacy, data protection and informational security may materially and adversely affect our business, as we routinely collect, store and use data during the conduct of our business.”
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|Our cybersecurity risk management program includes several processes, including, but not limited to, the following:
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
The board of directors oversees the Company’s risk management processes directly and through its committees. Our cybersecurity risk management program is integrated into our overall enterprise risk management program, and shares common methodologies, reporting channels and governance processes that apply across the enterprise risk management program to other legal, compliance, strategic, operational and financial risk areas.
The Nominating and Corporate Governance Committee oversees management’s implementation of our cybersecurity risk management program. The Nominating and Corporate Governance Committee receives periodic reports from management on our cybersecurity risks. In addition, our management updates the Nominating and Corporate Governance Committee, as necessary, regarding any material cyber security incidents, as well as any incidents with lesser impact potential. The Nominating and Corporate Governance Committee reports to the full board of directors regarding its activities, including those related to cybersecurity.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Nominating and Corporate Governance Committee
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Nominating and Corporate Governance Committee receives periodic reports from management on our cybersecurity risks.In addition, our management updates the Nominating and Corporate Governance Committee, as necessary, regarding any material cyber security incidents, as well as any incidents with lesser impact potential. The Nominating and Corporate Governance Committee reports to the full board of directors regarding its activities, including those related to cybersecurity.
|Cybersecurity Risk Role of Management [Text Block]
|Our management supervises efforts to prevent, detect, mitigate and remediate cybersecurity risks and incidents through various means, which may include briefings from internal information technology personnel; threat intelligence and other information obtained, including external consultants engaged by us; and alerts and reports produced by security tools deployed in the information technology environment. Our internal information technology personnel who support our information security program have relevant educational and industry experience, including holding similar positions at large companies.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|internal information technology personnel
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Our internal information technology personnel who support our information security program have relevant educational and industry experience, including holding similar positions at large companies.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|Our management supervises efforts to prevent, detect, mitigate and remediate cybersecurity risks and incidents through various means, which may include briefings from internal information technology personnel; threat intelligence and other information obtained, including external consultants engaged by us; and alerts and reports produced by security tools deployed in the information technology environment.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef