|
Cybersecurity Risk Management, Strategy, and Governance
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Item 1C. Cybersecurity
Risk Management and Strategy
We are a clinical stage biopharmaceutical company with no commercial operations or revenue streams and our sole business activity has been ongoing research into our drug therapies. We have certain processes for assessing, identifying and managing cybersecurity threats, including any potential unauthorized occurrence on or conducted through our information systems, which are built into our overall risk management program. Our processes are designed to preserve the confidentiality, integrity, and availability of the information that we collect and store by identifying, preventing, and mitigating cybersecurity threats and effectively responding to cybersecurity incidents when they occur. Such processes include physical, procedural and technical safeguards, and response plans on our systems. We engage an external consultant to manage cybersecurity tooling and incident response, as well as general information technology, or IT, systems, which enhance our cybersecurity oversight. We consider the internal risk of oversight programs of the third-party consultant before engaging them in order to help protect us from any related vulnerabilities. As our company grows, we plan to expand our strategy for cybersecurity in alignment with nationally accepted standards.
Based on an assessment using the previously described cybersecurity risk management program, we do not believe that there are currently any risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents, that have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations or financial condition. For additional information regarding risks from cybersecurity threats, please refer to Item 1A. “Risk Factors” in this Annual Report on Form 10-K.
Governance
Our management and board of directors recognize the critical importance of maintaining the trust and confidence of our business partners and employees, including the importance of managing cybersecurity risks as part of our larger risk management program. We seek to address cybersecurity risks through a cross-functional approach.
One of the key functions of our board of directors is informed oversight of our risk management process, including risks from cybersecurity threats. Our board of directors is responsible for monitoring and assessing strategic risk exposure, and our audit committee, comprised of members with substantial experience in information technology governance and risk management, oversees our cybersecurity strategy. Our board of directors receives periodic updates from management regarding cybersecurity matters, and is notified between such updates regarding significant new cybersecurity threats or incidents.
Our executive officers are responsible for the day-to-day management of the material risks that we face. Our executive officers are led by a third-party consultant, who oversees company-wide cybersecurity strategy, policy, standards and processes and works across relevant departments to assess and help prepare us and our employees to address cybersecurity risks. The third-party consultant is advised by their Security Operations Center Manager with a
variety of technical certifications, as well as extensive background in IT infrastructure, risk mitigation, and incident response planning.
In an effort to deter and detect cyber threats, we annually provide all employees, including part-time and temporary employees, with a data protection, cybersecurity and incident response and prevention training and compliance program, which covers a range of timely and relevant topics. Past topics have included social engineering, phishing, password protection, confidential data protection, asset use and mobile security. The training and compliance program functions to educate employees on the importance of reporting all incidents immediately. We also use technology-based tools to mitigate cybersecurity risks and to bolster our employee-based cybersecurity programs.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
One of the key functions of our board of directors is informed oversight of our risk management process, including risks from cybersecurity threats. Our board of directors is responsible for monitoring and assessing strategic risk exposure, and our audit committee, comprised of members with substantial experience in information technology governance and risk management, oversees our cybersecurity strategy. Our board of directors receives periodic updates from management regarding cybersecurity matters, and is notified between such updates regarding significant new cybersecurity threats or incidents.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|One of the key functions of our board of directors is informed oversight of our risk management process, including risks from cybersecurity threats. Our board of directors is responsible for monitoring and assessing strategic risk exposure, and our audit committee, comprised of members with substantial experience in information technology governance and risk management, oversees our cybersecurity strategy.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Our board of directors receives periodic updates from management regarding cybersecurity matters, and is notified between such updates regarding significant new cybersecurity threats or incidents.
|Cybersecurity Risk Role of Management [Text Block]
|We have certain processes for assessing, identifying and managing cybersecurity threats, including any potential unauthorized occurrence on or conducted through our information systems, which are built into our overall risk management program. Our processes are designed to preserve the confidentiality, integrity, and availability of the information that we collect and store by identifying, preventing, and mitigating cybersecurity threats and effectively responding to cybersecurity incidents when they occur.
One of the key functions of our board of directors is informed oversight of our risk management process, including risks from cybersecurity threats. Our board of directors is responsible for monitoring and assessing strategic risk exposure, and our audit committee, comprised of members with substantial experience in information technology governance and risk management, oversees our cybersecurity strategy. Our board of directors receives periodic updates from management regarding cybersecurity matters, and is notified between such updates regarding significant new cybersecurity threats or incidents.
Our executive officers are responsible for the day-to-day management of the material risks that we face. Our executive officers are led by a third-party consultant, who oversees company-wide cybersecurity strategy, policy, standards and processes and works across relevant departments to assess and help prepare us and our employees to address cybersecurity risks. The third-party consultant is advised by their Security Operations Center Manager with a
variety of technical certifications, as well as extensive background in IT infrastructure, risk mitigation, and incident response planning.In an effort to deter and detect cyber threats, we annually provide all employees, including part-time and temporary employees, with a data protection, cybersecurity and incident response and prevention training and compliance program, which covers a range of timely and relevant topics. Past topics have included social engineering, phishing, password protection, confidential data protection, asset use and mobile security. The training and compliance program functions to educate employees on the importance of reporting all incidents immediately.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|Our executive officers are led by a third-party consultant, who oversees company-wide cybersecurity strategy, policy, standards and processes and works across relevant departments to assess and help prepare us and our employees to address cybersecurity risks. The third-party consultant is advised by their Security Operations Center Manager with a variety of technical certifications, as well as extensive background in IT infrastructure, risk mitigation, and incident response planning.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|we annually provide all employees, including part-time and temporary employees, with a data protection, cybersecurity and incident response and prevention training and compliance program, which covers a range of timely and relevant topics. Past topics have included social engineering, phishing, password protection, confidential data protection, asset use and mobile security.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|We have certain processes for assessing, identifying and managing cybersecurity threats, including any potential unauthorized occurrence on or conducted through our information systems, which are built into our overall risk management program. Our processes are designed to preserve the confidentiality, integrity, and availability of the information that we collect and store by identifying, preventing, and mitigating cybersecurity threats and effectively responding to cybersecurity incidents when they occur.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef