|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Cybersecurity Risk Management and Strategy
We have made significant efforts and investments to increase our cybersecurity posture. We currently maintain an information security risk management framework designed to protect the Company from risks from cybersecurity threats. This framework is informed by a security controls matrix that incorporates elements of an industry-standard cybersecurity framework. Our risk management framework operationalizes risk management principles designed to identify and assess upcoming risks, and assign the risks to risk owners with appropriate mitigation steps. We also conduct internal and external penetration testing and vulnerability assessments, and engage third-party cybersecurity experts to conduct periodic cybersecurity risk assessments.
are in the process of implementing a new enterprise risk management framework, tailored to the size and structure of the Company, to help us identify risks that should be reported/escalated to senior management. This new framework includes a risk forum that discusses changes in the risk environment, including key cybersecurity risks identified and managed by the IT Security function. The Head of IT Security is a standing member of the forum.
We also maintain written information security policies and procedures designed to ensure confidentiality, integrity and availability of the Galapagos data and IT systems. Our incident response plans and playbooks address clearly identified control objectives, which are based on industry standards, and have been operationalized in policies, procedures and work instructions. have also engaged an external security partner to support us on a broad set of cybersecurity activities the daily management of our security operations and on-demand services.
threats associated with the use of third-party vendors are managed and overseen through specific policies and procedures. Each vendor is evaluated on their cybersecurity risk, and remediation programs for identified risks are set up and periodically reviewed based on the initial .
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|are in the process of implementing a new enterprise risk management framework, tailored to the size and structure of the Company, to help us identify risks that should be reported/escalated to senior management. This new framework includes a risk forum that discusses changes in the risk environment, including key cybersecurity risks identified and managed by the IT Security function
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
The Company’s Board of Directors is responsible for the oversight of our risk management activities, and has delegated to the Audit Committee the responsibility to assist our Board in this task. While our Board of Directors oversees our risk management, our Executive Committee is responsible for day-to-day risk management processes.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Company’s Board of Directors is responsible for the oversight of our risk management activities, and has delegated to the Audit Committee the responsibility to assist our Board in this task.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Specifically,Audit Committee is responsible for evaluating Galapagos’ system of internal control and risk management, including the cybersecurity risk management program and related controls. The CISO and the Head of IT review risks from cybersecurity threats and incidents with the Audit Committee during an annual review, and report incidents that require escalation per set procedures. The Audit Committee is responsible for the final approval of any disclosure of a material cybersecurity incident
|Cybersecurity Risk Role of Management [Text Block]
|
The Chief Information Security Officer (“CISO”) is responsible for our information security risk management process, and reports periodically on the Galapagos information security risk environment to various Company stakeholders (internal control, data privacy, quality and compliance teams). Currently, the CISO position is held by an individual with over 20 years of work experience in life sciences IT management positions, and who previously had responsibility over information security and risk management.
We have also established a cross-functional Cybersecurity Disclosure team (“CSD team”) and Cybersecurity Disclosure board (“CSD board”) to oversee and manage the prioritization of risks from cybersecurity threats. The CSD team is comprised of the CISO and members of Galapagos’ legal and internal control teams. The CSD team members have experience in cybersecurity, legal and financial reporting. The CSD board is comprised of the CISO, the Senior Director, Head of Internal Control & Finance Operations, the General Counsel, and the Chief Financial Officer and Chief Operating Officer. The CSD board members have experience in the areas of cybersecurity, legal, data protection, internal control and finance.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|Chief Information Security Officer (“CISO”)
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Currently, the CISO position is held by an individual with over 20 years of work experience in life sciences IT management positions, and who previously had responsibility over information security and risk management.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|The Chief Information Security Officer (“CISO”) is responsible for our information security risk management process, and reports periodically on the Galapagos information security risk environment to various Company stakeholders (internal control, data privacy, quality and compliance teams).
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef