|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Risk management and strategy
We recognize the importance of protecting our critical information technology (“IT”) systems and data from material risks from cybersecurity threats. Risk management for cybersecurity threats is integrated into our overall enterprise risk management system. We consider cybersecurity risks alongside other business risks. Our risk management framework includes risk assessments, internal controls, and systems monitoring mechanisms. We have implemented and maintain various processes designed to assess, identify, and manage material risks from cybersecurity threats to our IT systems and critical data, including intellectual property, confidential information, that is proprietary, strategic or competitive in nature, health and medical data, clinical trial data, and personal data (“Information Systems and Data”). Third parties also play a role in our cybersecurity efforts. We engage third-party services to assist us from time to time to identify, assess, and manage material risks from cybersecurity threats, including for example through penetration testing, independent audits or consulting on practices to address new challenges. We conduct audits and evaluations of our IT infrastructure, network architecture, and software applications to help us identify vulnerabilities, potential entry points, and areas for improvement. We perform assessments considering principles from the National Institute of Standards and Technology Cybersecurity Framework and by using an external third-party security assessor from time to time.
Depending on the environment, systems, and data, we employ strategies and practices designed to protect and mitigate cybersecurity material risks to our Information Systems and Data, including but not limited to:
•Utilizing third-party tools to monitor threats and cybersecurity vulnerabilities, reduce risk, and enhance governance, risk, and compliance management.
•Engaging a managed cybersecurity service provider to monitor and assess cybersecurity threats, serve as a point of contact for incident notification, and collaborate with our in-house IT team.
•Maintaining security policies, procedures, and standards considering evolving threats and industry standards.
•Engaging external subject matter experts and advisors to inform us of current cyber practices, policies, and programs.
•Conducting tabletop exercises focused on scenarios such as ransomware, disaster recovery, and business continuity.
•Providing mandatory annual security and privacy awareness training to all employees who have access to company email and connected devices.
•Conducting phishing simulations and cyber hygiene training sessions to educate employees and promote responsible cybersecurity practices.
•Maintaining an incident response plan.
We have established an incident response team, which is led by our IT, legal, and compliance leaders and is comprised of stakeholders from various departments in the Company. A designated member from our IT team is responsible for conducting incident assessments, determining severity levels, informing relevant stakeholder, such as the incident response team and senior management, and maintaining documentation of the remediation activity.In the event of a security incident, our incident response processes are designed to escalate certain cybersecurity incidents to senior leadership, the audit committee and the board of directors, as deemed appropriate.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|We recognize the importance of protecting our critical information technology (“IT”) systems and data from material risks from cybersecurity threats. Risk management for cybersecurity threats is integrated into our overall enterprise risk management system. We consider cybersecurity risks alongside other business risks. Our risk management framework includes risk assessments, internal controls, and systems monitoring mechanisms.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Governance
Our audit committee is responsible for overseeing our cybersecurity risk management processes, including regarding cybersecurity threats. Our CFO, Anshul Maheshwari, and Vice President of Information Technology, Michael Vedda, provide briefings to our audit committee on the effectiveness and progress of our cybersecurity risk management program on regular basis. Mr. Vedda has more than 20 years of experience and engages with trusted third-party experts for support and guidance when additional guidance is required. Prior to joining SI-BONE, he managed cybersecurity functions, where he was responsible for overseeing cybersecurity strategy and operations, including incident response, threat intelligence, security awareness training programs, risk assessments and remediation, and regulatory and compliance matters. Our board of directors receives regular reports from our audit committee chair regarding our cyber risk management programs, potential cybersecurity risks, efforts to mitigate such risks, and the audit committee’s oversight of these activities.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Our audit committee is responsible for overseeing our cybersecurity risk management processes, including regarding cybersecurity threats.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Our board of directors receives regular reports from our audit committee chair regarding our cyber risk management programs, potential cybersecurity risks, efforts to mitigate such risks, and the audit committee’s oversight of these activities.
|Cybersecurity Risk Role of Management [Text Block]
|Our CFO, Anshul Maheshwari, and Vice President of Information Technology, Michael Vedda, provide briefings to our audit committee on the effectiveness and progress of our cybersecurity risk management program on regular basis.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|CFO, Anshul Maheshwari, and Vice President of Information Technology, Michael Vedda, provide briefings to our audit committee on the effectiveness and progress of our cybersecurity risk management program on regular basis.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Mr. Vedda has more than 20 years of experience and engages with trusted third-party experts for support and guidance when additional guidance is required. Prior to joining SI-BONE, he managed cybersecurity functions, where he was responsible for overseeing cybersecurity strategy and operations, including incident response, threat intelligence, security awareness training programs, risk assessments and remediation, and regulatory and compliance matters.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|Our board of directors receives regular reports from our audit committee chair regarding our cyber risk management programs, potential cybersecurity risks, efforts to mitigate such risks, and the audit committee’s oversight of these activities.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef