|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Nov. 30, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Risk Management and Strategy
We maintain processes for assessing, identifying, and managing cybersecurity risks. These processes are designed to protect our information assets and operations from both internal and external cyber threats, including protecting employee and patient information from unauthorized access or attack, and to secure our networks and systems. Our cybersecurity and data privacy programs are aligned to, among others, the U.S. National Institute of Standards and Technology (NIST) Cybersecurity Framework to assess, identify and manage material risks from cybersecurity threats. We employ a combination of physical, procedural, and technical safeguards, regular system tests, incident simulations, and routine policy and procedure reviews to identify risks and enhance our practices.
We have a cybersecurity incident response plan (CIRP) that we review on at least an annual basis and update as business needs and the security landscapes change and as required. In the event of a cybersecurity incident, our incident response team refers to our CIRP and existing management internal controls and disclosure processes. Pursuant to this process, designated personnel are responsible for assessing the severity of the incident and any associated threats, containing and resolving the incident as quickly as possible, managing any damage to our systems and networks, minimizing the impact on our stakeholders, analyzing and executing upon internal reporting obligations, escalating information about the incident to senior management and the Board of Directors, as appropriate, and performing post-incident analysis and program enhancements, as needed. We perform tabletop exercises on at least an annual basis to test our incident response procedures, identify gaps and improvement opportunities and exercise team preparedness.
We provide our employees and consultants with privacy, data protection, cybersecurity incident response, and prevention education and awareness training, which includes annual and supplemental training covering relevant topics, such as social engineering, phishing, password protection, confidential data protection, asset use, and mobile security, and educates employees on the importance of reporting all incidents immediately. In addition, we perform phishing test campaigns on at least a quarterly basis to reinforce identification and reporting training.We engage third parties to conduct risk assessments on our systems and other vulnerability analyses on a recurring basis and assist with containment and remediation efforts. In addition, third-party technology and analytics and penetration testing are utilized to identify potential vulnerabilities. To manage risks related to cybersecurity incidents that could impact our CROs, third-party vendors and other contractors and consultants, we maintain a third-party risk management program, which is designed to assess the security controls of our third parties. The assessment methodology is based on risk and relies on the data, access, connectivity, and criticality of the services that the third-party offers.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
We maintain processes for assessing, identifying, and managing cybersecurity risks. These processes are designed to protect our information assets and operations from both internal and external cyber threats, including protecting employee and patient information from unauthorized access or attack, and to secure our networks and systems. Our cybersecurity and data privacy programs are aligned to, among others, the U.S. National Institute of Standards and Technology (NIST) Cybersecurity Framework to assess, identify and manage material risks from cybersecurity threats. We employ a combination of physical, procedural, and technical safeguards, regular system tests, incident simulations, and routine policy and procedure reviews to identify risks and enhance our practices.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Our cybersecurity and data privacy programs are implemented and overseen by our Chief Information Security Officer (CISO), our Senior Vice President (SVP) of Information Technology, and members of our executive management team.
Our SVP of Information Technology has over 20 years of information technology experience, with over 15 years of experience leading technology and cybersecurity programs in biopharmaceutical companies. Since joining Nurix in 2021, our SVP of Information Technology has led all information technology strategy and operations, including our cybersecurity program. Previously, he served as Chief Technology Advisor focused on cybersecurity incident response and strategic security consulting, and held senior IT leadership roles at multiple clinical-stage biotechnology companies. He holds industry cybersecurity certifications and is undertaking advanced studies in IT Management and Cybersecurity.
Our CISO has over 20 years of experience in information security, including more than 15 years of experience leading large-scale cybersecurity and privacy programs across various industries. He currently leads all aspects of our enterprise cybersecurity strategy, risk governance, and privacy effort. He holds industry-recognized certifications, including CISSP. He earned his MBA with a focus on Finance and Strategy and a B.E. in Electronics and Communication.
Our SVP of Information Technology and our CISO regularly provide cyber threat intelligence briefings to management on the status of the Company’s security measures and our efforts to identify and mitigate risks from cybersecurity threats. Our SVP of Information Technology and CISO also work closely with our Chief Financial Officer and Chief Legal Officer to further enhance incident response procedures and to assess and manage risks from cybersecurity threats.
The Audit Committee of our Board of Directors (Audit Committee) oversees the Company’s overall enterprise risk assessment and risk management policies and guidelines, including risks related to cybersecurity matters. The Audit Committee provides periodic reports to the Board of Directors regarding its oversight of cybersecurity, information technology, data protection and related matters. Members of the Board of Directors also participate in table-top exercises involving simulated data security incidents and the Company’s responses to those incidents.The Audit Committee receives regular presentations and reports on cybersecurity risks, which address a wide range of topics including recent developments, evolving standards, vulnerability assessments, third-party and independent reviews, the threat environment, planned improvements to our cybersecurity program, and the status of information security initiatives. The Audit Committee also receives prompt and timely information regarding any cybersecurity incident that meets established reporting thresholds.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Audit Committee of our Board of Directors (Audit Committee) oversees the Company’s overall enterprise risk assessment and risk management policies and guidelines, including risks related to cybersecurity matters.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Audit Committee provides periodic reports to the Board of Directors regarding its oversight of cybersecurity, information technology, data protection and related matters.
|Cybersecurity Risk Role of Management [Text Block]
|
Our cybersecurity and data privacy programs are implemented and overseen by our Chief Information Security Officer (CISO), our Senior Vice President (SVP) of Information Technology, and members of our executive management team.
Our SVP of Information Technology has over 20 years of information technology experience, with over 15 years of experience leading technology and cybersecurity programs in biopharmaceutical companies. Since joining Nurix in 2021, our SVP of Information Technology has led all information technology strategy and operations, including our cybersecurity program. Previously, he served as Chief Technology Advisor focused on cybersecurity incident response and strategic security consulting, and held senior IT leadership roles at multiple clinical-stage biotechnology companies. He holds industry cybersecurity certifications and is undertaking advanced studies in IT Management and Cybersecurity.
Our CISO has over 20 years of experience in information security, including more than 15 years of experience leading large-scale cybersecurity and privacy programs across various industries. He currently leads all aspects of our enterprise cybersecurity strategy, risk governance, and privacy effort. He holds industry-recognized certifications, including CISSP. He earned his MBA with a focus on Finance and Strategy and a B.E. in Electronics and Communication.
Our SVP of Information Technology and our CISO regularly provide cyber threat intelligence briefings to management on the status of the Company’s security measures and our efforts to identify and mitigate risks from cybersecurity threats. Our SVP of Information Technology and CISO also work closely with our Chief Financial Officer and Chief Legal Officer to further enhance incident response procedures and to assess and manage risks from cybersecurity threats.
The Audit Committee of our Board of Directors (Audit Committee) oversees the Company’s overall enterprise risk assessment and risk management policies and guidelines, including risks related to cybersecurity matters. The Audit Committee provides periodic reports to the Board of Directors regarding its oversight of cybersecurity, information technology, data protection and related matters. Members of the Board of Directors also participate in table-top exercises involving simulated data security incidents and the Company’s responses to those incidents.The Audit Committee receives regular presentations and reports on cybersecurity risks, which address a wide range of topics including recent developments, evolving standards, vulnerability assessments, third-party and independent reviews, the threat environment, planned improvements to our cybersecurity program, and the status of information security initiatives. The Audit Committee also receives prompt and timely information regarding any cybersecurity incident that meets established reporting thresholds.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|
Our cybersecurity and data privacy programs are implemented and overseen by our Chief Information Security Officer (CISO), our Senior Vice President (SVP) of Information Technology, and members of our executive management team.
Our SVP of Information Technology has over 20 years of information technology experience, with over 15 years of experience leading technology and cybersecurity programs in biopharmaceutical companies. Since joining Nurix in 2021, our SVP of Information Technology has led all information technology strategy and operations, including our cybersecurity program. Previously, he served as Chief Technology Advisor focused on cybersecurity incident response and strategic security consulting, and held senior IT leadership roles at multiple clinical-stage biotechnology companies. He holds industry cybersecurity certifications and is undertaking advanced studies in IT Management and Cybersecurity.
Our CISO has over 20 years of experience in information security, including more than 15 years of experience leading large-scale cybersecurity and privacy programs across various industries. He currently leads all aspects of our enterprise cybersecurity strategy, risk governance, and privacy effort. He holds industry-recognized certifications, including CISSP. He earned his MBA with a focus on Finance and Strategy and a B.E. in Electronics and Communication.
Our SVP of Information Technology and our CISO regularly provide cyber threat intelligence briefings to management on the status of the Company’s security measures and our efforts to identify and mitigate risks from cybersecurity threats. Our SVP of Information Technology and CISO also work closely with our Chief Financial Officer and Chief Legal Officer to further enhance incident response procedures and to assess and manage risks from cybersecurity threats.
The Audit Committee of our Board of Directors (Audit Committee) oversees the Company’s overall enterprise risk assessment and risk management policies and guidelines, including risks related to cybersecurity matters. The Audit Committee provides periodic reports to the Board of Directors regarding its oversight of cybersecurity, information technology, data protection and related matters. Members of the Board of Directors also participate in table-top exercises involving simulated data security incidents and the Company’s responses to those incidents.The Audit Committee receives regular presentations and reports on cybersecurity risks, which address a wide range of topics including recent developments, evolving standards, vulnerability assessments, third-party and independent reviews, the threat environment, planned improvements to our cybersecurity program, and the status of information security initiatives. The Audit Committee also receives prompt and timely information regarding any cybersecurity incident that meets established reporting thresholds.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Our CISO has over 20 years of experience in information security, including more than 15 years of experience leading large-scale cybersecurity and privacy programs across various industries.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|The Audit Committee provides periodic reports to the Board of Directors regarding its oversight of cybersecurity, information technology, data protection and related matters. Members of the Board of Directors also participate in table-top exercises involving simulated data security incidents and the Company’s responses to those incidents.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef