|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
The security of our sensitive business-related information and the personal information we collect, as well as our information systems, is important for our business. In the normal course of business, we may collect and store personal information and other sensitive information, including proprietary and confidential business information, trade secrets, intellectual property, information regarding study participants in connection with clinical studies, sensitive third-party information and employee information. We manage and maintain our applications and data utilizing a combination of on-site systems and cloud-based data centers. We utilize external security and infrastructure vendors to manage parts of our data centers. To protect this information, we have implemented a cybersecurity program, and have established oversight mechanisms designed to provide effective cybersecurity governance, risk management, and timely incident response. Our cybersecurity program takes into account recognized cybersecurity industry frameworks and standards including NIST-CSF, ISO 27001/27002 as well as HIPAA.
Our cybersecurity policies require that we implement and maintain monitoring and detection programs, network security precautions, encryption of critical data, and management of third-party risk. We maintain various protections designed to safeguard against cyberattacks, including but not limited to attack surface management, anti-phishing secure email gateways, log monitoring and analysis, cloud security posture management, endpoint detection and response, and network intrusion detection and prevention systems. We also have processes in place to prevent unauthorized access to data processing systems and facilities, including two-factor authentication, tiered approval processes and password complexity, and our employees and applicable contractors undergo mandatory privacy and security trainings annually. We have established and periodically test our disaster recovery plan and we protect against business interruption by backing up our major systems. In addition, we periodically scan our environment for any vulnerabilities, perform penetration testing and engage third parties to assess the effectiveness of our data security practices and compliance with applicable practices and standards. In addition, we maintain a third-party risk register to identify, prioritize and track risks, including those associated with our use of third-party service providers. We also maintain cybersecurity insurance coverage though it may not be sufficient to cover all costs of a cybersecurity incident.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
The security of our sensitive business-related information and the personal information we collect, as well as our information systems, is important for our business. In the normal course of business, we may collect and store personal information and other sensitive information, including proprietary and confidential business information, trade secrets, intellectual property, information regarding study participants in connection with clinical studies, sensitive third-party information and employee information. We manage and maintain our applications and data utilizing a combination of on-site systems and cloud-based data centers. We utilize external security and infrastructure vendors to manage parts of our data centers. To protect this information, we have implemented a cybersecurity program, and have established oversight mechanisms designed to provide effective cybersecurity governance, risk management, and timely incident response. Our cybersecurity program takes into account recognized cybersecurity industry frameworks and standards including NIST-CSF, ISO 27001/27002 as well as HIPAA.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Our cybersecurity program is led by a team of cybersecurity professionals. The program incorporates aspects of industry-standard frameworks, policies and practices designed to protect the privacy and security of our sensitive information. Senior members of our management, including our Chief Information Security Officer and Chief Information Officer, each of whom has over 10 years of experience in various roles involving information technology, including security, auditing, compliance, systems and programming, are responsible for assessing cybersecurity risk. Cybersecurity risk management is performed by the senior leadership of the cybersecurity team as well as members of our legal and privacy teams where relevant. These individuals are informed about, and monitor the prevention, mitigation, detection and remediation of cybersecurity incidents through their management of, and participation in, the cybersecurity risk management processes described above, including the operation and testing of our incident response plan. Additionally, our threat intelligence program issues a semi-annual report briefing to inform the security team about relevant cybersecurity events, significant vulnerabilities and vendor-related incidents.
Our Chief Information Security Officer reports to the full Board of Directors and the Nominating and Corporate Governance Committee on two occasions per year on information security and cybersecurity matters, or more frequently as needed. These reports generally cover various topics, which may include summaries of recent industry events or notable topics that may influence our cybersecurity risk perspective and security priorities; any actions taken in response to such events or topics; and a review of our top cybersecurity concerns and priorities. Our Nominating and Corporate Governance Committee has oversight responsibility for our data security practices and we believe the committee has the requisite skills and visibility into the design and operation of our data security practices to fulfill this responsibility effectively.
Despite the implementation of our cybersecurity program, our security measures cannot guarantee that a significant cyberattack will not occur. A successful attack on our information technology systems could have significant consequences to the business. As of the date of this Annual Report on Form 10-K, we are not aware of any material cybersecurity incidents or threats that have impacted our business. However, we and our customers have
experienced cybersecurity incidents and routinely face risks of cybersecurity incidents, wholly or partially beyond our control, as we rely heavily on our information technology systems. While we devote resources to our security measures to protect our systems and information, these measures cannot provide absolute security. See Part I, Item 1A. “Risk Factors” of this Annual Report on Form 10-K for additional information about the risks to our business associated with a cybersecurity incident affecting our information technology systems.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Our Chief Information Security Officer reports to the full Board of Directors and the Nominating and Corporate Governance Committee on two occasions per year on information security and cybersecurity matters, or more frequently as needed.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Our Chief Information Security Officer reports to the full Board of Directors and the Nominating and Corporate Governance Committee on two occasions per year on information security and cybersecurity matters, or more frequently as needed. These reports generally cover various topics, which may include summaries of recent industry events or notable topics that may influence our cybersecurity risk perspective and security priorities; any actions taken in response to such events or topics; and a review of our top cybersecurity concerns and priorities. Our Nominating and Corporate Governance Committee has oversight responsibility for our data security practices and we believe the committee has the requisite skills and visibility into the design and operation of our data security practices to fulfill this responsibility effectively.
|Cybersecurity Risk Role of Management [Text Block]
|
Our cybersecurity program is led by a team of cybersecurity professionals. The program incorporates aspects of industry-standard frameworks, policies and practices designed to protect the privacy and security of our sensitive information. Senior members of our management, including our Chief Information Security Officer and Chief Information Officer, each of whom has over 10 years of experience in various roles involving information technology, including security, auditing, compliance, systems and programming, are responsible for assessing cybersecurity risk. Cybersecurity risk management is performed by the senior leadership of the cybersecurity team as well as members of our legal and privacy teams where relevant. These individuals are informed about, and monitor the prevention, mitigation, detection and remediation of cybersecurity incidents through their management of, and participation in, the cybersecurity risk management processes described above, including the operation and testing of our incident response plan. Additionally, our threat intelligence program issues a semi-annual report briefing to inform the security team about relevant cybersecurity events, significant vulnerabilities and vendor-related incidents.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|
Our cybersecurity program is led by a team of cybersecurity professionals. The program incorporates aspects of industry-standard frameworks, policies and practices designed to protect the privacy and security of our sensitive information. Senior members of our management, including our Chief Information Security Officer and Chief Information Officer, each of whom has over 10 years of experience in various roles involving information technology, including security, auditing, compliance, systems and programming, are responsible for assessing cybersecurity risk. Cybersecurity risk management is performed by the senior leadership of the cybersecurity team as well as members of our legal and privacy teams where relevant. These individuals are informed about, and monitor the prevention, mitigation, detection and remediation of cybersecurity incidents through their management of, and participation in, the cybersecurity risk management processes described above, including the operation and testing of our incident response plan. Additionally, our threat intelligence program issues a semi-annual report briefing to inform the security team about relevant cybersecurity events, significant vulnerabilities and vendor-related incidents.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|The program incorporates aspects of industry-standard frameworks, policies and practices designed to protect the privacy and security of our sensitive information. Senior members of our management, including our Chief Information Security Officer and Chief Information Officer, each of whom has over 10 years of experience in various roles involving information technology, including security, auditing, compliance, systems and programming, are responsible for assessing cybersecurity risk.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|The program incorporates aspects of industry-standard frameworks, policies and practices designed to protect the privacy and security of our sensitive information. Senior members of our management, including our Chief Information Security Officer and Chief Information Officer, each of whom has over 10 years of experience in various roles involving information technology, including security, auditing, compliance, systems and programming, are responsible for assessing cybersecurity risk. Cybersecurity risk management is performed by the senior leadership of the cybersecurity team as well as members of our legal and privacy teams where relevant. These individuals are informed about, and monitor the prevention, mitigation, detection and remediation of cybersecurity incidents through their management of, and participation in, the cybersecurity risk management processes described above, including the operation and testing of our incident response plan. Additionally, our threat intelligence program issues a semi-annual report briefing to inform the security team about relevant cybersecurity events, significant vulnerabilities and vendor-related incidents.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef