|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
We have implemented a risk-based approach to identify and assess the cybersecurity threats that could affect our business and information systems. We use recognized commercially reasonable measures, tools and methodologies designed to manage cybersecurity risk that are tested on a regular cadence. We also monitor and evaluate our cybersecurity posture on an ongoing basis through regular vulnerability scans, penetration tests and third-party reviews. We rely on third-party service providers to provide the systems required to effectively run our clinical trials and endeavor to require third-party service providers that have access to personal, confidential or proprietary information to implement and maintain cybersecurity practices. Specific controls that are used in appropriate portions of our environment include endpoint threat detection and response, identity and access management, privileged access management, logging and monitoring involving the use of security information and event management, multi-factor authentication, firewalls and intrusion detection and prevention, and vulnerability and patch management. Our cybersecurity risk management processes are integrated into our enterprise risk management program.
To manage our material risks from cybersecurity threats and to protect against, detect, and prepare to respond to cybersecurity incidents, we endeavor to:
•Monitor emerging data protection laws and implement changes to our processes to comply;
•Conduct annual cybersecurity management and incident training for employees that process sensitive data;
•Conduct onboarding and cybersecurity training for all employees on an ongoing basis;
•Conduct regular phishing email simulations for all employees; and
•Carry cybersecurity risk insurance meant to provide protection against the potential losses arising from a cybersecurity incident.
In addition, we engage several third-party consultants in connection with our risk assessment and risk management, and we have established separate processes and procedures to oversee and identify cybersecurity risks associated with third parties. All third parties involved in our cybersecurity risk assessments and risk management are required to provide reports designed to allow us to monitor and assess such third parties’ security controls.
Our incident response plan coordinates the activities that we and our third-party cybersecurity provider take to respond and recover from cybersecurity incidents, which include processes to triage, assess severity, investigate, escalate, contain, and remediate an incident, as well as to comply with legal obligations and attempt to mitigate brand and reputational damage. We have business continuity plans that we periodically review and update in line with our evolving applications architecture.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
We have implemented a risk-based approach to identify and assess the cybersecurity threats that could affect our business and information systems. We use recognized commercially reasonable measures, tools and methodologies designed to manage cybersecurity risk that are tested on a regular cadence. We also monitor and evaluate our cybersecurity posture on an ongoing basis through regular vulnerability scans, penetration tests and third-party reviews. We rely on third-party service providers to provide the systems required to effectively run our clinical trials and endeavor to require third-party service providers that have access to personal, confidential or proprietary information to implement and maintain cybersecurity practices. Specific controls that are used in appropriate portions of our environment include endpoint threat detection and response, identity and access management, privileged access management, logging and monitoring involving the use of security information and event management, multi-factor authentication, firewalls and intrusion detection and prevention, and vulnerability and patch management. Our cybersecurity risk management processes are integrated into our enterprise risk management program.
To manage our material risks from cybersecurity threats and to protect against, detect, and prepare to respond to cybersecurity incidents, we endeavor to:
•Monitor emerging data protection laws and implement changes to our processes to comply;
•Conduct annual cybersecurity management and incident training for employees that process sensitive data;
•Conduct onboarding and cybersecurity training for all employees on an ongoing basis;
•Conduct regular phishing email simulations for all employees; and
•Carry cybersecurity risk insurance meant to provide protection against the potential losses arising from a cybersecurity incident.
In addition, we engage several third-party consultants in connection with our risk assessment and risk management, and we have established separate processes and procedures to oversee and identify cybersecurity risks associated with third parties. All third parties involved in our cybersecurity risk assessments and risk management are required to provide reports designed to allow us to monitor and assess such third parties’ security controls.
Our incident response plan coordinates the activities that we and our third-party cybersecurity provider take to respond and recover from cybersecurity incidents, which include processes to triage, assess severity, investigate, escalate, contain, and remediate an incident, as well as to comply with legal obligations and attempt to mitigate brand and reputational damage. We have business continuity plans that we periodically review and update in line with our evolving applications architecture.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|Our Board of Directors provides oversight to our cybersecurity efforts to ensure effective governance in assessing and managing risks associated with cybersecurity threats.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
Our cybersecurity leadership team is responsible for assessing and managing cybersecurity risks and is made up of experienced professionals with an extensive background in information security, risk management, and incident response. This team is led by our Head of Information Technology. The Head of Information Technology is a senior technology strategist and thought leader with over two decades of experience in the bio pharma, life sciences, and high-tech sectors.status updates on various projects intended to enhance the overall cybersecurity posture of the Company, and information about the prevention, detection, mitigation and remediation of any cybersecurity incidents, as appropriate.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Our Head of Information Technology provides periodic updates to senior management and quarterly updates to the Board of Directors regarding our cybersecurity program, including information about cyber risk management governance, status updates on various projects intended to enhance the overall cybersecurity posture of the Company, and information about the prevention, detection, mitigation and remediation of any cybersecurity incidents, as appropriate.
|Cybersecurity Risk Role of Management [Text Block]
|
Our cybersecurity leadership team is responsible for assessing and managing cybersecurity risks and is made up of experienced professionals with an extensive background in information security, risk management, and incident response. This team is led by our Head of Information Technology. The Head of Information Technology is a senior technology strategist and thought leader with over two decades of experience in the bio pharma, life sciences, and high-tech sectors.
Our Board of Directors provides oversight to our cybersecurity efforts to ensure effective governance in assessing and managing risks associated with cybersecurity threats. Our Head of Information Technology provides periodic updates to senior management and quarterly updates to the Board of Directors regarding our cybersecurity program, including information about cyber risk management governance, status updates on various projects intended to enhance the overall cybersecurity posture of the Company, and information about the prevention, detection, mitigation and remediation of any cybersecurity incidents, as appropriate.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|
Our cybersecurity leadership team is responsible for assessing and managing cybersecurity risks and is made up of experienced professionals with an extensive background in information security, risk management, and incident response. This team is led by our Head of Information Technology. The Head of Information Technology is a senior technology strategist and thought leader with over two decades of experience in the bio pharma, life sciences, and high-tech sectors.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|
Our cybersecurity leadership team is responsible for assessing and managing cybersecurity risks and is made up of experienced professionals with an extensive background in information security, risk management, and incident response. This team is led by our Head of Information Technology. The Head of Information Technology is a senior technology strategist and thought leader with over two decades of experience in the bio pharma, life sciences, and high-tech sectors.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|Our Head of Information Technology provides periodic updates to senior management and quarterly updates to the Board of Directors regarding our cybersecurity program, including information about cyber risk management governance, status updates on various projects intended to enhance the overall cybersecurity posture of the Company, and information about the prevention, detection, mitigation and remediation of any cybersecurity incidents, as appropriate.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef