|
Cybersecurity Risk Management, Strategy, and Governance
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Item 1C. Cybersecurity.
Cybersecurity Risk Management Strategy
We have implemented various processes and policies for identifying, assessing, and managing material risks from cybersecurity threats. Our cybersecurity risk management strategy is designed following the Cybersecurity Framework set by the National Institute of Standard and Technology, or NIST.
We assess our information technology, or IT, environment against the NIST Cybersecurity Framework, as well as various cyber-attack vectors, working to identify and remediate risks. We implement reasonable administrative, technical and procedural safeguards to manage cybersecurity risks, for example, by enforcing single sign-on or multi-factor authentication where supported, and the use of mobile device management to secure company resources on employee personal devices. Additionally, we engage third-party cybersecurity experts to assess the security of our network and perform continuous system monitoring, and we engage a third party to perform internal audits of our IT General Controls, or ITGCs. We have implemented certain processes to oversee and identify risks from cybersecurity threats associated with our use of third-party service providers, for example, by evaluating such service providers’ own cybersecurity processes and reviewing available certification and audit reports, including International Organization for Standardization, or ISO, certifications for information security management systems, and System and Organization Controls, or SOC, reports.
At this time, we have not experienced cybersecurity incidents, or are aware of any risks from cybersecurity threats, that have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations, or financial condition.
Cybersecurity Governance
Board of Directors
Our board of directors is responsible for general oversight and regular review of information regarding our risks, including cybersecurity risks. Members of management communicate an overview of our current cybersecurity environment to our board of directors at least annually and provide updates to our board of directors regarding cybersecurity matters periodically throughout the year. Additionally, our third-party auditors inform the audit committee of our board of directors of our ITGC framework and control testing results, which include controls related to cybersecurity risks. Further, management has established cybersecurity incident response processes for escalating the communication of cybersecurity incidents up to the board of directors, as appropriate.
Management
Material risks from cybersecurity threats are assessed and managed by a dedicated team comprised of internal and external IT professionals experienced in cybersecurity threat risk management, who ultimately report to our senior vice president, finance and accounting. Our senior vice president, finance and accounting has extensive operational and leadership experience overseeing accounting and finance functions at various organizations, including oversight of critical accounting and finance IT systems. Our senior IT consultant has over 20 years of experience with IT and cybersecurity risk management, having served in senior executive-level IT positions at multiple Fortune 500 companies and companies within the life sciences industry.
Our team of IT professionals, which continuously monitors our IT environment for cybersecurity threats and incidents, routinely reports on cybersecurity incident prevention, detection, mitigation, and remediation efforts to our senior vice president, finance and accounting and chief compliance officer. Additionally, we have established policies addressing processes for responding to potential cybersecurity
incidents, including assessment, communication, and remediation protocols. Our incident response processes further provide for the escalation of cybersecurity incidents to our executive management team and board of directors, as appropriate.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Board of Directors
Our board of directors is responsible for general oversight and regular review of information regarding our risks, including cybersecurity risks. Members of management communicate an overview of our current cybersecurity environment to our board of directors at least annually and provide updates to our board of directors regarding cybersecurity matters periodically throughout the year. Additionally, our third-party auditors inform the audit committee of our board of directors of our ITGC framework and control testing results, which include controls related to cybersecurity risks. Further, management has established cybersecurity incident response processes for escalating the communication of cybersecurity incidents up to the board of directors, as appropriate.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Our board of directors is responsible for general oversight and regular review of information regarding our risks, including cybersecurity risks.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Members of management communicate an overview of our current cybersecurity environment to our board of directors at least annually and provide updates to our board of directors regarding cybersecurity matters periodically throughout the year.
|Cybersecurity Risk Role of Management [Text Block]
|
Management
Material risks from cybersecurity threats are assessed and managed by a dedicated team comprised of internal and external IT professionals experienced in cybersecurity threat risk management, who ultimately report to our senior vice president, finance and accounting. Our senior vice president, finance and accounting has extensive operational and leadership experience overseeing accounting and finance functions at various organizations, including oversight of critical accounting and finance IT systems. Our senior IT consultant has over 20 years of experience with IT and cybersecurity risk management, having served in senior executive-level IT positions at multiple Fortune 500 companies and companies within the life sciences industry.
Our team of IT professionals, which continuously monitors our IT environment for cybersecurity threats and incidents, routinely reports on cybersecurity incident prevention, detection, mitigation, and remediation efforts to our senior vice president, finance and accounting and chief compliance officer. Additionally, we have established policies addressing processes for responding to potential cybersecurity
incidents, including assessment, communication, and remediation protocols. Our incident response processes further provide for the escalation of cybersecurity incidents to our executive management team and board of directors, as appropriate.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|Material risks from cybersecurity threats are assessed and managed by a dedicated team comprised of internal and external IT professionals experienced in cybersecurity threat risk management
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Our senior vice president, finance and accounting has extensive operational and leadership experience overseeing accounting and finance functions at various organizations, including oversight of critical accounting and finance IT systems. Our senior IT consultant has over 20 years of experience with IT and cybersecurity risk management, having served in senior executive-level IT positions at multiple Fortune 500 companies and companies within the life sciences industry.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|Our team of IT professionals, which continuously monitors our IT environment for cybersecurity threats and incidents, routinely reports on cybersecurity incident prevention, detection, mitigation, and remediation efforts to our senior vice president, finance and accounting and chief compliance officer.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef