|
Cybersecurity Risk Management, Strategy, and Governance
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Item 1C. Cybersecurity
Risk management and strategy:
We face a number of cybersecurity risks in connection with our business and recognize the growing threat within the general marketplace and our industry. To help the Company address these risks, we have implemented a cybersecurity risk management program that is informed by recognized industry standards and frameworks and incorporates elements of the same, including elements of the National Institute of Standards and Technology Cybersecurity Framework. Our cybersecurity risk management program is integrated within our enterprise risk management program.
Our cybersecurity risk management program includes a number of components, including but not limited to a Cybersecurity Incident Response Plan (“CSIRP”), annual cybersecurity awareness training for our employees, security assessments, vendor risk management, regular system maintenance including application of security patches as appropriate, regular penetration testing and implementation of enhancements to security measures used to protect our systems and data. We employ third parties, including assessors, consultants and auditors, in our cyber risk management program as appropriate, e.g., training, assessment, auditing, benchmarking, and penetration testing.
Our CSIRP is designed to guide our incident response process for cybersecurity incidents that could affect our systems, network, or data. The CSIRP identifies the individuals responsible for developing, maintaining, and following appropriate procedures related to identified cybersecurity incidents, including a framework for identifying and addressing material cybersecurity incidents. We periodically test our CSIRP using tabletop exercises with the goal of improving our processes and preparedness.
Risks from cybersecurity threats have not to date materially affected us, including our business strategy, results of operations or financial condition. For more information about the cybersecurity risks we face, see the risk factor entitled “Our internal computer systems, or those of our collaborators or other contractors or consultants, may fail or suffer security breaches, incidents or compromises, which could result in a disruption of our operations and development efforts” in Item 1A. Risk Factors.
Governance:
The Board of Directors, as a whole and through its committees, has responsibility for the oversight of risk management, which includes ensuring that the risk management process implemented within our organization is appropriate and functioning as designed. The Audit Committee of our Board of Directors oversees cybersecurity risks pursuant to its charter, and our governance framework includes oversight by the Audit Committee. The Audit Committee, with assistance from our management, including our Head of Information Technology (“IT”), periodically reports to the full Board of Directors to inform them of potential cybersecurity risks and threats, the status of projects to further develop our information security systems, and the emerging cybersecurity threat landscape.
Our Head of IT has primary responsibility for day-to-day management of our cybersecurity risk management program, including leading a dedicated team of IT professionals to monitor and assess cybersecurity risks, and is responsible for strategic leadership of our cybersecurity risk management program. The Head of IT role is currently held by an individual who has close to twenty years of professional IT management experience in the life sciences industry. Our Head of IT also provides regular updates on
our cybersecurity risk to our executive leadership team and other management committees responsible for IT and cybersecurity risk management. Under our CSIRP and other applicable policies and procedures, we have established a framework for responding to cybersecurity incidents based on severity of the incident, which includes escalation to our executive leadership team and other management committees and assessment of materiality of cybersecurity incidents individually and in the aggregate.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|we have implemented a cybersecurity risk management program that is informed by recognized industry standards and frameworks and incorporates elements of the same, including elements of the National Institute of Standards and Technology Cybersecurity Framework. Our cybersecurity risk management program is integrated within our enterprise risk management program.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
The Board of Directors, as a whole and through its committees, has responsibility for the oversight of risk management, which includes ensuring that the risk management process implemented within our organization is appropriate and functioning as designed. The Audit Committee of our Board of Directors oversees cybersecurity risks pursuant to its charter, and our governance framework includes oversight by the Audit Committee. The Audit Committee, with assistance from our management, including our Head of Information Technology (“IT”), periodically reports to the full Board of Directors to inform them of potential cybersecurity risks and threats, the status of projects to further develop our information security systems, and the emerging cybersecurity threat landscape.
our cybersecurity risk to our executive leadership team and other management committees responsible for IT and cybersecurity risk management. Under our CSIRP and other applicable policies and procedures, we have established a framework for responding to cybersecurity incidents based on severity of the incident, which includes escalation to our executive leadership team and other management committees and assessment of materiality of cybersecurity incidents individually and in the aggregate
Our Head of IT has primary responsibility for day-to-day management of our cybersecurity risk management program, including leading a dedicated team of IT professionals to monitor and assess cybersecurity risks, and is responsible for strategic leadership of our cybersecurity risk management program. The Head of IT role is currently held by an individual who has close to twenty years of professional IT management experience in the life sciences industry. Our Head of IT also provides regular updates on
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Audit Committee of our Board of Directors oversees cybersecurity risks pursuant to its charter, and our governance framework includes oversight by the Audit Committee.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Audit Committee, with assistance from our management, including our Head of Information Technology (“IT”), periodically reports to the full Board of Directors to inform them of potential cybersecurity risks and threats, the status of projects to further develop our information security systems, and the emerging cybersecurity threat landscape.
|Cybersecurity Risk Role of Management [Text Block]
|
Our Head of IT has primary responsibility for day-to-day management of our cybersecurity risk management program, including leading a dedicated team of IT professionals to monitor and assess cybersecurity risks, and is responsible for strategic leadership of our cybersecurity risk management program. The Head of IT role is currently held by an individual who has close to twenty years of professional IT management experience in the life sciences industry. Our Head of IT also provides regular updates on
our cybersecurity risk to our executive leadership team and other management committees responsible for IT and cybersecurity risk management. Under our CSIRP and other applicable policies and procedures, we have established a framework for responding to cybersecurity incidents based on severity of the incident, which includes escalation to our executive leadership team and other management committees and assessment of materiality of cybersecurity incidents individually and in the aggregate.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|Our Head of IT has primary responsibility for day-to-day management of our cybersecurity risk management program, including leading a dedicated team of IT professionals to monitor and assess cybersecurity risks, and is responsible for strategic leadership of our cybersecurity risk management program.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|The Head of IT role is currently held by an individual who has close to twenty years of professional IT management experience in the life sciences industry.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|Our Head of IT also provides regular updates on
our cybersecurity risk to our executive leadership team and other management committees responsible for IT and cybersecurity risk management. Under our CSIRP and other applicable policies and procedures, we have established a framework for responding to cybersecurity incidents based on severity of the incident, which includes escalation to our executive leadership team and other management committees and assessment of materiality of cybersecurity incidents individually and in the aggregate.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef