|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Risk Management and Strategy
We have implemented and maintain various information security processes designed to identify, assess, and manage material risks from cybersecurity threats to our critical computer networks, third party hosted services, communications systems, hardware and software, and our critical data, including intellectual property, confidential information that is proprietary, strategic or competitive in nature, employee personal information, and clinical trial data, or Information Systems and Data.
We leverage a third party service provider under the direction of our Chief Financial Officer, or CFO, to help management identify, assess and manage our cybersecurity threats and risks. With the assistance of our third-party service provider, we identify and assess risks from cybersecurity threats by monitoring and evaluating our threat environment and our risk profile using various methods including, for example, automated tools for ransomware and virus protection, identity verification tools aimed at ensuring authorized environment access, and ongoing vulnerability assessments.
Depending on the environment and system, we implement and maintain various technical, physical, and organizational measures and processes designed to manage and mitigate material risks from cybersecurity threats to our Information Systems and Data, including, for example: data encryption for certain data, network security controls, data segregation for certain data, access controls, physical security controls, monitoring for certain systems, asset management and tracking, and employee training. We also maintain cybersecurity insurance.
Our assessment and management of material risks from cybersecurity threats are taken into account in our overall risk management processes. For example, we evaluate identified material risks from cybersecurity threats against our overall business objectives and will report material risks, if identified, to the audit committee of the board of directors, which evaluates our overall enterprise risk.
We use third-party service providers to assist management to identify, assess, and manage material risks from cybersecurity threats, including for example, a managed security provider and professional services firms, including outside legal counsel.
We use third-party service providers to perform a variety of functions throughout our business, including, for example, application providers, hosting companies, contract research organizations, and contract manufacturing organizations. We have certain vendor management processes to help manage cybersecurity risks associated with our use of certain of these providers, and, depending on the nature of the services provided, the sensitivity of the Information Systems and Data at issue, and the identity of the provider, those processes may involve different levels of assessment and risk mitigation measures, including, for example, the imposition of contractual obligations related to cybersecurity on the provider.
Governance
Our board of directors addresses our cybersecurity risk management as part of its general oversight function. The audit committee of the board of directors is responsible for overseeing our cybersecurity risk management processes, including oversight and mitigation of risks from cybersecurity threats.
Our cybersecurity risk assessment and management processes are implemented and maintained by certain members of Company management, including our CFO, leveraging the expertise of our third party service provider. Our CFO has two years of oversight responsibilities for cybersecurity elements and has been involved in the oversight of the implementation of the Company’s current cybersecurity measures.
Currently, our CFO is responsible for hiring appropriate personnel, managing external third-party providers, helping to integrate cybersecurity risk considerations into our overall risk management strategy, communicating key priorities to relevant personnel, approving budgets, helping prepare for cybersecurity incidents, approving cybersecurity processes, and reviewing security assessments and other security-related reports.
Our cybersecurity incident response processes are designed to escalate certain cybersecurity incidents to members of management depending on the circumstances, including to our CFO. As part of those processes, members of management, including our CFO, would work to help the Company mitigate and remediate cybersecurity incidents of which they are notified. In addition, our incident response processes are designed to report certain cybersecurity incidents to the audit committee of the board of directors.
The audit committee receives periodic reports from management concerning our cybersecurity risks and the processes we have implemented to address them. The audit committee also has access to various reports, summaries or presentations related to cybersecurity threats, risk and mitigation.
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Our board of directors addresses our cybersecurity risk management as part of its general oversight function. The audit committee of the board of directors is responsible for overseeing our cybersecurity risk management processes, including oversight and mitigation of risks from cybersecurity threats.
Our cybersecurity risk assessment and management processes are implemented and maintained by certain members of Company management, including our CFO, leveraging the expertise of our third party service provider. Our CFO has two years of oversight responsibilities for cybersecurity elements and has been involved in the oversight of the implementation of the Company’s current cybersecurity measures.
Currently, our CFO is responsible for hiring appropriate personnel, managing external third-party providers, helping to integrate cybersecurity risk considerations into our overall risk management strategy, communicating key priorities to relevant personnel, approving budgets, helping prepare for cybersecurity incidents, approving cybersecurity processes, and reviewing security assessments and other security-related reports.
Our cybersecurity incident response processes are designed to escalate certain cybersecurity incidents to members of management depending on the circumstances, including to our CFO. As part of those processes, members of management, including our CFO, would work to help the Company mitigate and remediate cybersecurity incidents of which they are notified. In addition, our incident response processes are designed to report certain cybersecurity incidents to the audit committee of the board of directors.
The audit committee receives periodic reports from management concerning our cybersecurity risks and the processes we have implemented to address them. The audit committee also has access to various reports, summaries or presentations related to cybersecurity threats, risk and mitigation.
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|The audit committee of the board of directors is responsible for overseeing our cybersecurity risk management processes, including oversight and mitigation of risks from cybersecurity threats
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
Currently, our CFO is responsible for hiring appropriate personnel, managing external third-party providers, helping to integrate cybersecurity risk considerations into our overall risk management strategy, communicating key priorities to relevant personnel, approving budgets, helping prepare for cybersecurity incidents, approving cybersecurity processes, and reviewing security assessments and other security-related reports.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|Our cybersecurity incident response processes are designed to escalate certain cybersecurity incidents to members of management depending on the circumstances, including to our CFO. As part of those processes, members of management, including our CFO, would work to help the Company mitigate and remediate cybersecurity incidents of which they are notified. In addition, our incident response processes are designed to report certain cybersecurity incidents to the audit committee of the board of directors
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The audit committee of the board of directors is responsible for overseeing our cybersecurity risk management processes, including oversight and mitigation of risks from cybersecurity threats
|Cybersecurity Risk Role of Management [Text Block]
|
We leverage a third party service provider under the direction of our Chief Financial Officer, or CFO, to help management identify, assess and manage our cybersecurity threats and risks. With the assistance of our third-party service provider, we identify and assess risks from cybersecurity threats by monitoring and evaluating our threat environment and our risk profile using various methods including, for example, automated tools for ransomware and virus protection, identity verification tools aimed at ensuring authorized environment access, and ongoing vulnerability assessments.
Depending on the environment and system, we implement and maintain various technical, physical, and organizational measures and processes designed to manage and mitigate material risks from cybersecurity threats to our Information Systems and Data, including, for example: data encryption for certain data, network security controls, data segregation for certain data, access controls, physical security controls, monitoring for certain systems, asset management and tracking, and employee training. We also maintain cybersecurity insurance.
Our assessment and management of material risks from cybersecurity threats are taken into account in our overall risk management processes. For example, we evaluate identified material risks from cybersecurity threats against our overall business objectives and will report material risks, if identified, to the audit committee of the board of directors, which evaluates our overall enterprise risk.
We use third-party service providers to assist management to identify, assess, and manage material risks from cybersecurity threats, including for example, a managed security provider and professional services firms, including outside legal counsel.
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef