|
Cybersecurity Risk Management, Strategy and Governance
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Item 1C. Cybersecurity.
Cybersecurity Risk Management
In the ordinary course of our business, we use, store and process data including data of our employees, partners, collaborators, and vendors. We also process anonymized information about participants in clinical trials involving certain of our product candidates. We have implemented a cybersecurity risk management program that is designed to identify, assess, and mitigate risks from cybersecurity threats to this data and our systems.
Our cybersecurity risk management program includes a number of components, including information security program assessments and continuous monitoring of critical risks from cybersecurity threats using automated tools. We periodically engage third parties to conduct risk assessments on our systems, including penetration testing and other vulnerability analyses. Our finance department, with the assistance of outside technical advisors, periodically conducts an internal assessment of different systems to
assess our risk management processes, including cybersecurity risk management. Additionally, we have implemented an employee education program that is designed to raise awareness of cybersecurity threats, including risks posed by phishing attempts. This training is included during the employee onboarding process and periodically thereafter. As part of our cybersecurity risk management program, we maintain processes to assess and review the cybersecurity practices of third-party vendors and suppliers. Prior to engaging third-party vendors and key suppliers, we conduct a security assessment and, as appropriate, include security requirements in contracts. We, like other companies in our industry, face a number of cybersecurity risks in connection with our business. Although our business strategy, results of operations, and financial condition have not, to date, been materially affected by risks from cybersecurity threats, including as a result of previously identified cybersecurity incidents, we have, from time to time, experienced threats to and security incidents related to our data and systems, including phishing attacks. For more information on our cybersecurity related risks, see “Risk Factors—Risks Related to Information Security and Privacy—Our Internal Information Technology Systems, Or Those Of Our Collaborators Or Other Contractors Or Consultants, May Fail Or Suffer Security Breaches, Which Could Result In A Material Disruption Of Our Product Development Programs.”
Governance
Under the ultimate direction of our chief executive officer, or CEO, and our executive management team (including our General Counsel who serves as our Chief Compliance Officer), with oversight from our audit committee of the board of directors, or Audit Committee, our Head of Information Technology, or Head of IT, has primary responsibility for assessing, operating and managing our cybersecurity threat management program. Our Head of IT meets periodically with our Chief Compliance Officer to discuss current developments in the cybersecurity landscape and our cybersecurity risk management program, including providing updates regarding the sources and nature of critical risks we face and how the IT department assesses those risks, including the likelihood of such risks, the severity of impact, and progress on vulnerability remediation.
Our Chief Compliance Officer and Head of IT consult with other members of our information technology department, and with third parties with expertise in cybersecurity, to develop strategies to assess, address and align cybersecurity efforts with our business objectives and operational requirements. The Head of IT role is currently held by an individual who has over 20 years of experience with information security and business systems, including digital infrastructure and cybersecurity.
As part of our board of directors’ enterprise risk management program, our board of directors has responsibility for oversight of cybersecurity risk management. Our board of directors has delegated to our Audit Committee oversight of our cybersecurity risk management program, including oversight of information security and cybersecurity threats and related compliance and disclosure requirements. On an annual basis, our Head of IT provide an update to our Audit Committee regarding our cybersecurity risk management program, including as relates to critical cybersecurity risks, ongoing cybersecurity initiatives and strategies, and applicable regulatory requirements and industry standards. The Audit Committee periodically reports on cybersecurity risk management to the full board of directors.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Governance
Under the ultimate direction of our chief executive officer, or CEO, and our executive management team (including our General Counsel who serves as our Chief Compliance Officer), with oversight from our audit committee of the board of directors, or Audit Committee, our Head of Information Technology, or Head of IT, has primary responsibility for assessing, operating and managing our cybersecurity threat management program. Our Head of IT meets periodically with our Chief Compliance Officer to discuss current developments in the cybersecurity landscape and our cybersecurity risk management program, including providing updates regarding the sources and nature of critical risks we face and how the IT department assesses those risks, including the likelihood of such risks, the severity of impact, and progress on vulnerability remediation.
Our Chief Compliance Officer and Head of IT consult with other members of our information technology department, and with third parties with expertise in cybersecurity, to develop strategies to assess, address and align cybersecurity efforts with our business objectives and operational requirements. The Head of IT role is currently held by an individual who has over 20 years of experience with information security and business systems, including digital infrastructure and cybersecurity.
As part of our board of directors’ enterprise risk management program, our board of directors has responsibility for oversight of cybersecurity risk management. Our board of directors has delegated to our Audit Committee oversight of our cybersecurity risk management program, including oversight of information security and cybersecurity threats and related compliance and disclosure requirements. On an annual basis, our Head of IT provide an update to our Audit Committee regarding our cybersecurity risk management program, including as relates to critical cybersecurity risks, ongoing cybersecurity initiatives and strategies, and applicable regulatory requirements and industry standards. The Audit Committee periodically reports on cybersecurity risk management to the full board of directors.
|Cybersecurity Risk Role of Management [Text Block]
|Under the ultimate direction of our chief executive officer, or CEO, and our executive management team (including our General Counsel who serves as our Chief Compliance Officer), with oversight from our audit committee of the board of directors, or Audit Committee, our Head of Information Technology, or Head of IT, has primary responsibility for assessing, operating and managing our cybersecurity threat management program.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|As part of our board of directors’ enterprise risk management program, our board of directors has responsibility for oversight of cybersecurity risk management. Our board of directors has delegated to our Audit Committee oversight of our cybersecurity risk management program, including oversight of information security and cybersecurity threats and related compliance and disclosure requirements.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|
Our Chief Compliance Officer and Head of IT consult with other members of our information technology department, and with third parties with expertise in cybersecurity, to develop strategies to assess, address and align cybersecurity efforts with our business objectives and operational requirements. The Head of IT role is currently held by an individual who has over 20 years of experience with information security and business systems, including digital infrastructure and cybersecurity.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|On an annual basis, our Head of IT provide an update to our Audit Committee regarding our cybersecurity risk management program, including as relates to critical cybersecurity risks, ongoing cybersecurity initiatives and strategies, and applicable regulatory requirements and industry standards.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef