|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Cyber Risk Management and Strategy
Under the guidance of the IT Steering Committee, Chief Operating Officer and General Counsel, and Head of IT, we have adopted cybersecurity risk management processes that are designed to address the identification of assets potentially at risk from cybersecurity threats, identification of potential sources of cybersecurity threats, assessment of protections to address cybersecurity threats, and the management of cybersecurity risks.
Under the direction of our Chief Operating Officer and General Counsel, working with our Head of IT, we have engaged a third-party cybersecurity firm, which provides cybersecurity support services for governance and security operations. Our cybersecurity firm is responsible for monitoring our information systems and implementing procedures to mitigate cyber risks. The cybersecurity firm keeps the Company apprised of threats in the cybersecurity landscape through various means, including through threat intelligence and research sources, discussions with industry peers, security alerts, and security conferences and events, as appropriate.
The cybersecurity firm also manages our network monitoring, designed to identify potential security risks, and conducts regular testing, scanning, and other vulnerability analyses. We previously engaged a third party to conduct an information technology audit, which was informed by industry standards. We have also implemented a process to require employees to complete, upon onboarding and annually, a cybersecurity education program that is designed to raise awareness of cybersecurity threats and risks through training and simulations.
We have a process to review security features for adherence to applicable regulatory requirements and financial controls before purchasing certain third party technology or other solutions that involve exposure to the Company’s assets or electronic information. From time to time, after the technology is in place, we may also conduct periodic reviews of available security documentation such as audit reporting and certifications.Although, as of the date of this report on Form 10-K, risks from cybersecurity threats have not materially affected, and we do not believe they are reasonably likely to materially affect us, our business strategy, results of operations or financial condition, we could, from time to time, experience threats and security incidents relating to our and our third party vendors’ information systems.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
Under the guidance of the IT Steering Committee, Chief Operating Officer and General Counsel, and Head of IT, we have adopted cybersecurity risk management processes that are designed to address the identification of assets potentially at risk from cybersecurity threats, identification of potential sources of cybersecurity threats, assessment of protections to address cybersecurity threats, and the management of cybersecurity risks.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Governance Related to Cybersecurity Risks
Our board of directors has overall oversight responsibility for our risk management, and delegates its oversight of risk assessment and management guidelines to the audit committee of the board of directors. Members of the audit committee receive periodic updates from senior management regarding matters of cybersecurity. These discussions may include updates on management’s efforts to address and mitigate cybersecurity risks, cybersecurity incidents (if any), and the status of key information security initiatives.Under the oversight of our Chief Executive Officer (CEO) and executive management team, we have constituted an Information Technology (IT) Steering Committee that has primary responsibility for overseeing our management of cybersecurity risks. The IT Steering Committee is chaired by our Chief Operating Officer and General Counsel, supported by an external IT consultant who operates as our Head of Information Technology (Head of IT) and an external cybersecurity firm. Other members of the IT Steering Committee include representatives from clinical development, technical operations, finance, human resources, business operations and legal.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Our board of directors has overall oversight responsibility for our risk management, and delegates its oversight of risk assessment and management guidelines to the audit committee of the board of directors.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Members of the audit committee receive periodic updates from senior management regarding matters of cybersecurity. These discussions may include updates on management’s efforts to address and mitigate cybersecurity risks, cybersecurity incidents (if any), and the status of key information security initiatives.
|Cybersecurity Risk Role of Management [Text Block]
|
Our Head of IT, working with our third-party cybersecurity firm, Chief Operating Officer and General Counsel, and the IT Steering Committee, assesses and manages our cybersecurity threat management processes. Our Head of IT has 34 years of information technology experience, building and leading teams in the pharmaceutical and biotechnology industries, and has worked with a variety of institutions to implement, manage, and scale the information technology function, including cybersecurity programs. These entities have included publicly-traded companies and smaller startups. His experience also includes developing and maintaining tools and processes to protect internal networks, research and clinical databases, and supplier payment information and financial systems.
The IT Steering Committee meets as circumstances warrant, to discuss and monitor prevention, detection, mitigation and remediation of risks from cybersecurity threats. The Head of IT provides updates to the Chief Operating Officer and General Counsel who communicates with the executive management team, and, as needed, the Audit Committee, on cybersecurity developments.
In addition, our IT Security Team is responsible for reviewing the results of our cybersecurity assessments and related cybersecurity strategies as well as emerging threats in the cybersecurity landscape. The IT Security Team meets regularly and includes members from our cybersecurity firm and internal IT team.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|Our Head of IT, working with our third-party cybersecurity firm, Chief Operating Officer and General Counsel, and the IT Steering Committee, assesses and manages our cybersecurity threat management processes.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Our Head of IT has 34 years of information technology experience, building and leading teams in the pharmaceutical and biotechnology industries, and has worked with a variety of institutions to implement, manage, and scale the information technology function, including cybersecurity programs. These entities have included publicly-traded companies and smaller startups. His experience also includes developing and maintaining tools and processes to protect internal networks, research and clinical databases, and supplier payment information and financial systems.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|The IT Steering Committee meets as circumstances warrant, to discuss and monitor prevention, detection, mitigation and remediation of risks from cybersecurity threats. The Head of IT provides updates to the Chief Operating Officer and General Counsel who communicates with the executive management team, and, as needed, the Audit Committee, on cybersecurity developments.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef