|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Cybersecurity risks are a growing threat to us and other businesses, including our CROs, CMOs, and other third-party providers, which are vulnerable to cyberattacks, malware, and other system failures that may result in unauthorized access, damage, and other harms to our business or reputation. Protecting the confidentiality, integrity, and availability of our business information, intellectual property, customer, patient and employee data, and technology systems is critical to our business and operations, ability to comply with regulatory requirements, and reputation. Accordingly, cybersecurity is an important and integrated part of the Company’s enterprise risk management function that identifies, monitors, and mitigates business, operational, and legal risks.
Accordingly, we have established cybersecurity standards, policies, and operating procedures, including our Global IT Policy and Information Security Policy and our incident response plan, for the purpose of implementing information protection processes and technologies; carrying out cybersecurity risk detection, identification, assessment, response, and monitoring; assigning responsibility within our organization for risk detection and oversight; implementing cybersecurity training; governing internal communications regarding cybersecurity risks; and making required public and regulatory disclosures regarding cybersecurity threats and incidents. We oversee risks from cybersecurity threats associated with our use of third-party service providers by requiring our vendors to agree that they have and will maintain appropriate cybersecurity controls, such as through standard contractual provisions, and by coordinating with key vendors with respect to integration with our systems. Our cybersecurity risk management program is based on the NIST framework.
Key components of our cybersecurity risk management program include the use of third-party service providers, as appropriate, to assess, test, or otherwise assist with aspects of our security processes. For example, we employed a third-party cyber risk consultant to assess our overall cybersecurity risk framework against NIST standards. We have also engaged third-party experts to perform penetration testing of our IT systems, and we have considered the results of such tests to enhance our cybersecurity systems and controls, as appropriate.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|Accordingly, cybersecurity is an important and integrated part of the Company’s enterprise risk management function that identifies, monitors, and mitigates business, operational, and legal risks. Accordingly, we have established cybersecurity standards, policies, and operating procedures, including our Global IT Policy and Information Security Policy and our incident response plan, for the purpose of implementing information protection processes and technologies; carrying out cybersecurity risk detection, identification, assessment, response, and monitoring; assigning responsibility within our organization for risk detection and oversight; implementing cybersecurity training; governing internal communications regarding cybersecurity risks; and making required public and regulatory disclosures regarding cybersecurity threats and incidents.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Our Audit Committee assists our Board in overseeing cybersecurity risk management and the integrity of our information technology systems, processes, and data. Periodically, the Audit Committee reviews and discusses with management, our internal auditor, and, in its discretion, third party vendors or other external experts, the adequacy of
security for our information technology systems, processes, and data; our incident response and contingency plans in the event of a breakdown or security breach affecting the security of our information technology systems or data or the information technology systems, processes, and data of our clients; and any new threats or incidents that have or may impact us. The Audit Committee receives reports on the operation of such programs from the Chief Operating Officer, Chief Legal Officer, and/or the IT Department, as appropriate. The Audit Committee also reviews management reports regarding the evolving threat environment, vulnerability assessments, and specific cybersecurity incidents. Periodically, the Audit Committee reports on cybersecurity matters, incidents, and risk oversight to the Board. The Board also receives briefings from management on our cybersecurity risk management program.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Our Audit Committee assists our Board in overseeing cybersecurity risk management and the integrity of our information technology systems, processes, and data.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Periodically, the Audit Committee reviews and discusses with management, our internal auditor, and, in its discretion, third party vendors or other external experts, the adequacy of
security for our information technology systems, processes, and data; our incident response and contingency plans in the event of a breakdown or security breach affecting the security of our information technology systems or data or the information technology systems, processes, and data of our clients; and any new threats or incidents that have or may impact us. The Audit Committee receives reports on the operation of such programs from the Chief Operating Officer, Chief Legal Officer, and/or the IT Department, as appropriate. The Audit Committee also reviews management reports regarding the evolving threat environment, vulnerability assessments, and specific cybersecurity incidents. Periodically, the Audit Committee reports on cybersecurity matters, incidents, and risk oversight to the Board. The Board also receives briefings from management on our cybersecurity risk management program.
|Cybersecurity Risk Role of Management [Text Block]
|
Our management, including leaders from our IT, information security, legal, and compliance teams, is responsible for implementing our cybersecurity standards, policies, and operating procedures, under the ultimate oversight of our Chief Operating Officer. We regularly discuss and assess cybersecurity risks as part of our Risk Coordination Council, which brings together senior leaders across the Company to address various risk issues. In addition, our Global Compliance Committee, which is comprised of leaders from senior management, legal, compliance, finance, HR, and internal audit, discusses significant risk issues affecting the Company, including with respect to cybersecurity issues, as appropriate. Members of our information security team, which includes personnel in the United States and China, collectively have decades of experience with information technology and cybersecurity systems, implementation, and oversight in the jurisdictions in which we operate. Under our incident response plan and our related information security policies and procedures, our information security personnel are responsible for promptly notifying senior management, including leaders in our legal and compliance departments, about any new cybersecurity incident or threat that may require management evaluation or response.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|Our management, including leaders from our IT, information security, legal, and compliance teams, is responsible for implementing our cybersecurity standards, policies, and operating procedures, under the ultimate oversight of our Chief Operating Officer.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Members of our information security team, which includes personnel in the United States and China, collectively have decades of experience with information technology and cybersecurity systems, implementation, and oversight in the jurisdictions in which we operate.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|We regularly discuss and assess cybersecurity risks as part of our Risk Coordination Council, which brings together senior leaders across the Company to address various risk issues. In addition, our Global Compliance Committee, which is comprised of leaders from senior management, legal, compliance, finance, HR, and internal audit, discusses significant risk issues affecting the Company, including with respect to cybersecurity issues, as appropriate. Members of our information security team, which includes personnel in the United States and China, collectively have decades of experience with information technology and cybersecurity systems, implementation, and oversight in the jurisdictions in which we operate. Under our incident response plan and our related information security policies and procedures, our information security personnel are responsible for promptly notifying senior management, including leaders in our legal and compliance departments, about any new cybersecurity incident or threat that may require management evaluation or response.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef