|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Risk management and strategy
Our information security function is led by our Chief Information Officer, whose team is responsible for leading enterprise-wide cybersecurity strategy, policy, standards, architecture, and processes.
The information security function identifies and assesses risks from cybersecurity threats by monitoring and evaluating our threat environment and our risk profile using various methods including, for example, manual tools and automated tools, conducting scans of the threat environment, evaluating our and our industry’s risk profile, evaluating threats reported to us, internal and external audits, leveraging third party threat assessments, and conducting vulnerabilities assessments. In addition, our employees and contractors receive periodic training under our IT security policies, including simulated intrusion attempts, and are required to certify compliance with our cybersecurity practices. In February 2025, we obtained ISO 27001 certification for our information security management systems.
Depending on the environment or system, we implement and maintain various technical, physical, and organizational measures, processes, standards and policies designed to manage and mitigate material risks from cybersecurity threats to our Information Systems and Data, including, for example: an information security policy, access management procedures, data back-up and restoration policy, cyberattack response procedure, network security controls, data segregation for certain data, encryption of certain data, access controls, physical controls, systems monitoring, penetration testing, employee training, and cybersecurity insurance.
Our assessment and management of material risks from cybersecurity threats are integrated into our overall risk management processes. We use third-party service providers to assist us from time to time to identify, assess, and manage material risks from cybersecurity threats, including for example cybersecurity consultants, cybersecurity service providers, and penetration testing services. The results of those assessments and reviews are reported to senior management and the board of directors, including the Audit Committee, by the Head of IT, as appropriate.
In addition, updates on our cyber risks and threats, the status of projects to strengthen our information security systems, assessments of the information security program, and the emerging threat landscape may also be reported to senior management and the board of directors, including the Audit Committee, by the Head of IT, as appropriate. Our senior management team and board of directors include several members with operational experience overseeing IT operations, including risk assessment and implementation of security measures. As of the date of this report, we are not aware of any material risks from cybersecurity threats, that have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations, or financial condition.
We use third-party service providers to perform a variety of functions throughout our business, such as CROs, contract manufacturing organizations, and other distributors, including those who process clinical trial data on our behalf. Depending on the nature of the services provided, the sensitivity of the critical systems, information and assets at issue, and the identity of the provider, our third-party risk management process may involve different levels of assessment designed to help identify cybersecurity risks associated with a provider, including, for example, a review of security assessments and imposition of contractual obligations related to cybersecurity on the provider.
For a description of the risks from cybersecurity threats that may materially affect us and how they may do so, see our risk factors under Part 1. Item 1A. Risk Factors in this Annual Report, including “If our information technology systems or data, or those of third parties with whom we work, are or were compromised, we could experience adverse consequences resulting from such compromise, including but not limited to regulatory investigations or actions; litigation; fines and penalties; disruptions of our business operations; reputational harm; loss of revenue or profits; and other adverse consequences.”
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
Our information security function is led by our Chief Information Officer, whose team is responsible for leading enterprise-wide cybersecurity strategy, policy, standards, architecture, and processes.
The information security function identifies and assesses risks from cybersecurity threats by monitoring and evaluating our threat environment and our risk profile using various methods including, for example, manual tools and automated tools, conducting scans of the threat environment, evaluating our and our industry’s risk profile, evaluating threats reported to us, internal and external audits, leveraging third party threat assessments, and conducting vulnerabilities assessments. In addition, our employees and contractors receive periodic training under our IT security policies, including simulated intrusion attempts, and are required to certify compliance with our cybersecurity practices. In February 2025, we obtained ISO 27001 certification for our information security management systems.
Depending on the environment or system, we implement and maintain various technical, physical, and organizational measures, processes, standards and policies designed to manage and mitigate material risks from cybersecurity threats to our Information Systems and Data, including, for example: an information security policy, access management procedures, data back-up and restoration policy, cyberattack response procedure, network security controls, data segregation for certain data, encryption of certain data, access controls, physical controls, systems monitoring, penetration testing, employee training, and cybersecurity insurance.
Our assessment and management of material risks from cybersecurity threats are integrated into our overall risk management processes. We use third-party service providers to assist us from time to time to identify, assess, and manage material risks from cybersecurity threats, including for example cybersecurity consultants, cybersecurity service providers, and penetration testing services. The results of those assessments and reviews are reported to senior management and the board of directors, including the Audit Committee, by the Head of IT, as appropriate.
In addition, updates on our cyber risks and threats, the status of projects to strengthen our information security systems, assessments of the information security program, and the emerging threat landscape may also be reported to senior management and the board of directors, including the Audit Committee, by the Head of IT, as appropriate. Our senior management team and board of directors include several members with operational experience overseeing IT operations, including risk assessment and implementation of security measures. As of the date of this report, we are not aware of any material risks from cybersecurity threats, that have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations, or financial condition.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Governance
Management is responsible for identifying and assessing cybersecurity risks on an ongoing basis, establishing processes designed to ensure that such potential cybersecurity risk exposures are monitored, putting in place appropriate mitigation and remediation measures, and maintaining cybersecurity programs. Our cybersecurity programs are managed under the direction of our Head of IT and monitors the prevention, detection, mitigation, and remediation of cybersecurity risks. Management regularly updates the board of directors on the Company’s cybersecurity programs, material cybersecurity risks and mitigation strategies and provides regular cybersecurity updates.
Our board of directors has overall oversight responsibility for our risk management and has charged our Audit Committee with oversight of our cybersecurity risk management program. The board and Audit Committee are responsible for ensuring that management has policies and processes in place designed to identify, monitor, assess and respond to cybersecurity, data privacy and other information technology risks to which the Company is exposed and implement processes and programs to manage cybersecurity risks and mitigate cybersecurity threats and incidents.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Management is responsible for identifying and assessing cybersecurity risks on an ongoing basis, establishing processes designed to ensure that such potential cybersecurity risk exposures are monitored, putting in place appropriate mitigation and remediation measures, and maintaining cybersecurity programs.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Our cybersecurity programs are managed under the direction of our Head of IT and monitors the prevention, detection, mitigation, and remediation of cybersecurity risks. Management regularly updates the board of directors on the Company’s cybersecurity programs, material cybersecurity risks and mitigation strategies and provides regular cybersecurity updates.
|Cybersecurity Risk Role of Management [Text Block]
|Our board of directors has overall oversight responsibility for our risk management and has charged our Audit Committee with oversight of our cybersecurity risk management program.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|
Our board of directors has overall oversight responsibility for our risk management and has charged our Audit Committee with oversight of our cybersecurity risk management program. The board and Audit Committee are responsible for ensuring that management has policies and processes in place designed to identify, monitor, assess and respond to cybersecurity, data privacy and other information technology risks to which the Company is exposed and implement processes and programs to manage cybersecurity risks and mitigate cybersecurity threats and incidents.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|
Management is responsible for identifying and assessing cybersecurity risks on an ongoing basis, establishing processes designed to ensure that such potential cybersecurity risk exposures are monitored, putting in place appropriate mitigation and remediation measures, and maintaining cybersecurity programs. Our cybersecurity programs are managed under the direction of our Head of IT and monitors the prevention, detection, mitigation, and remediation of cybersecurity risks. Management regularly updates the board of directors on the Company’s cybersecurity programs, material cybersecurity risks and mitigation strategies and provides regular cybersecurity updates.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|
Our board of directors has overall oversight responsibility for our risk management and has charged our Audit Committee with oversight of our cybersecurity risk management program. The board and Audit Committee are responsible for ensuring that management has policies and processes in place designed to identify, monitor, assess and respond to cybersecurity, data privacy and other information technology risks to which the Company is exposed and implement processes and programs to manage cybersecurity risks and mitigate cybersecurity threats and incidents.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef