|
Cybersecurity Risk Management, Strategy and Governance
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Cybersecurity Risk Management
We have implemented an information security program that is informed by, and incorporates elements of, industry standards and frameworks, including those issued by NIST (National Institute of Standards and Technology), ISO (International Organization for Standardization), and CIS (Center for Internet Security). Our security program is designed to identify, assess, manage, mitigate, and respond to cybersecurity threats.
Our cybersecurity risk management program includes a number of components, such as information security program assessments and ongoing monitoring of critical risks from cybersecurity threats using automated tools. We periodically engage third parties to conduct risk assessments and testing of our systems, including penetration testing and other vulnerability analyses. Additionally, we have implemented an employee education program that is designed to raise awareness of cybersecurity threats, including risks posed by phishing attempts. We have implemented a process for this training to be included during the employee onboarding process and periodically thereafter.
As part of our cybersecurity risk management program, we maintain processes to assess and review the cybersecurity practices of third-party vendors and service providers. Our process includes a security assessment informed by vendor questionnaires and contractual security requirements related to data privacy for certain vendors.
We, like other companies in our industry, face a number of cybersecurity risks in connection with our business. Although our business strategy, results of operations, and financial condition have not, to date, been materially affected by risks from cybersecurity threats, including as a result of previously identified cybersecurity incidents, we have, from time to time, experienced threats to and security incidents related to our data and systems, including phishing attacks and attacks to the security of the systems of our third-party vendors and service providers. For more information on our cybersecurity related risks, see “Our internal computer systems, or those used by our third-party collaborators, contractors or consultants, may fail or suffer security breaches, which could result in a material disruption of our development programs and business operations” in Item 1A- Risk Factors.
Governance
Our internal information security team is responsible for day-to-day operations related to our cybersecurity risk management strategy, including identifying, assessing, and managing cybersecurity threats and risks. We established a process that intends for our Incident Response Team to respond to and address incidents as they arise. The Incident Response Team is multidisciplinary and comprised of members of our information technology and security function, accounting and finance department, and legal department. This team is led by our Director of Security and Network Infrastructure. The Director of Security and Network Infrastructure role is currently held by an individual who has
approximately twenty (20) years of information technology and ten (10) years of information security related experience.
The Incident Response Team provides periodic reports to our Data Privacy and Security Committee, as well as our Chief Executive Officer and other members of our senior management, as appropriate. These reports include updates on the Company’s cybersecurity risk management program, assessments of current cybersecurity risks, and status updates for projects designed to enhance our information security systems. Our Data Privacy and Security Committee meets to further discuss such items on a monthly basis and reports periodically to the Audit Committee of the Board of Directors.
Our Board of Directors, as a whole and through its committees, has oversight responsibility over the Company’s strategy and risk management, including our response to critical risks related to cybersecurity threats. The Audit Committee of the Board of Directors specifically oversees the management of enterprise risks, including risks associated with privacy and data security (including cybersecurity), in accordance with its charter. The Audit Committee engages in periodic discussions, on at least a bi-annual basis, with a member of the Data Privacy and Security Committee as well as members of legal and executive leadership as appropriate regarding the Company’s significant financial risk exposures and the measures implemented to monitor and control these risks, including those that may result from critical cybersecurity threats. Executive leadership periodically reports on critical cybersecurity risks and risk management to the full Board of Directors.
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
We have implemented an information security program that is informed by, and incorporates elements of, industry standards and frameworks, including those issued by NIST (National Institute of Standards and Technology), ISO (International Organization for Standardization), and CIS (Center for Internet Security). Our security program is designed to identify, assess, manage, mitigate, and respond to cybersecurity threats.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block]
|
We, like other companies in our industry, face a number of cybersecurity risks in connection with our business. Although our business strategy, results of operations, and financial condition have not, to date, been materially affected by risks from cybersecurity threats, including as a result of previously identified cybersecurity incidents, we have, from time to time, experienced threats to and security incidents related to our data and systems, including phishing attacks and attacks to the security of the systems of our third-party vendors and service providers. For more information on our cybersecurity related risks, see “Our internal computer systems, or those used by our third-party collaborators, contractors or consultants, may fail or suffer security breaches, which could result in a material disruption of our development programs and business operations” in Item 1A- Risk Factors.
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Our Board of Directors, as a whole and through its committees, has oversight responsibility over the Company’s strategy and risk management, including our response to critical risks related to cybersecurity threats. The Audit Committee of the Board of Directors specifically oversees the management of enterprise risks, including risks associated with privacy and data security (including cybersecurity), in accordance with its charter. The Audit Committee engages in periodic discussions, on at least a bi-annual basis, with a member of the Data Privacy and Security Committee as well as members of legal and executive leadership as appropriate regarding the Company’s significant financial risk exposures and the measures implemented to monitor and control these risks, including those that may result from critical cybersecurity threats. Executive leadership periodically reports on critical cybersecurity risks and risk management to the full Board of Directors.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Our Board of Directors, as a whole and through its committees, has oversight responsibility over the Company’s strategy and risk management, including our response to critical risks related to cybersecurity threats. The Audit Committee of the Board of Directors specifically oversees the management of enterprise risks, including risks associated with privacy and data security (including cybersecurity), in accordance with its charter.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Audit Committee engages in periodic discussions, on at least a bi-annual basis, with a member of the Data Privacy and Security Committee as well as members of legal and executive leadership as appropriate regarding the Company’s significant financial risk exposures and the measures implemented to monitor and control these risks, including those that may result from critical cybersecurity threats. Executive leadership periodically reports on critical cybersecurity risks and risk management to the full Board of Directors.
|Cybersecurity Risk Role of Management [Text Block]
|
Our internal information security team is responsible for day-to-day operations related to our cybersecurity risk management strategy, including identifying, assessing, and managing cybersecurity threats and risks. We established a process that intends for our Incident Response Team to respond to and address incidents as they arise. The Incident Response Team is multidisciplinary and comprised of members of our information technology and security function, accounting and finance department, and legal department. This team is led by our Director of Security and Network Infrastructure. The Director of Security and Network Infrastructure role is currently held by an individual who has
approximately twenty (20) years of information technology and ten (10) years of information security related experience.
The Incident Response Team provides periodic reports to our Data Privacy and Security Committee, as well as our Chief Executive Officer and other members of our senior management, as appropriate. These reports include updates on the Company’s cybersecurity risk management program, assessments of current cybersecurity risks, and status updates for projects designed to enhance our information security systems. Our Data Privacy and Security Committee meets to further discuss such items on a monthly basis and reports periodically to the Audit Committee of the Board of Directors.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|
Our internal information security team is responsible for day-to-day operations related to our cybersecurity risk management strategy, including identifying, assessing, and managing cybersecurity threats and risks. We established a process that intends for our Incident Response Team to respond to and address incidents as they arise. The Incident Response Team is multidisciplinary and comprised of members of our information technology and security function, accounting and finance department, and legal department. This team is led by our Director of Security and Network Infrastructure. The Director of Security and Network Infrastructure role is currently held by an individual who has
approximately twenty (20) years of information technology and ten (10) years of information security related experience.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|This team is led by our Director of Security and Network Infrastructure. The Director of Security and Network Infrastructure role is currently held by an individual who has
approximately twenty (20) years of information technology and ten (10) years of information security related experience.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|The Incident Response Team provides periodic reports to our Data Privacy and Security Committee, as well as our Chief Executive Officer and other members of our senior management, as appropriate. These reports include updates on the Company’s cybersecurity risk management program, assessments of current cybersecurity risks, and status updates for projects designed to enhance our information security systems.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef