|
Cybersecurity Risk Management, Strategy, and Governance
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Item 1C. Cybersecurity.
We have certain processes for assessing, identifying and managing cybersecurity risks, which are built into our overall risk management program/information technology function and are designed to help protect our information assets and operations from internal and external cyber threats, protect employee and clinical trial information from unauthorized access or attack, as well as secure our networks and systems. Such processes include physical, procedural and technical safeguards, response plans, regular tests on our systems, incident simulations and routine review of our policies and procedures to identify risks and enhance our practices. We engage certain external parties, including consultants, independent privacy assessors, computer security firms and risk management, peer companies, industry groups and governance experts, to enhance our cybersecurity oversight. We consider the internal risk oversight programs of third-party service providers before engaging them in order to help protect our company from any related vulnerabilities.
Based on an assessment using these processes, we do not believe that there are currently any risks from known cybersecurity threats that are reasonably likely to materially affect our company or our business strategy, results of operations or financial condition. For additional information, please see the risk factor titled “Our internal computer systems, or those of our third-party vendors, collaborators or other contractors or consultants, may fail or suffer security breaches, which could result in a material disruption of our product development programs, compromise sensitive information related to our business or prevent us from accessing critical information, potentially exposing us to liability or otherwise adversely affecting our business.” under Item 1A., Risk factors—General risk factors, in this Annual Report on Form 10-K.
The Audit Committee of our board of directors provides direct oversight over cybersecurity risk, and provides updates to the board of directors regarding such oversight. The Audit Committee receives updates quarterly from management regarding cybersecurity matters, and is notified between such updates regarding significant new cybersecurity threats or incidents.
Our Vice President of Information Security, or the VP, IS, leads the operational oversight of company-wide cybersecurity strategy, policy, standards and processes and works across relevant departments to assess and help prepare us and our employees and third-party service providers to address cybersecurity risks. The VP, IS’s cybersecurity training includes 25 years of experience building and maintaining cybersecurity programs, and he obtained his certified information systems security professional, or CISSP, certification from the International Information System Security Certification Consortium, or ISC2, and his Cybersecurity and Infrastructure Security Agency, or CISA, certification from ISACA.
In an effort to deter and detect cyber threats, we annually provide all employees, including part-time and temporary employees, with a data protection, cybersecurity and incident response and prevention training and compliance program, which covers timely and relevant topics. Past topics have included social engineering, phishing, password protection, confidential data protection, asset use and mobile security, and educate employees on the importance of reporting all incidents immediately. We also use technology-based tools to mitigate cybersecurity risks and to bolster our employee-based cybersecurity programs.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|We have certain processes for assessing, identifying and managing cybersecurity risks, which are built into our overall risk management program/information technology function and are designed to help protect our information assets and operations from internal and external cyber threats
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
The Audit Committee of our board of directors provides direct oversight over cybersecurity risk, and provides updates to the board of directors regarding such oversight. The Audit Committee receives updates quarterly from management regarding cybersecurity matters, and is notified between such updates regarding significant new cybersecurity threats or incidents.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Audit Committee of our board of directors provides direct oversight over cybersecurity risk, and provides updates to the board of directors regarding such oversight.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Audit Committee receives updates quarterly from management regarding cybersecurity matters, and is notified between such updates regarding significant new cybersecurity threats or incidents.
|Cybersecurity Risk Role of Management [Text Block]
|
Our Vice President of Information Security, or the VP, IS, leads the operational oversight of company-wide cybersecurity strategy, policy, standards and processes and works across relevant departments to assess and help prepare us and our employees and third-party service providers to address cybersecurity risks. The VP, IS’s cybersecurity training includes 25 years of experience building and maintaining cybersecurity programs, and he obtained his certified information systems security professional, or CISSP, certification from the International Information System Security Certification Consortium, or ISC2, and his Cybersecurity and Infrastructure Security Agency, or CISA, certification from ISACA.
In an effort to deter and detect cyber threats, we annually provide all employees, including part-time and temporary employees, with a data protection, cybersecurity and incident response and prevention training and compliance program, which covers timely and relevant topics. Past topics have included social engineering, phishing, password protection, confidential data protection, asset use and mobile security, and educate employees on the importance of reporting all incidents immediately. We also use technology-based tools to mitigate cybersecurity risks and to bolster our employee-based cybersecurity programs.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|Our Vice President of Information Security, or the VP, IS, leads the operational oversight of company-wide cybersecurity strategy, policy, standards and processes and works across relevant departments to assess and help prepare us and our employees and third-party service providers to address cybersecurity risks.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|The VP, IS’s cybersecurity training includes 25 years of experience building and maintaining cybersecurity programs, and he obtained his certified information systems security professional, or CISSP, certification from the International Information System Security Certification Consortium, or ISC2, and his Cybersecurity and Infrastructure Security Agency, or CISA, certification from ISACA.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|In an effort to deter and detect cyber threats, we annually provide all employees, including part-time and temporary employees, with a data protection, cybersecurity and incident response and prevention training and compliance program, which covers timely and relevant topics. Past topics have included social engineering, phishing, password protection, confidential data protection, asset use and mobile security, and educate employees on the importance of reporting all incidents immediately.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef