|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
Risk management and strategy
GENFIT’s business is heavily dependent on our computer network and the use of information technology, or IT, systems, whether maintained directly by GENFIT or through external IT providers, including cloud-based applications. As a result, damage from computer viruses, unauthorized access, telecommunication and electrical failures can cause significant disruption to our operations.
We have implemented and maintain various information security processes to assess and manage the security, integrity, and availability of our IT systems, and safeguards to protect our data and that of patients participating in our clinical trials, our employees, and partners. To identify and mitigate cybersecurity risks, counteract threats, and limit and/or prevent disruptions to our IT systems, we have implemented detailed cybersecurity policies and procedures.
These processes are prioritized across all organizational levels, with cybersecurity acknowledged as a critical risk within the core enterprise risks that we regularly evaluate and address as an integral part of our risk management plan. As part of this plan, we also conduct periodic assessments of our assets, including IT assets, to evaluate the effectiveness of applicable security controls. In the past we regularly commission third-party audits of our security controls.
Additionally, as part of our approach to third-party risk management, we generally assess our external partners to determine whether their cybersecurity standards meet our specifications prior to engagement. In addition, we have migrated some tools to cloud-based applications, which can offer increased assurances as to security upgrades and swiftness of remediation in the event of disruptions, to which we would not normally have access to in a closed environment.
Employees across all levels and departments receive training on cybersecurity policies through an extensive "read and understood" process and are informed about cybersecurity risks via digital ongoing and annual awareness training programs conducted through the IT department. Employees are required to report IT security incidents to the cybersecurity team through a dedicated communication channel, and if necessary, by contacting a member of the IT team.In partnership with our internal cybersecurity team, a specialized third-party service provider responsible for managing our Cyber Security Operations Center investigates security incidents and alerts such as virus detection, abnormal traffic or unauthorized software installation. This includes identifying the type of threat, determining the scope of the incident, and assessing the severity of each situation.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block]
|
GENFIT’s business is heavily dependent on our computer network and the use of information technology, or IT, systems, whether maintained directly by GENFIT or through external IT providers, including cloud-based applications. As a result, damage from computer viruses, unauthorized access, telecommunication and electrical failures can cause significant disruption to our operations.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The IT Security Manager, or ITSM, in collaboration with the Executive Vice-President, Data & Information Technology who is also known as the Chief Information Officer, or CIO, leads our cybersecurity risk management efforts, aligning these initiatives with the strategic objectives established by our executive leaders. With nearly a decade of expertise in information security and technology, our ITSM plays a pivotal role in safeguarding our digital assets. Our CIO has more than twenty years of experience in information technology management and strategic planning and reports directly to the Chief Operating Officer or COO. The CIO is responsible for guiding our technology strategy, overseeing technology deployment, and managing operations. Our CIO regularly updates a working group established specifically by the Board of Directors in 2023 in order to oversee our cybersecurity status. This includes briefings on any recent incidents and our responses, testing of cybersecurity systems and third-party activities.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
Our cybersecurity initiatives are subject to ongoing monitoring and regular reporting to senior management and the GENFIT Board of Directors.
The IT Security Manager, or ITSM, in collaboration with the Executive Vice-President, Data & Information Technology who is also known as the Chief Information Officer, or CIO, leads our cybersecurity risk management efforts, aligning these initiatives with the strategic objectives established by our executive leaders. With nearly a decade of expertise in information security and technology, our ITSM plays a pivotal role in safeguarding our digital assets. Our CIO has more than twenty years of experience in information technology management and strategic planning and reports directly to the Chief Operating Officer or COO. The CIO is responsible for guiding our technology strategy, overseeing technology deployment, and managing operations. Our CIO regularly updates a working group established specifically by the Board of Directors in 2023 in order to oversee our cybersecurity status. This includes briefings on any recent incidents and our responses, testing of cybersecurity systems and third-party activities.
This cybersecurity working group is chaired by a member of the Board of Directors and includes the CIO, the ITSM and other key GENFIT employees. The chair of the cybersecurity working group meets and reports regularly to the Board of Directors on cybersecurity matters, allowing the Board of Directors to provide effective oversight of management’s assessment and management of the cybersecurity risks, in particular to reinforce transparency and accountability in our cyber strategies.
In addition, we have developed a procedure that details how we classify incidents, management of any incidents, and internal and external communication thereof. In accordance with that procedure, major or critical incidents are escalated for review to our Cyber Crisis Committee, which is comprised of various members of the Executive Committee, including our CEO. This committee is responsible for identifying and evaluating cybersecurity incidents. Our CEO reports directly to our Board of Directors regarding incidents identified as material by the Cyber Crisis Committee. This committee meets on an ad hoc basis as required to manage cybersecurity incidents.
As of the filing of this Form 20-F, we are not aware of any cyber-attacks that have occurred over the last three years that have materially affected, or are reasonably likely to materially affect us, including our business strategy, results of operations or financial condition. Although we have put in place the cybersecurity processes described above, we remain exposed to cybersecurity attacks and incidents and misuse or manipulation of any of our IT systems, which could have a material adverse effect on our business strategy, results of operations or financial condition. You should refer to the section of this annual report titled Item 3. D - "Key Information - Risk Factors” for additional information about these risks.
|Cybersecurity Risk Role of Management [Text Block]
|The CIO is responsible for guiding our technology strategy, overseeing technology deployment, and managing operations. Our CIO regularly updates a working group established specifically by the Board of Directors in 2023 in order to oversee our cybersecurity status. This includes briefings on any recent incidents and our responses, testing of cybersecurity systems and third-party activities.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|This cybersecurity working group is chaired by a member of the Board of Directors and includes the CIO, the ITSM and other key GENFIT employees. The chair of the cybersecurity working group meets and reports regularly to the Board of Directors on cybersecurity matters, allowing the Board of Directors to provide effective oversight of management’s assessment and management of the cybersecurity risks, in particular to reinforce transparency and accountability in our cyber strategies.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|With nearly a decade of expertise in information security and technology, our ITSM plays a pivotal role in safeguarding our digital assets. Our CIO has more than twenty years of experience in information technology management and strategic planning and reports directly to the Chief Operating Officer or COO.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|The CIO is responsible for guiding our technology strategy, overseeing technology deployment, and managing operations. Our CIO regularly updates a working group established specifically by the Board of Directors in 2023 in order to oversee our cybersecurity status. This includes briefings on any recent incidents and our responses, testing of cybersecurity systems and third-party activities.
This cybersecurity working group is chaired by a member of the Board of Directors and includes the CIO, the ITSM and other key GENFIT employees. The chair of the cybersecurity working group meets and reports regularly to the Board of Directors on cybersecurity matters, allowing the Board of Directors to provide effective oversight of management’s assessment and management of the cybersecurity risks, in particular to reinforce transparency and accountability in our cyber strategies.In addition, we have developed a procedure that details how we classify incidents, management of any incidents, and internal and external communication thereof. In accordance with that procedure, major or critical incidents are escalated for review to our Cyber Crisis Committee, which is comprised of various members of the Executive Committee, including our CEO. This committee is responsible for identifying and evaluating cybersecurity incidents. Our CEO reports directly to our Board of Directors regarding incidents identified as material by the Cyber Crisis Committee. This committee meets on an ad hoc basis as required to manage cybersecurity incidents.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef