|
Cybersecurity Risk Management, Strategy, and Governance
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Item 1C. Cybersecurity.
Cybersecurity Risk Management and Strategy
We have implemented a cybersecurity program in accordance with our risk profile and business size that is informed by recognized industry standards, including elements of the National Institute of Standards and Technology Cybersecurity Framework. We leverage the cybersecurity services of third-party vendors, including virtual chief information security officer services, to support our cybersecurity risk management program.
Our cybersecurity risk management program is comprised of a number of components, including but not limited to a risk assessment incorporating elements of industry-standard frameworks, penetration testing, endpoint detection and response, system log monitoring and alert platform, and security operations center, functioning 24x7. We have an employee training program that includes annual cybersecurity awareness training that is reinforced by frequent phishing campaigns. We also maintain an incident response plan and related processes to help guide our response to cybersecurity incidents.
As part of our cybersecurity risk management program, we take a risk-based approach to the evaluation of third-party vendors, and apply mitigations and processes based on our evaluation of the sensitivity of the data accessed by the vendor and the maturity of the vendor’s programs. Our current vendor evaluation procedures include, as appropriate, a review of certain vendors’ security standards.
We have not identified any cybersecurity incidents or threats that have materially affected us or are reasonably likely to materially affect us, including our business strategy, results of operations or financial condition. However, like other companies in our industry, we and our third-party vendors have experienced threats relating to our and our third-party vendors’ information systems. For more information, please see “Item 1A, Risk Factors.”
Governance Related to Cybersecurity Risks
Our Head of Information Technology (“Head of IT”) is responsible for the strategic leadership and direction of the Company’s information technology organization. Our current Head of IT has over thirty years of experience leading information technology teams in the life sciences industry. The Head of IT reviews threat intelligence, and receives updates from the Company’s third-party providers, to help identify risks from cybersecurity threats.
The Head of IT reports to the Chief Financial Officer (CFO), and attends regular meetings with the CFO to discuss updates relating to the Company’s cybersecurity program. The Head of IT also provides cybersecurity updates on a quarterly basis to the Company’s executive team.
The Board of Directors has delegated oversight of cybersecurity risk management to the Audit Committee. The Audit Committee reviews the Company’s major cybersecurity risk exposures and the steps that the Company’s management has taken to monitor and control such exposures. Specifically, the Audit Committee reviews updates on data management, security initiatives, and significant existing and emerging cybersecurity risks, including material cybersecurity incidents, the impact on the Company and its stakeholders of any significant cybersecurity incident, and any disclosure obligations arising from any such incidents.
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|The Board of Directors has delegated oversight of cybersecurity risk management to the Audit Committee.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Head of IT reviews threat intelligence, and receives updates from the Company’s third-party providers, to help identify risks from cybersecurity threats.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
The Head of IT reports to the Chief Financial Officer (CFO), and attends regular meetings with the CFO to discuss updates relating to the Company’s cybersecurity program. The Head of IT also provides cybersecurity updates on a quarterly basis to the Company’s executive team.
|Cybersecurity Risk Role of Management [Text Block]
|
Governance Related to Cybersecurity Risks
Our Head of Information Technology (“Head of IT”) is responsible for the strategic leadership and direction of the Company’s information technology organization. Our current Head of IT has over thirty years of experience leading information technology teams in the life sciences industry. The Head of IT reviews threat intelligence, and receives updates from the Company’s third-party providers, to help identify risks from cybersecurity threats.
The Head of IT reports to the Chief Financial Officer (CFO), and attends regular meetings with the CFO to discuss updates relating to the Company’s cybersecurity program. The Head of IT also provides cybersecurity updates on a quarterly basis to the Company’s executive team.
The Board of Directors has delegated oversight of cybersecurity risk management to the Audit Committee. The Audit Committee reviews the Company’s major cybersecurity risk exposures and the steps that the Company’s management has taken to monitor and control such exposures. Specifically, the Audit Committee reviews updates on data management, security initiatives, and significant existing and emerging cybersecurity risks, including material cybersecurity incidents, the impact on the Company and its stakeholders of any significant cybersecurity incident, and any disclosure obligations arising from any such incidents.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|Our Head of Information Technology (“Head of IT”) is responsible for the strategic leadership and direction of the Company’s information technology organization.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Our current Head of IT has over thirty years of experience leading information technology teams in the life sciences industry. The Head of IT reviews threat intelligence, and receives updates from the Company’s third-party providers, to help identify risks from cybersecurity threats.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|The Audit Committee reviews the Company’s major cybersecurity risk exposures and the steps that the Company’s management has taken to monitor and control such exposures. Specifically, the Audit Committee reviews updates on data management, security initiatives, and significant existing and emerging cybersecurity risks, including material cybersecurity incidents, the impact on the Company and its stakeholders of any significant cybersecurity incident, and any disclosure obligations arising from any such incidents.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef