|
Cybersecurity Risk Management, Strategy and Governance
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Item 1C. Cybersecurity.
Risk management and strategy
We have implemented and maintain various information security processes designed to identify, assess and manage material risks from cybersecurity threats to our critical computer networks, third party hosted services, communications systems, hardware and software, and our critical data, including intellectual property and confidential information that is proprietary, strategic or competitive in nature (Information Systems and Data). Our Chief Operating Officer and our General Counsel help identify, assess and manage our material risks from cybersecurity threats. Along with our Chief Operating Officer and our General Counsel, a third-party information technology strategy and risk reduction vendor helps identify and assess risks from cybersecurity threats by monitoring and evaluating our threat environment and our risk profile using various methods including, for example, manual tools, automated tools, subscribing to reports and services that identify cybersecurity threats, analyzing reports of threats and actors, conducting scans of the threat environment, evaluating our and our industry’s risk profile, evaluating threats reported to us, internal audits, conducting threat assessments for internal and external threats, conducting vulnerability assessments to identify vulnerabilities, use of external intelligence feeds and coordinating with law enforcement as appropriate about certain threats.
Depending on the environment, we implement and maintain various technical, physical, and organizational measures, processes, standards and policies designed to manage and mitigate material risks from cybersecurity threats to our Information Systems and Data, including, for example: incident detection and response procedures; an incident response policy; a vulnerability management policy; conducting risk assessments; encrypting certain of our data; maintaining network security controls; segmenting certain of our data; maintaining access and physical security controls; asset management, tracking, and disposal protocols; systems monitoring; vendor risk management processes; employee training; maintaining cybersecurity insurance; and retaining a third party information technology strategy and risk reduction vendor.
Our assessment and management of material risks from cybersecurity threats are integrated into our overall risk management processes. For example, cybersecurity risk is addressed as a component of our enterprise risk management program; our Chief Operating Officer and General Counsel work with management to prioritize our risk management processes and mitigate cybersecurity threats that are expected to be more likely to lead to a material impact to our business; our Chief Operating Officer and General Counsel evaluate material risks from cybersecurity threats against our overall business objectives and our Chief Operating Officer reports to the audit committee of the board of directors, which evaluates our overall enterprise risk.
We use third-party service providers to assist us from time to time to identify, assess, and manage material risks from cybersecurity threats, including for example, professional services firms (including outside legal counsel), threat intelligence service providers, cybersecurity consultants, cybersecurity software providers, managed cybersecurity service providers, and dark web monitoring services.
We use third-party service providers to perform a variety of functions throughout our business, such as application providers, hosting services, contract research organizations and contract manufacturing organizations. We have vendor management processes to identify and oversee cybersecurity risks associated with the use of our providers. Depending on the nature of the services provided, the sensitivity of the Information Systems and Data at issue, and the identity of the provider, these processes may include a risk assessment of the vendor, security
questionnaire, security assessments, security assessment calls with the vendor’s security personnel and imposition of contractual obligations on the vendor.
For a description of the risks from cybersecurity threats that may materially affect us and how they may do so, see our risk factors under Part I. Item 1A. Risk Factors in this Annual Report on Form 10-K, including “Our information technology systems or sensitive data, or those of our third-party CROs or other contractors or consultants, or third parties with whom we work, may fail or suffer security incidents, loss or leakage of data, and other disruptions, which could result in a material disruption of our product candidates' development programs, compromise sensitive data related to our business or prevent us from accessing critical information, potentially exposing us to liability or otherwise adversely affecting our business.”
Governance
Our board of directors addresses our cybersecurity risk management as part of its general oversight function. The board of directors’ audit committee is responsible for overseeing our cybersecurity risk management processes.
Our cybersecurity risk assessment and management processes are implemented and maintained by certain of our management, including our Chief Operating Officer and our General Counsel. Our Chief Operating Officer has been responsible for the oversight of our cybersecurity since he joined our company in May 2019. He has a B.A. in Computer Science. Our General Counsel has oversight of our legal department, has prior experience serving as inside and outside corporate counsel to technology and cybersecurity companies and a highly regulated cancer diagnostics company.
Our cybersecurity incident response and vulnerability management processes are designed to escalate certain cybersecurity incidents to members of management depending on the circumstances, including our Chief Operating Officer and our General Counsel. Our Chief Operating Officer and our General Counsel will work with our incident response team to help us mitigate and remediate cybersecurity incidents of which they are notified. In addition, our incident response processes include reporting to the audit committee of the board of directors for certain cybersecurity incidents.
The audit committee receives periodic reports from our Chief Operating Officer concerning our significant cybersecurity threats and risk and the processes we have implemented to address them. The audit committee also receives and has access to various reports, summaries or presentations related to cybersecurity threats, risk and mitigation.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
Our assessment and management of material risks from cybersecurity threats are integrated into our overall risk management processes. For example, cybersecurity risk is addressed as a component of our enterprise risk management program; our Chief Operating Officer and General Counsel work with management to prioritize our risk management processes and mitigate cybersecurity threats that are expected to be more likely to lead to a material impact to our business; our Chief Operating Officer and General Counsel evaluate material risks from cybersecurity threats against our overall business objectives and our Chief Operating Officer reports to the audit committee of the board of directors, which evaluates our overall enterprise risk.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Our board of directors addresses our cybersecurity risk management as part of its general oversight function. The board of directors’ audit committee is responsible for overseeing our cybersecurity risk management processes.
Our cybersecurity risk assessment and management processes are implemented and maintained by certain of our management, including our Chief Operating Officer and our General Counsel. Our Chief Operating Officer has been responsible for the oversight of our cybersecurity since he joined our company in May 2019. He has a B.A. in Computer Science. Our General Counsel has oversight of our legal department, has prior experience serving as inside and outside corporate counsel to technology and cybersecurity companies and a highly regulated cancer diagnostics company.
Our cybersecurity incident response and vulnerability management processes are designed to escalate certain cybersecurity incidents to members of management depending on the circumstances, including our Chief Operating Officer and our General Counsel. Our Chief Operating Officer and our General Counsel will work with our incident response team to help us mitigate and remediate cybersecurity incidents of which they are notified. In addition, our incident response processes include reporting to the audit committee of the board of directors for certain cybersecurity incidents.
The audit committee receives periodic reports from our Chief Operating Officer concerning our significant cybersecurity threats and risk and the processes we have implemented to address them. The audit committee also receives and has access to various reports, summaries or presentations related to cybersecurity threats, risk and mitigation.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The board of directors’ audit committee is responsible for overseeing our cybersecurity risk management processes.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
The audit committee receives periodic reports from our Chief Operating Officer concerning our significant cybersecurity threats and risk and the processes we have implemented to address them. The audit committee also receives and has access to various reports, summaries or presentations related to cybersecurity threats, risk and mitigation.
|Cybersecurity Risk Role of Management [Text Block]
|
Our cybersecurity risk assessment and management processes are implemented and maintained by certain of our management, including our Chief Operating Officer and our General Counsel. Our Chief Operating Officer has been responsible for the oversight of our cybersecurity since he joined our company in May 2019. He has a B.A. in Computer Science. Our General Counsel has oversight of our legal department, has prior experience serving as inside and outside corporate counsel to technology and cybersecurity companies and a highly regulated cancer diagnostics company.
Our cybersecurity incident response and vulnerability management processes are designed to escalate certain cybersecurity incidents to members of management depending on the circumstances, including our Chief Operating Officer and our General Counsel. Our Chief Operating Officer and our General Counsel will work with our incident response team to help us mitigate and remediate cybersecurity incidents of which they are notified. In addition, our incident response processes include reporting to the audit committee of the board of directors for certain cybersecurity incidents.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|Our cybersecurity risk assessment and management processes are implemented and maintained by certain of our management, including our Chief Operating Officer and our General Counsel. Our Chief Operating Officer has been responsible for the oversight of our cybersecurity since he joined our company in May 2019.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Our Chief Operating Officer has been responsible for the oversight of our cybersecurity since he joined our company in May 2019. He has a B.A. in Computer Science. Our General Counsel has oversight of our legal department, has prior experience serving as inside and outside corporate counsel to technology and cybersecurity companies and a highly regulated cancer diagnostics company.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|Our cybersecurity incident response and vulnerability management processes are designed to escalate certain cybersecurity incidents to members of management depending on the circumstances, including our Chief Operating Officer and our General Counsel. Our Chief Operating Officer and our General Counsel will work with our incident response team to help us mitigate and remediate cybersecurity incidents of which they are notified.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef