|
Cybersecurity Risk Management, Strategy and Governance
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Item 1C. Cybersecurity.
Cyber Risk Management and Strategy
We have implemented and maintain a cybersecurity risk management program that includes processes for the identification, assessment, and mitigation of cybersecurity risks. This process is overseen by the Director of IT Operations and Information Security, or the IT Director, and includes periodic security assessments, audits, and testing, which are informed by industry standards and supported by cybersecurity technologies, including automated tools, designed to monitor, identify, and address cybersecurity risks. We periodically engage with third parties to support these efforts. We maintain internal information security policies, including an incident response plan, which are reviewed by or at the direction of the IT Director and are updated periodically to reflect material changes and improvement in our information security practices. We have a process to assess and review the cybersecurity practices of third-party vendors and service providers prior to onboarding and periodically throughout the engagement, including through vendor questionnaires and contractual requirements, as appropriate.
Governance Related to Cybersecurity Risks
The IT Director oversees and manages the day-to-day functions of our cybersecurity risk management program. The IT Director reports to the VP of Information Technology and Facilities, or VP of IT. The IT Director and VP of IT roles are both held by individuals who each have over twenty years of professional information technology, or IT, management experience. The VP of IT meets regularly with the Audit Committee to report on and discuss information security and technology risks to our business, including our cyber risk management programs, controls, and procedures. The VP of IT and the Audit Committee also conduct a high-level review of the threat landscape facing our business, discuss risk mitigation strategies, and the prioritization of our remediation efforts.
The IT Director meets periodically with members of the Relay Information Security Council, or RISC, which is comprised of the VP of IT and senior leaders from various functions, including finance, legal, human resources, corporate development, and research and development. The RISC provides input to the IT Director in connection with proposed cyber strategies as it relates to potential business impacts from new or proposed technologies and security solutions across the organization, including implementation strategies designed to address potential risks and disruptions to the business. In the event we or one of our business partners experiences a cybersecurity incident, the RISC is responsible for assisting in evaluating the incident, including whether any disclosure of the incident is required. The VP of IT reports to the Audit Committee on cyber initiatives and implementation resulting from RISC discussions.
Through the Audit Committee, the Board of Directors is informed of: (i) security initiatives, (ii) existing and emerging cybersecurity risks, including cybersecurity incidents; and (iii) any disclosure obligations arising from any cybersecurity incidents. The Board of Directors oversees our general risk management strategy and the most significant risks facing our business, and is responsible for ensuring that appropriate risk mitigation strategies are implemented.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|We have implemented and maintain a cybersecurity risk management program that includes processes for the identification, assessment, and mitigation of cybersecurity risks.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
The IT Director oversees and manages the day-to-day functions of our cybersecurity risk management program. The IT Director reports to the VP of Information Technology and Facilities, or VP of IT. The IT Director and VP of IT roles are both held by individuals who each have over twenty years of professional information technology, or IT, management experience. The VP of IT meets regularly with the Audit Committee to report on and discuss information security and technology risks to our business, including our cyber risk management programs, controls, and procedures. The VP of IT and the Audit Committee also conduct a high-level review of the threat landscape facing our business, discuss risk mitigation strategies, and the prioritization of our remediation efforts.
The IT Director meets periodically with members of the Relay Information Security Council, or RISC, which is comprised of the VP of IT and senior leaders from various functions, including finance, legal, human resources, corporate development, and research and development. The RISC provides input to the IT Director in connection with proposed cyber strategies as it relates to potential business impacts from new or proposed technologies and security solutions across the organization, including implementation strategies designed to address potential risks and disruptions to the business. In the event we or one of our business partners experiences a cybersecurity incident, the RISC is responsible for assisting in evaluating the incident, including whether any disclosure of the incident is required. The VP of IT reports to the Audit Committee on cyber initiatives and implementation resulting from RISC discussions.
Through the Audit Committee, the Board of Directors is informed of: (i) security initiatives, (ii) existing and emerging cybersecurity risks, including cybersecurity incidents; and (iii) any disclosure obligations arising from any cybersecurity incidents. The Board of Directors oversees our general risk management strategy and the most significant risks facing our business, and is responsible for ensuring that appropriate risk mitigation strategies are implemented.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
Through the Audit Committee, the Board of Directors is informed of: (i) security initiatives, (ii) existing and emerging cybersecurity risks, including cybersecurity incidents; and (iii) any disclosure obligations arising from any cybersecurity incidents. The Board of Directors oversees our general risk management strategy and the most significant risks facing our business, and is responsible for ensuring that appropriate risk mitigation strategies are implemented.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The VP of IT meets regularly with the Audit Committee to report on and discuss information security and technology risks to our business, including our cyber risk management programs, controls, and procedures. The VP of IT and the Audit Committee also conduct a high-level review of the threat landscape facing our business, discuss risk mitigation strategies, and the prioritization of our remediation efforts.
|Cybersecurity Risk Role of Management [Text Block]
|This process is overseen by the Director of IT Operations and Information Security, or the IT Director, and includes periodic security assessments, audits, and testing, which are informed by industry standards and supported by cybersecurity technologies, including automated tools, designed to monitor, identify, and address cybersecurity risks. We periodically engage with third parties to support these efforts. We maintain internal information security policies, including an incident response plan, which are reviewed by or at the direction of the IT Director and are updated periodically to reflect material changes and improvement in our information security practices. We have a process to assess and review the cybersecurity practices of third-party vendors and service providers prior to onboarding and periodically throughout the engagement, including through vendor questionnaires and contractual requirements, as appropriate.
Governance Related to Cybersecurity Risks
The IT Director oversees and manages the day-to-day functions of our cybersecurity risk management program. The IT Director reports to the VP of Information Technology and Facilities, or VP of IT. The IT Director and VP of IT roles are both held by individuals who each have over twenty years of professional information technology, or IT, management experience. The VP of IT meets regularly with the Audit Committee to report on and discuss information security and technology risks to our business, including our cyber risk management programs, controls, and procedures. The VP of IT and the Audit Committee also conduct a high-level review of the threat landscape facing our business, discuss risk mitigation strategies, and the prioritization of our remediation efforts.
The IT Director meets periodically with members of the Relay Information Security Council, or RISC, which is comprised of the VP of IT and senior leaders from various functions, including finance, legal, human resources, corporate development, and research and development. The RISC provides input to the IT Director in connection with proposed cyber strategies as it relates to potential business impacts from new or proposed technologies and security solutions across the organization, including implementation strategies designed to address potential risks and disruptions to the business. In the event we or one of our business partners experiences a cybersecurity incident, the RISC is responsible for assisting in evaluating the incident, including whether any disclosure of the incident is required. The VP of IT reports to the Audit Committee on cyber initiatives and implementation resulting from RISC discussions.
Through the Audit Committee, the Board of Directors is informed of: (i) security initiatives, (ii) existing and emerging cybersecurity risks, including cybersecurity incidents; and (iii) any disclosure obligations arising from any cybersecurity incidents. The Board of Directors oversees our general risk management strategy and the most significant risks facing our business, and is responsible for ensuring that appropriate risk mitigation strategies are implemented.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|The IT Director meets periodically with members of the Relay Information Security Council, or RISC, which is comprised of the VP of IT and senior leaders from various functions, including finance, legal, human resources, corporate development, and research and development.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|The IT Director oversees and manages the day-to-day functions of our cybersecurity risk management program. The IT Director reports to the VP of Information Technology and Facilities, or VP of IT. The IT Director and VP of IT roles are both held by individuals who each have over twenty years of professional information technology, or IT, management experience.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|The RISC provides input to the IT Director in connection with proposed cyber strategies as it relates to potential business impacts from new or proposed technologies and security solutions across the organization, including implementation strategies designed to address potential risks and disruptions to the business. In the event we or one of our business partners experiences a cybersecurity incident, the RISC is responsible for assisting in evaluating the incident, including whether any disclosure of the incident is required. The VP of IT reports to the Audit Committee on cyber initiatives and implementation resulting from RISC discussions.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef