|
Cybersecurity Risk Management, Strategy and Governance
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
ITEM 1C. CYBERSECURITY
Cyber Risk Management and Strategy
Disc Medicine, under the oversight of the audit committee of the board of directors, has implemented and maintains processes to review and manage enterprise risks, including annual assessments of cybersecurity risks, across the Company.
Our cybersecurity risk management program, which is informed by and incorporates elements of recognized industry standards, is designed to identify, assess, and mitigate critical risks from cybersecurity threats. This program includes, but is not limited to, ongoing monitoring for potential critical risks from cybersecurity threats using automated tools. To support our cybersecurity risk management program, we leverage a managed service provider, or MSP, that provides ongoing support for the protection of our information technology infrastructure as well as a virtual Chief Information Security Officer, or vCISO. Our cybersecurity risk management strategy is informed by periodic conversations with, and risk assessments conducted by, our vCISO.
We have an employee security awareness training program, offered upon employee onboarding and on an annual basis, that is designed to raise awareness of cybersecurity threats across functions as well as to encourage consideration of cybersecurity risks across our Company. As part of this employee training program, we periodically conduct phishing simulations designed to raise employee awareness of such risks.
We have also implemented a process to review contractual requirements related to information security obligations included in our agreements with certain third-party vendors and service providers, as appropriate.
We have not identified any cybersecurity incidents or threats that have materially affected us or are reasonably likely to materially affect us, including our business strategy, results of operations or financial condition; however, like other companies in our industry, we and our third-party vendors may, from time to time, experience threats and security incidents relating to our and our third-party vendors’ information systems and infrastructure. For more information, please see Item 1A - Risk Factors.
Governance Related to Cybersecurity Risks
Our Head of Information Technology, or IT, under the oversight of our Chief Legal Officer, is responsible for the administration and maintenance of our cybersecurity risk management program, including the day-to-day oversight of the assessment and management of cybersecurity risks. The individual who currently holds the title of Head of IT has more than 20 years of experience in information security and cybersecurity risk management.
Our Head of IT directly reports to, and meets periodically with, our Chief Legal Officer to discuss and review our cybersecurity risk management processes, with input from the Company’s MSP and vCISO, as appropriate.
Our board of directors has delegated oversight of the Company’s cybersecurity program to the audit committee of the board of directors. As provided in the audit committee charter, the audit committee is responsible for reviewing and discussing the Company’s information security and risk management programs, controls, and procedures, including high-level review of the threat landscape facing the Company and the Company’s strategy to mitigate cybersecurity risks and potential breaches. Under the audit committee charter, the audit committee is also responsible for reviewing the recovery and communication plans for any unplanned outage, cybersecurity incident, or data breach.
Our Head of IT, twice a year, provides reports to the audit committee on the status of our cybersecurity program, including measures implemented to monitor and address risks from cybersecurity threats, as appropriate. He also reports on a quarterly basis to the executive committee on cybersecurity and information technology matters. The chair of the audit committee provides periodic reports on cybersecurity risk management to the full board of directors. Our Chief Legal Officer, on an annual basis, discusses the results of our enterprise risk assessment processes, including risks related to cybersecurity, with the full board of directors.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Our Head of Information Technology, or IT, under the oversight of our Chief Legal Officer, is responsible for the administration and maintenance of our cybersecurity risk management program, including the day-to-day oversight of the assessment and management of cybersecurity risks. The individual who currently holds the title of Head of IT has more than 20 years of experience in information security and cybersecurity risk management.
Our Head of IT directly reports to, and meets periodically with, our Chief Legal Officer to discuss and review our cybersecurity risk management processes, with input from the Company’s MSP and vCISO, as appropriate.
Our board of directors has delegated oversight of the Company’s cybersecurity program to the audit committee of the board of directors. As provided in the audit committee charter, the audit committee is responsible for reviewing and discussing the Company’s information security and risk management programs, controls, and procedures, including high-level review of the threat landscape facing the Company and the Company’s strategy to mitigate cybersecurity risks and potential breaches. Under the audit committee charter, the audit committee is also responsible for reviewing the recovery and communication plans for any unplanned outage, cybersecurity incident, or data breach.
Our Head of IT, twice a year, provides reports to the audit committee on the status of our cybersecurity program, including measures implemented to monitor and address risks from cybersecurity threats, as appropriate. He also reports on a quarterly basis to the executive committee on cybersecurity and information technology matters. The chair of the audit committee provides periodic reports on cybersecurity risk management to the full board of directors. Our Chief Legal Officer, on an annual basis, discusses the results of our enterprise risk assessment processes, including risks related to cybersecurity, with the full board of directors.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
Our Head of IT directly reports to, and meets periodically with, our Chief Legal Officer to discuss and review our cybersecurity risk management processes, with input from the Company’s MSP and vCISO, as appropriate.
Our board of directors has delegated oversight of the Company’s cybersecurity program to the audit committee of the board of directors. As provided in the audit committee charter, the audit committee is responsible for reviewing and discussing the Company’s information security and risk management programs, controls, and procedures, including high-level review of the threat landscape facing the Company and the Company’s strategy to mitigate cybersecurity risks and potential breaches. Under the audit committee charter, the audit committee is also responsible for reviewing the recovery and communication plans for any unplanned outage, cybersecurity incident, or data breach.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Our Head of IT, twice a year, provides reports to the audit committee on the status of our cybersecurity program, including measures implemented to monitor and address risks from cybersecurity threats, as appropriate. He also reports on a quarterly basis to the executive committee on cybersecurity and information technology matters.
|Cybersecurity Risk Role of Management [Text Block]
|
Our Head of Information Technology, or IT, under the oversight of our Chief Legal Officer, is responsible for the administration and maintenance of our cybersecurity risk management program, including the day-to-day oversight of the assessment and management of cybersecurity risks. The individual who currently holds the title of Head of IT has more than 20 years of experience in information security and cybersecurity risk management.
Our Head of IT directly reports to, and meets periodically with, our Chief Legal Officer to discuss and review our cybersecurity risk management processes, with input from the Company’s MSP and vCISO, as appropriate.
Our board of directors has delegated oversight of the Company’s cybersecurity program to the audit committee of the board of directors. As provided in the audit committee charter, the audit committee is responsible for reviewing and discussing the Company’s information security and risk management programs, controls, and procedures, including high-level review of the threat landscape facing the Company and the Company’s strategy to mitigate cybersecurity risks and potential breaches. Under the audit committee charter, the audit committee is also responsible for reviewing the recovery and communication plans for any unplanned outage, cybersecurity incident, or data breach.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|
Our board of directors has delegated oversight of the Company’s cybersecurity program to the audit committee of the board of directors. As provided in the audit committee charter, the audit committee is responsible for reviewing and discussing the Company’s information security and risk management programs, controls, and procedures, including high-level review of the threat landscape facing the Company and the Company’s strategy to mitigate cybersecurity risks and potential breaches. Under the audit committee charter, the audit committee is also responsible for reviewing the recovery and communication plans for any unplanned outage, cybersecurity incident, or data breach.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|The individual who currently holds the title of Head of IT has more than 20 years of experience in information security and cybersecurity risk management.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|Our Head of IT, twice a year, provides reports to the audit committee on the status of our cybersecurity program, including measures implemented to monitor and address risks from cybersecurity threats, as appropriate. He also reports on a quarterly basis to the executive committee on cybersecurity and information technology matters. The chair of the audit committee provides periodic reports on cybersecurity risk management to the full board of directors.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef