|
Cybersecurity Risk Management, Strategy, and Governance
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Item 1C. Cybersecurity.
Cybersecurity Risk Management and Strategy
The Company, under the oversight of the audit committee of the board of directors, has implemented and maintains an enterprise risk management program that includes a cybersecurity risk management program designed to identify, assess, and mitigate critical risks from cybersecurity threats.
Our cybersecurity risk management program is informed by industry standards and includes, but is not limited to, ongoing monitoring for potential critical risks from cybersecurity threats using automated tools. We have a process designed to monitor and address identified cybersecurity risks. To support our cybersecurity risk management program, we leverage a managed security service provider (MSSP) and also engage with other third-party providers and cybersecurity consultants as appropriate, including engagement of third parties to assist with managed detection and response and vulnerability management and to perform periodic penetration testing, and other vulnerability analyses.
As part of our cybersecurity risk management program, we have a process to assess and review the cybersecurity practices of certain third-party vendors and service providers that may be critical to the operations of our business and who have access to our information systems or store our confidential data, including, as appropriate, through review of vendor questionnaires and the inclusion of cybersecurity requirements in contracts.
We also have an employee education and training program, offered during onboarding and on a periodic basis thereafter, that is designed to raise awareness of cybersecurity threats across functions as well as to encourage consideration of cybersecurity risks across our Company. As part of this employee training program, we periodically conduct phishing simulations designed to raise employee awareness of such risks.
We have not identified any cybersecurity incidents or threats that have materially affected us or are reasonably likely to materially affect us, including our business strategy, results of operations or financial condition; however, like other companies in our industry, we and our third-party vendors have, from time to time, experienced threats and security incidents relating to our and our third-party vendors’ information systems. See Item 1A “Risk Factors” in this Annual Report on Form 10K for more information.
Cybersecurity Program Oversight and Governance
Our Head of Information Technology serves as our Information Security Officer (ISO) and has primary responsibility for managing our information technology team and external service providers and for generally assessing and managing our cybersecurity risk management program. Currently, the ISO role is held by an individual who has more than 20 years of experience in leading information security teams and who has implemented and managed cybersecurity programs for other publicly-traded biotechnology companies. Our ISO’s experience includes developing and maintaining tools and processes designed to protect internal computer and telecommunications networks used to store, process, and transmit personal and confidential data.
Our ISO reports directly to, and meets periodically with, our Chief Financial Officer (CFO) to discuss and review our cybersecurity risk management processes, including our cybersecurity metrics, with input from the Company’s MSSP and other third-party providers and cybersecurity consultants, as appropriate. Our ISO also works closely with our Chief Compliance Officer (CCO) in the establishment and management of controls and processes that underpin our cybersecurity risk management program and meets periodically with our entire executive management team, including our Chief Executive Officer, regarding cybersecurity threats and our cybersecurity risk management program. We have implemented a process for the ISO to report relevant findings from penetration testing and cybersecurity assessments conducted by third-party consultants to members of our management team, including our CFO and CCO, as appropriate.
Our board of directors has delegated oversight of the Company’s cybersecurity program to the audit committee of the board of directors. As provided in the audit committee charter, the audit committee is responsible for reviewing and discussing the Company’s information security and risk management programs, controls, and procedures, including high-level review of the threat landscape facing the Company and the Company’s strategy to mitigate cybersecurity risks and potential breaches. Under the audit committee charter, the audit committee is also responsible for reviewing the recovery and communication plans for any unplanned outage or security breach, where applicable.
In connection with its oversight of our broader enterprise risk management program, our ISO, on a periodic basis, provides reports to the audit committee on the status of our cybersecurity program, including measures implemented to monitor and address risks from cybersecurity threats, as appropriate. The chair of the audit committee and the ISO provide periodic reports on cybersecurity risk management to the full board of directors.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|We have a process designed to monitor and address identified cybersecurity risks. To support our cybersecurity risk management program, we leverage a managed security service provider (MSSP) and also engage with other third-party providers and cybersecurity consultants as appropriate, including engagement of third parties to assist with managed detection and response and vulnerability management and to perform periodic penetration testing, and other vulnerability analyses.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block]
|We have not identified any cybersecurity incidents or threats that have materially affected us or are reasonably likely to materially affect us, including our business strategy, results of operations or financial condition;
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Our board of directors has delegated oversight of the Company’s cybersecurity program to the audit committee of the board of directors. As provided in the audit committee charter, the audit committee is responsible for reviewing and discussing the Company’s information security and risk management programs, controls, and procedures, including high-level review of the threat landscape facing the Company and the Company’s strategy to mitigate cybersecurity risks and potential breaches. Under the audit committee charter, the audit committee is also responsible for reviewing the recovery and communication plans for any unplanned outage or security breach, where applicable.
In connection with its oversight of our broader enterprise risk management program, our ISO, on a periodic basis, provides reports to the audit committee on the status of our cybersecurity program, including measures implemented to monitor and address risks from cybersecurity threats, as appropriate. The chair of the audit committee and the ISO provide periodic reports on cybersecurity risk management to the full board of directors.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|As provided in the audit committee charter, the audit committee is responsible for reviewing and discussing the Company’s information security and risk management programs, controls, and procedures, including high-level review of the threat landscape facing the Company and the Company’s strategy to mitigate cybersecurity risks and potential breaches. Under the audit committee charter, the audit committee is also responsible for reviewing the recovery and communication plans for any unplanned outage or security breach, where applicable.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Under the audit committee charter, the audit committee is also responsible for reviewing the recovery and communication plans for any unplanned outage or security breach, where applicable.
|Cybersecurity Risk Role of Management [Text Block]
|
Our Head of Information Technology serves as our Information Security Officer (ISO) and has primary responsibility for managing our information technology team and external service providers and for generally assessing and managing our cybersecurity risk management program. Currently, the ISO role is held by an individual who has more than 20 years of experience in leading information security teams and who has implemented and managed cybersecurity programs for other publicly-traded biotechnology companies. Our ISO’s experience includes developing and maintaining tools and processes designed to protect internal computer and telecommunications networks used to store, process, and transmit personal and confidential data.
Our ISO reports directly to, and meets periodically with, our Chief Financial Officer (CFO) to discuss and review our cybersecurity risk management processes, including our cybersecurity metrics, with input from the Company’s MSSP and other third-party providers and cybersecurity consultants, as appropriate. Our ISO also works closely with our Chief Compliance Officer (CCO) in the establishment and management of controls and processes that underpin our cybersecurity risk management program and meets periodically with our entire executive management team, including our Chief Executive Officer, regarding cybersecurity threats and our cybersecurity risk management program. We have implemented a process for the ISO to report relevant findings from penetration testing and cybersecurity assessments conducted by third-party consultants to members of our management team, including our CFO and CCO, as appropriate.
Our board of directors has delegated oversight of the Company’s cybersecurity program to the audit committee of the board of directors. As provided in the audit committee charter, the audit committee is responsible for reviewing and discussing the Company’s information security and risk management programs, controls, and procedures, including high-level review of the threat landscape facing the Company and the Company’s strategy to mitigate cybersecurity risks and potential breaches. Under the audit committee charter, the audit committee is also responsible for reviewing the recovery and communication plans for any unplanned outage or security breach, where applicable.
In connection with its oversight of our broader enterprise risk management program, our ISO, on a periodic basis, provides reports to the audit committee on the status of our cybersecurity program, including measures implemented to monitor and address risks from cybersecurity threats, as appropriate. The chair of the audit committee and the ISO provide periodic reports on cybersecurity risk management to the full board of directors.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|Information Security Officer (ISO) and has primary responsibility for managing our information technology team and external service providers and for generally assessing and managing our cybersecurity risk management program.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Currently, the ISO role is held by an individual who has more than 20 years of experience in leading information security teams and who has implemented and managed cybersecurity programs for other publicly-traded biotechnology companies. Our ISO’s experience includes developing and maintaining tools and processes designed to protect internal computer and telecommunications networks used to store, process, and transmit personal and confidential data.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|audit committee is responsible for reviewing and discussing the Company’s information security and risk management programs, controls, and procedures, including high-level review of the threat landscape facing the Company and the Company’s strategy to mitigate cybersecurity risks and potential breaches.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef