|
Cybersecurity Risk Management, Strategy and Governance
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Abstract]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Item 1C. Cybersecurity.
Risk Management and Strategy
We have established policies and processes for assessing, identifying, and managing material risk from cybersecurity threats to our critical computer networks, third party hosted services, communications systems, hardware and software, and our critical data, including clinical trial data, intellectual property, confidential information that is proprietary, strategic, financial or competitive in nature, and personal data.
Depending on the environment and system, we implement and maintain various technical, physical, and organizational measures, processes, standards and policies designed to manage and mitigate material risks from cybersecurity threats, including, for example, periodic cybersecurity testing and cybersecurity awareness training for employees.
We retain a third-party technology solutions firm (IT Firm) to help identify, assess and manage the Company’s cybersecurity threats and risks. The IT Firm reports to an employee who functions as our IT lead (IT Lead) and who works with our management team, including our Principal Financial Officer (PFO). Our IT Firm identifies and, in conjunction with our IT Lead, helps assess risks from cybersecurity threats by monitoring and evaluating our threat environment and risk profile using various methods and tools.
We use third-party service providers, including cybersecurity consultants, to assist us from time to time to identify, assess, and manage material risks from cybersecurity threats, including for example, to conduct risk assessments and identify potential risks.
We use third-party service providers to perform a variety of functions throughout our business, including manufacturing our product candidates and assisting with R&D and clinical activities. Depending on the nature of the services provided, the sensitivity of the systems and data at issue, and the identity of the provider, our vendor contracting processes may include imposing certain contractual provisions related to privacy and cybersecurity.
We have integrated our assessment and management of material risks from cybersecurity threats into our overall risk management systems and processes. For example, the results of such third-party cybersecurity assessments are shared with our senior management and the board’s audit committee for review, both of which evaluate our overall enterprise risk.
For a description of the risks from cybersecurity threats that may materially affect the Company and how they may do so, see our risk factors under Part 1. Item 1A. Risk Factors in this Annual Report on Form 10-K, including the risk entitled “Our computer systems or data, or those of our collaborators or other contractors or consultants, maybe compromised, which could result in adverse consequences, including but not limited to regulatory investigations or actions; litigation; fines and penalties; significant disruption of our product development programs and our ability to operate our business effectively; reputational harm; and other adverse consequences.”
Governance
Our board of directors addresses our cybersecurity risk management as part of its general oversight function. The board of directors’ audit committee is responsible for overseeing our cybersecurity risk management processes, including oversight and mitigation of risks from cybersecurity threats.
Our IT Lead is responsible for engaging and overseeing our IT Firm. In consultation with our IT Firm, our IT Lead, Principal Financial Officer and General Counsel integrate cybersecurity risk considerations into the Company’s overall risk management strategy, communicate key priorities to relevant personnel, help prepare for cybersecurity incidents, approve cybersecurity processes, and review security assessments and other security-related reports.
Our cybersecurity incident response policy is designed to escalate certain cybersecurity incidents to our Cybersecurity Incident Management Team, which consists of a representative from our IT Firm, IT Lead, Principal Financial Officer and General Counsel. In addition, our incident response policy includes reporting to our disclosure committee and audit committee of the board of directors for certain cybersecurity incidents.
Our audit committee receives periodic reports from management concerning the Company’s significant cybersecurity threats and risk and the processes the Company has implemented to address them. The audit committee also receives various reports, summaries or presentations related to cybersecurity threats, risk and mitigation.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|We have integrated our assessment and management of material risks from cybersecurity threats into our overall risk management systems and processes. For example, the results of such third-party cybersecurity assessments are shared with our senior management and the board’s audit committee for review, both of which evaluate our overall enterprise risk
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block]
|
For a description of the risks from cybersecurity threats that may materially affect the Company and how they may do so, see our risk factors under Part 1. Item 1A. Risk Factors in this Annual Report on Form 10-K, including the risk entitled “Our computer systems or data, or those of our collaborators or other contractors or consultants, maybe compromised, which could result in adverse consequences, including but not limited to regulatory investigations or actions; litigation; fines and penalties; significant disruption of our product development programs and our ability to operate our business effectively; reputational harm; and other adverse consequences.”
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Our board of directors addresses our cybersecurity risk management as part of its general oversight function. The board of directors’ audit committee is responsible for overseeing our cybersecurity risk management processes, including oversight and mitigation of risks from cybersecurity threats.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Our IT Lead is responsible for engaging and overseeing our IT Firm.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The board of directors’ audit committee is responsible for overseeing our cybersecurity risk management processes, including oversight and mitigation of risks from cybersecurity threats.
|Cybersecurity Risk Role of Management [Text Block]
|In consultation with our IT Firm, our IT Lead, Principal Financial Officer and General Counsel integrate cybersecurity risk considerations into the Company’s overall risk management strategy, communicate key priorities to relevant personnel, help prepare for cybersecurity incidents, approve cybersecurity processes, and review security assessments and other security-related reports.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|
Our cybersecurity incident response policy is designed to escalate certain cybersecurity incidents to our Cybersecurity Incident Management Team, which consists of a representative from our IT Firm, IT Lead, Principal Financial Officer and General Counsel. In addition, our incident response policy includes reporting to our disclosure committee and audit committee of the board of directors for certain cybersecurity incidents.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|
Our audit committee receives periodic reports from management concerning the Company’s significant cybersecurity threats and risk and the processes the Company has implemented to address them. The audit committee also receives various reports, summaries or presentations related to cybersecurity threats, risk and mitigation.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef