|
Cybersecurity Risk Management, Strategy, and Governance
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Item 1C. Cybersecurity.
We have certain processes for assessing, identifying and managing cybersecurity risks, which are built into our overall information technology function and are designed to help protect employee and third party, including patient, information from unauthorized access or attack, as well as secure our networks and systems. Such processes include physical, procedural and technical safeguards and routine review of our policies and procedures to identify risks and enhance our practices. We have developed an incident response policy which is designed to help coordinate our response to, and recovery from, cybersecurity incidents, and includes processes to triage, assess the severity of, escalate, contain, investigate, and remediate incidents, as well as to comply with applicable legal obligations. Internally and through a third-party service provider, we regularly conduct tests on our systems and incident simulations to help discover potential vulnerabilities, which enable improved decision-making and prioritization and promote monitoring and reporting across compliance functions. As part of our overall risk mitigation strategy, we also maintain cyber insurance coverage; however, such insurance coverage
may not be sufficient in type or amount to cover us against claims related to security breaches, cyber-attacks and other related breaches.
We engage certain external parties, including consultants, independent privacy assessors, computer security firms and risk management experts, to assess and enhance our cybersecurity oversight. Our third-party security firms periodically assess our cybersecurity process against the National Institute of Standards and Technology Cybersecurity Framework. We consider the internal risk oversight programs of third-party service providers before engaging them in order to help protect us from any related vulnerabilities. We also regularly consult with industry groups on emerging industry trends.
We do not believe that there are currently any known risks from cybersecurity threats that are reasonably likely to materially affect the company or our business strategy, results of operations or financial condition.
The Audit Committee of our Board of Directors provides direct oversight over cybersecurity risk and provides updates to the Board of Directors regarding such oversight. The Audit Committee receives periodic updates from management regarding cybersecurity matters and is notified between such updates regarding significant new cybersecurity threats or incidents.
Our Information Technology department is led by the Head of Information Technology, who oversees a team that includes the Director of Infrastructure and Security. This team is responsible for developing and executing our cybersecurity strategy, policies, standards, and processes. They collaborate closely with cross-functional departments to assess, mitigate, and manage cybersecurity risks, enhancing the security of our systems and the preparedness of our employees. The Head of Information Technology holds a Master of Science in Information Technology and has 20 years of experience in the biotechnology sector. The Director of Infrastructure and Security is a Certified Information Systems Security Professional (CISSP) and brings extensive expertise in securing enterprise infrastructure.
We annually provide all employees, including part-time and temporary employees, with a data protection, cybersecurity and incident response and prevention training and compliance program, which covers timely and relevant topics, including social engineering, phishing, password protection, confidential data protection, asset use and mobile security, and educates employees on the importance of reporting all incidents immediately. We also use technology-based tools that are designed to mitigate cybersecurity risks and to bolster our employee-based cybersecurity programs.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
The Audit Committee of our Board of Directors provides direct oversight over cybersecurity risk and provides updates to the Board of Directors regarding such oversight. The Audit Committee receives periodic updates from management regarding cybersecurity matters and is notified between such updates regarding significant new cybersecurity threats or incidents.
Our Information Technology department is led by the Head of Information Technology, who oversees a team that includes the Director of Infrastructure and Security. This team is responsible for developing and executing our cybersecurity strategy, policies, standards, and processes. They collaborate closely with cross-functional departments to assess, mitigate, and manage cybersecurity risks, enhancing the security of our systems and the preparedness of our employees. The Head of Information Technology holds a Master of Science in Information Technology and has 20 years of experience in the biotechnology sector. The Director of Infrastructure and Security is a Certified Information Systems Security Professional (CISSP) and brings extensive expertise in securing enterprise infrastructure.
We annually provide all employees, including part-time and temporary employees, with a data protection, cybersecurity and incident response and prevention training and compliance program, which covers timely and relevant topics, including social engineering, phishing, password protection, confidential data protection, asset use and mobile security, and educates employees on the importance of reporting all incidents immediately. We also use technology-based tools that are designed to mitigate cybersecurity risks and to bolster our employee-based cybersecurity programs.
|Cybersecurity Risk Role of Management [Text Block]
|annually provide all employees, including part-time and temporary employees, with a data protection, cybersecurity and incident response and prevention training and compliance program, which covers timely and relevant topics, including social engineering, phishing, password protection, confidential data protection, asset use and mobile security, and educates employees on the importance of reporting all incidents immediately. We also use technology-based tools that are designed to mitigate cybersecurity risks and to bolster our employee-based cybersecurity programs.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|
Our Information Technology department is led by the Head of Information Technology, who oversees a team that includes the Director of Infrastructure and Security. This team is responsible for developing and executing our cybersecurity strategy, policies, standards, and processes. They collaborate closely with cross-functional departments to assess, mitigate, and manage cybersecurity risks, enhancing the security of our systems and the preparedness of our employees. The Head of Information Technology holds a Master of Science in Information Technology and has 20 years of experience in the biotechnology sector. The Director of Infrastructure and Security is a Certified Information Systems Security Professional (CISSP) and brings extensive expertise in securing enterprise infrastructure.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|The Audit Committee of our Board of Directors provides direct oversight over cybersecurity risk and provides updates to the Board of Directors regarding such oversight. The Audit Committee receives periodic updates from management regarding cybersecurity matters and is notified between such updates regarding significant new cybersecurity threats or incidents
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef