|
Cybersecurity Risk Management, Strategy, and Governance
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Abstract]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Item 1C. Cybersecurity.
Cybersecurity Risk Management and Strategy
Candel has implemented cybersecurity risk management processes that are informed by industry standards in accordance with the scale of our business. Our cybersecurity risk management processes are designed to assess, identify and mitigate risks from current and emerging cybersecurity threats.
We use various tools and processes to accomplish these objectives, including policies and procedures, risk assessments, and testing. Further, we require our employees to participate in cybersecurity risk awareness trainings and phishing exercises.
Our cybersecurity risk management processes are supported by third-party service providers, including a managed services provider that assists the Company with, among other things, threat monitoring and cybersecurity incident response and escalation services. We rely on a third-party service provider to assist us with our cybersecurity practices, including for vulnerability assessments, penetration testing, and managing IT environments. Our process for onboarding new vendors with access to critical systems or data includes vendor questionnaires, contractual obligations, and if deemed appropriate, review of vendor audit reports.
Our incident management processes include reporting to senior management, including the Chief Financial Officer (CFO), Chief Executive Officer, Vice President Quality Assurance, and Director GxP Systems, and, where appropriate, to the board of directors. To date, we have not identified any cybersecurity incidents or threats that have materially affected us or are reasonably likely to materially affect us, including our business strategy, results of operations, or financial condition. However, like other companies in our industry, we and our third-party vendors have from time-to-time experienced threats that could affect our information or systems. For more information, please refer to Item 1A, “Risk Factors,” in this Annual Report on Form 10-K.
Cybersecurity Governance
The board of directors has delegated oversight of the Company’s cybersecurity risk management program to the Audit Committee, including responsibilities for reviewing and discussing cybersecurity risks, implementing risk management programs, controls and procedures, and performing high level reviews of the threat landscape.
Our Senior Director, Information Technology (Senior Director, IT) is responsible for the strategic leadership and day-to-day management of our cybersecurity risk management program. The individual occupying this role has over thirty years of experience with information technology management and over five years of cybersecurity risk management.
Our Senior Director, IT engages in regular meetings with our third-party managed IT service provider and the Director, IT to review and assess our cybersecurity risk management processes. The Senior Director, IT reports such findings to our CFO who annually presents updates on cybersecurity risks, mitigation strategies, and, if necessary, incident response activities to our Audit Committee. Further, our Audit Committee updates the full board of directors on matters relating to cybersecurity risk management, as necessary.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Cybersecurity Governance
The board of directors has delegated oversight of the Company’s cybersecurity risk management program to the Audit Committee, including responsibilities for reviewing and discussing cybersecurity risks, implementing risk management programs, controls and procedures, and performing high level reviews of the threat landscape.
Our Senior Director, Information Technology (Senior Director, IT) is responsible for the strategic leadership and day-to-day management of our cybersecurity risk management program. The individual occupying this role has over thirty years of experience with information technology management and over five years of cybersecurity risk management.
Our Senior Director, IT engages in regular meetings with our third-party managed IT service provider and the Director, IT to review and assess our cybersecurity risk management processes. The Senior Director, IT reports such findings to our CFO who annually presents updates on cybersecurity risks, mitigation strategies, and, if necessary, incident response activities to our Audit Committee. Further, our Audit Committee updates the full board of directors on matters relating to cybersecurity risk management, as necessary.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
The board of directors has delegated oversight of the Company’s cybersecurity risk management program to the Audit Committee, including responsibilities for reviewing and discussing cybersecurity risks, implementing risk management programs, controls and procedures, and performing high level reviews of the threat landscape.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Our Senior Director, IT engages in regular meetings with our third-party managed IT service provider and the Director, IT to review and assess our cybersecurity risk management processes. The Senior Director, IT reports such findings to our CFO who annually presents updates on cybersecurity risks, mitigation strategies, and, if necessary, incident response activities to our Audit Committee.
|Cybersecurity Risk Role of Management [Text Block]
|
Cybersecurity Risk Management and Strategy
Candel has implemented cybersecurity risk management processes that are informed by industry standards in accordance with the scale of our business. Our cybersecurity risk management processes are designed to assess, identify and mitigate risks from current and emerging cybersecurity threats.
We use various tools and processes to accomplish these objectives, including policies and procedures, risk assessments, and testing. Further, we require our employees to participate in cybersecurity risk awareness trainings and phishing exercises.
Our cybersecurity risk management processes are supported by third-party service providers, including a managed services provider that assists the Company with, among other things, threat monitoring and cybersecurity incident response and escalation services. We rely on a third-party service provider to assist us with our cybersecurity practices, including for vulnerability assessments, penetration testing, and managing IT environments. Our process for onboarding new vendors with access to critical systems or data includes vendor questionnaires, contractual obligations, and if deemed appropriate, review of vendor audit reports.
Our incident management processes include reporting to senior management, including the Chief Financial Officer (CFO), Chief Executive Officer, Vice President Quality Assurance, and Director GxP Systems, and, where appropriate, to the board of directors. To date, we have not identified any cybersecurity incidents or threats that have materially affected us or are reasonably likely to materially affect us, including our business strategy, results of operations, or financial condition. However, like other companies in our industry, we and our third-party vendors have from time-to-time experienced threats that could affect our information or systems. For more information, please refer to Item 1A, “Risk Factors,” in this Annual Report on Form 10-K.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|The board of directors has delegated oversight of the Company’s cybersecurity risk management program to the Audit Committee, including responsibilities for reviewing and discussing cybersecurity risks, implementing risk management programs, controls and procedures, and performing high level reviews of the threat landscape.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|The individual occupying this role has over thirty years of experience with information technology management and over five years of cybersecurity risk management.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|Our incident management processes include reporting to senior management, including the Chief Financial Officer (CFO), Chief Executive Officer, Vice President Quality Assurance, and Director GxP Systems, and, where appropriate, to the board of directors.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef