|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
At Century Therapeutics, we recognize the importance of information security practices designed to protect the confidentiality, integrity, and availability of Company information. We have implemented a cybersecurity program in accordance with our risk profile and business that is informed by recognized industry standards and frameworks, and incorporates elements of the same, including elements of the National Institute of Standards and Technology Cybersecurity Framework (“NIST CSF”).
Our cybersecurity risk management program includes multiple components, including information security maturity assessments, penetration testing, and vulnerability assessments, that are conducted periodically by both internal and external resources. We also conduct employee training and leverage third-party security tools, including but not limited to access controls, threat monitoring, and endpoint protection and response. We maintain a security operations center operated by a third party that collects cybersecurity threat data from multiple internal and external sources and determines if activity is potentially suspicious or malicious. We are in the process of developing and implementing additional cybersecurity policies and procedures.
We take a risk-based approach to the evaluation of third-party vendors, and apply mitigations and processes based on the nature of the data accessed by the vendor. Currently, we review System and Organization Controls (“SOC”) reports from vendors who have access to financial reporting information, and we are in the process of developing additional vendor risk management policies and procedures.
We have not identified any cybersecurity incidents or threats that have materially affected us or are reasonably likely to materially affect us, including our business strategy, results of operations, or financial condition. However, like other companies in our industry, we and our third-party vendors experienced threats and security incidents that could affect our information or systems. For more information, please see Section 1A. Risk Factors.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
At Century Therapeutics, we recognize the importance of information security practices designed to protect the confidentiality, integrity, and availability of Company information. We have implemented a cybersecurity program in accordance with our risk profile and business that is informed by recognized industry standards and frameworks, and incorporates elements of the same, including elements of the National Institute of Standards and Technology Cybersecurity Framework (“NIST CSF”).
Our cybersecurity risk management program includes multiple components, including information security maturity assessments, penetration testing, and vulnerability assessments, that are conducted periodically by both internal and external resources. We also conduct employee training and leverage third-party security tools, including but not limited to access controls, threat monitoring, and endpoint protection and response. We maintain a security operations center operated by a third party that collects cybersecurity threat data from multiple internal and external sources and determines if activity is potentially suspicious or malicious. We are in the process of developing and implementing additional cybersecurity policies and procedures.
We take a risk-based approach to the evaluation of third-party vendors, and apply mitigations and processes based on the nature of the data accessed by the vendor. Currently, we review System and Organization Controls (“SOC”) reports from vendors who have access to financial reporting information, and we are in the process of developing additional vendor risk management policies and procedures.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Cybersecurity Governance
Our Director of Cybersecurity is responsible for the strategic leadership and direction of the Company’s information security organization. The individual currently serving as the Director of Cybersecurity has over twenty years of experience working in information technology. The Director of Cybersecurity receives cybersecurity alerts from the Company’s third-party security operations center, and provides periodic updates to the Head of Information Technology who informs the Company’s executive committee, which includes the Company’s Chief Executive Officer, Chief Operating Officer and, Chief Financial Officer.
Beginning last year, the Director of Cybersecurity also provides updates to the Audit Committee of the board of directors approximately on a quarterly basis. The Audit Committee, pursuant to its charter, reviews significant existing and emerging cybersecurity risks, including material cybersecurity incidents if any, the impact on the Company and its stockholders of any significant cybersecurity incident and any disclosure obligations arising from any such incidents.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Audit Committee
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
Beginning last year, the Director of Cybersecurity also provides updates to the Audit Committee of the board of directors approximately on a quarterly basis. The Audit Committee, pursuant to its charter, reviews significant existing and emerging cybersecurity risks, including material cybersecurity incidents if any, the impact on the Company and its stockholders of any significant cybersecurity incident and any disclosure obligations arising from any such incidents.
|Cybersecurity Risk Role of Management [Text Block]
|
Cybersecurity Governance
Our Director of Cybersecurity is responsible for the strategic leadership and direction of the Company’s information security organization. The individual currently serving as the Director of Cybersecurity has over twenty years of experience working in information technology. The Director of Cybersecurity receives cybersecurity alerts from the Company’s third-party security operations center, and provides periodic updates to the Head of Information Technology who informs the Company’s executive committee, which includes the Company’s Chief Executive Officer, Chief Operating Officer and, Chief Financial Officer.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|Director of Cybersecurity
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|
Cybersecurity Governance
Our Director of Cybersecurity is responsible for the strategic leadership and direction of the Company’s information security organization. The individual currently serving as the Director of Cybersecurity has over twenty years of experience working in information technology. The Director of Cybersecurity receives cybersecurity alerts from the Company’s third-party security operations center, and provides periodic updates to the Head of Information Technology who informs the Company’s executive committee, which includes the Company’s Chief Executive Officer, Chief Operating Officer and, Chief Financial Officer.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|The Director of Cybersecurity receives cybersecurity alerts from the Company’s third-party security operations center, and provides periodic updates to the Head of Information Technology who informs the Company’s executive committee, which includes the Company’s Chief Executive Officer, Chief Operating Officer and, Chief Financial Officer.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef