Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

We have developed and implemented a cybersecurity risk management program intended to protect the confidentiality, integrity, and availability of our critical systems and information.

As part of our risk management program, we rely on guidance from external support who in turn refer to industry standards given the scope of our operations and other guidance to help us assess, identify and manage cybersecurity risks. This does not imply that we meet any particular technical standards, specifications, or requirements, only that we use certain industry frameworks as a guide to help us identify, assess, and manage cybersecurity risks relevant to our business.

Our cybersecurity risk management program is integrated into our overall risk management program, and shares common methodologies, reporting channels and governance processes that apply across the risk management program to other legal, compliance, strategic, operational, and financial risk areas.

Key elements of our cybersecurity risk management program include but are not limited to the following:

●

risk assessments designed to help identify material risks from cybersecurity threats to our critical systems and information;

●

a designated team principally responsible for managing and evolving (1) our cybersecurity risk assessment processes, (2) our security controls, and (3) our response to cybersecurity incidents;

●

the use of external service providers, where appropriate, to assess, test or otherwise assist with aspects of our security processes;

●

a cybersecurity incident response plan that includes procedures for responding to cybersecurity incidents;

	●	cybersecurity awareness training of our employees, including our incident response personnel, and senior management; and

	●	a third-party risk management process for service providers based on our assessment of their criticality to our operations, and based on our expectation of their access to sensitive company and/or patient data in the course of their provision of services, and respective risk profile.

We have not identified particular risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents, which have materially affected us, including our operations, business strategy, results of operations, or financial condition. We face risks from cybersecurity threats which, if realized, are reasonably likely to materially affect us, including our operations, business strategy, results of operations, or financial condition. See “Risk Factors - “Our information technology systems, or those of any of our existing or potential future collaborators, trial sites, CROs or other contractors or consultants, may fail or suffer system failures and security breaches, which could result in a material disruption of our product development programs.

Cybersecurity Risk Management Processes Integrated [Flag]

true

Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block]

We have not identified particular risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents, which have materially affected us, including our operations, business strategy, results of operations, or financial condition. We face risks from cybersecurity threats which, if realized, are reasonably likely to materially affect us, including our operations, business strategy, results of operations, or financial condition.

Cybersecurity Risk Board of Directors Oversight [Text Block]

Cybersecurity Governance

Our Board considers cybersecurity risk as part of its risk oversight function and has delegated to the Audit Committee (the “Committee”) oversight of cybersecurity risks, including oversight of management’s implementation of our cybersecurity risk management program. The Committee has received a report from management in connection with an internal audit performed assessing our cybersecurity risks. In addition, management is charged with updating the Committee, where it deems appropriate, regarding any cybersecurity incidents it considers to be significant or potentially significant.

In turn, management is advised by our Software and IT Manager, who has primary responsibility for our overall cybersecurity risk management program, supervising both our internal cybersecurity personnel, who are experienced in data security and IT infrastructure, and are assisted by our retained external cybersecurity consultants, who provide, manage, and support our infrastructure and advise on cyber and data security matters. Additionally, our Software and IT Manager sits on our dedicated cyber task force, comprised of the Company’s IT, data, and legal personnel, which meets regularly to stay informed about, identify, and monitor efforts to prevent, detect, mitigate, and remediate cybersecurity risks and incidents through various means, including by implementing processes, and by prioritizing allocation of resources towards risk mitigation. Our team has extensive experience in system administration, both on-premises and in product administration with tools such as Microsoft 365 - including Intune, Defender, Exchange and Firewalls, and working with firms with very high confidentiality, integrity and availability requirements (Zero downtime).

Our management team takes steps to stay informed about maintain vigilance in its efforts to prevent, detect, mitigate, and remediate cybersecurity risks and incidents and is continuously staying abreast of developments in cybersecurity through various means, which may include briefings from internal security personnel; our dedicated cyber task force; threat intelligence and other information obtained from governmental, public or private sources, including external consultants engaged by us; and alerts and reports produced by security tools deployed in our IT environment.

Cybersecurity Risk Management Expertise of Management Responsible [Text Block]

In turn, management is advised by our Software and IT Manager, who has primary responsibility for our overall cybersecurity risk management program, supervising both our internal cybersecurity personnel, who are experienced in data security and IT infrastructure, and are assisted by our retained external cybersecurity consultants, who provide, manage, and support our infrastructure and advise on cyber and data security matters. Additionally, our Software and IT Manager sits on our dedicated cyber task force, comprised of the Company’s IT, data, and legal personnel, which meets regularly to stay informed about, identify, and monitor efforts to prevent, detect, mitigate, and remediate cybersecurity risks and incidents through various means, including by implementing processes, and by prioritizing allocation of resources towards risk mitigation. Our team has extensive experience in system administration, both on-premises and in product administration with tools such as Microsoft 365 - including Intune, Defender, Exchange and Firewalls, and working with firms with very high confidentiality, integrity and availability requirements (Zero downtime).

Cybersecurity Risk Management Positions or Committees Responsible [Text Block]

our Software and IT Manager sits on our dedicated cyber task force, comprised of the Company’s IT, data, and legal personnel, which meets regularly

Cybersecurity Risk Management Third Party Engaged [Flag]

true