|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Our board of directors recognizes the critical importance of maintaining the trust and confidence of our customers, business partners and employees. Our board of directors is guided by stringent regulatory requirements and best practices. Our approach, aligned with the new SEC cybersecurity disclosure requirements and the ISO 27001 and ISO 27002 standards, encompasses a broad spectrum of activities from incident response and risk management to governance, compliance documentation, and continuous improvement. We have established a proactive incident identification and evaluation process, leveraged advanced detection tools and we encourage both internal and external incident reporting. The board of directors is actively involved in oversight of our risk management program, and cybersecurity represents an important component of our overall approach to risk management. Our risk management strategy is thorough and dynamic, incorporating annual risk assessments to identify and mitigate potential cybersecurity threats. Our cybersecurity policies, standards, processes and practices are fully integrated into our risk management program and are based on recognized frameworks established by the Israel National Cyber Directorate (INCD), the International Organization for Standardization and other applicable industry standards. In general, we seek to address cybersecurity risks through a comprehensive, cross-functional approach that is focused on preserving the confidentiality, security and availability of the information that we collect and store by identifying, preventing and mitigating cybersecurity threats and effectively responding to cybersecurity incidents when they occur.
Risk Management and Strategy
Our cybersecurity risk management framework is designed to align with our risk management strategy, through adherence to the ISO:27001:2022 and ISO/IEC 27005:2022 information security, cybersecurity and privacy protection guidance on managing information security risks the standard for information security risk management. This structured approach facilitates the comprehensive identification, assessment, and mitigation of cybersecurity threats, underscoring our commitment to protecting our valuable information.
In our risk management structure, we conduct annual internal risk assessments alongside a significant external evaluation performed by a reputable third party. These internal assessments are crucial for preemptively identifying and mitigating cybersecurity vulnerabilities, spearheaded by our dedicated cybersecurity team. Leading this initiative is the vice president of quality assurance/regulatory affairs (VP QA/RA), who holds certifications in ISO 27001, ISO 27002, ISO 27005, and is a qualified auditor. The VP QA/RA is supported by the IT Manager, ensuring a comprehensive and informed approach to managing cybersecurity risks.
To ensure the integrity of our operations and data, we vet third-party service providers. This includes periodic evaluations of their cybersecurity protocols, a strategy that effectively mitigates potential risks associated with these external entities.
Although no past cybersecurity incidents have materially impacted our business strategy, operations, or financial condition, we proactively incorporate potential cybersecurity risks into our risk management framework. This precautionary measure ensures our readiness to address any emergent threats, thereby maintaining the resilience and integrity of our business.
Through continuous assessment and improvement, guided by international standards and the expertise of a dedicated team, we are committed to addressing cybersecurity to maintain the trust and confidence of our stakeholders.
As part of our comprehensive approach to mitigating cybersecurity risks, we implement several key strategies to enhance our digital security posture:
Priority (or ERP system) servers are backed up weekly to a separate offsite location, ensuring that in the event of a data loss, we can recover up to a month’s worth of data, maintaining our operational integrity and mitigate against potential cybersecurity threats.
We engage in the periodic assessment and testing of our policies, standards, and processes that are designed to address cybersecurity threats and incidents. These efforts include a wide range of activities, including audits, assessments, tabletop exercises, threat modeling, vulnerability testing, and other exercises focused on evaluating the effectiveness of our cybersecurity measures and planning. We regularly engage third parties to perform assessments on our cybersecurity measures, including information security maturity assessments, audits and independent reviews of our information security control environment and operating effectiveness. The results of such assessments, audits and reviews are reported to our board of directors, and we adjust our cybersecurity policies, standards, processes and practices accordingly.
|Cybersecurity Risk Management Processes Integrated [Text Block]
|Our cybersecurity policies, standards, processes and practices are fully integrated into our risk management program and are based on recognized frameworks established by the Israel National Cyber Directorate (INCD), the International Organization for Standardization and other applicable industry standards.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
Governance
Our board of directors oversees our risk management process, including the management of risks arising from cybersecurity threats. The board of directors receives regular presentations and reports on cybersecurity risks, which address a wide range of topics including recent developments, evolving standards, vulnerability assessments, third-party and independent reviews, the threat environment, technological trends and information security considerations arising with respect to our peers and third parties. Our board of directors receives prompt and timely information regarding any cybersecurity incident that meets established reporting thresholds, as well as ongoing updates regarding any such incident until it has been addressed. On an annual basis, our board of directors discusses our approach to cybersecurity risk management with our management team.
Our VP QA/RA implements programs designed to protect our information systems from cybersecurity threats and to promptly respond to any cybersecurity incidents in accordance with our incident response and recovery plans. Through ongoing communication our management monitors the prevention, detection, mitigation and remediation of cybersecurity threats and incidents in real time and reports such threats and incidents to our board of directors and management when appropriate.
We have implemented a comprehensive Incident Response Plan (“IRP”) and Incident Response Management Procedure, ensuring compliance with ISO 27001:2022, NIST standards, and SEC disclosure requirements. The Incident Response Team (“IRT”), led by senior management, oversees cybersecurity incidents, mitigation efforts, and business continuity. The Incident Management Team (“IMT”) is responsible for overseeing the response process, including containment, coordination, and resolution. Key personnel include the Information Technology Officer, Chief Operations Officer, our legal counsel, and VP QA/RA as the Incident Response Manager. Our IT and Security Teams is responsible for implementing technical controls for containment and eradication, our legal and compliance team ensures that incidents are reported in accordance with applicable law and regulations, and the communications/IR team would manage public and internal communications regarding the incident. We perform automated monitoring, a 24/7 reporting system, and structured escalation based on severity. Upon detection, incidents are contained, investigated, and reported as required, with secure forensic evidence collection. Post-incident reviews ensure continuous improvement, with quarterly testing and annual updates to address emerging threats. This structured approach ensures effective risk mitigation, regulatory compliance, and operational resilience. Our board of directors is currently the highest supervisory authority on this matter, and we are considering delegating some of these supervisory authorities to our audit committee in the future.
Neither cybersecurity threats nor any previous cybersecurity incidents have materially affected or are reasonably likely to affect us, including its business strategy, results of operations or financial condition.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The board of directors receives regular presentations and reports on cybersecurity risks, which address a wide range of topics including recent developments, evolving standards, vulnerability assessments, third-party and independent reviews, the threat environment, technological trends and information security considerations arising with respect to our peers and third parties. Our board of directors receives prompt and timely information regarding any cybersecurity incident that meets established reporting thresholds, as well as ongoing updates regarding any such incident until it has been addressed.
|Cybersecurity Risk Role of Management [Text Block]
|
Our VP QA/RA implements programs designed to protect our information systems from cybersecurity threats and to promptly respond to any cybersecurity incidents in accordance with our incident response and recovery plans. Through ongoing communication our management monitors the prevention, detection, mitigation and remediation of cybersecurity threats and incidents in real time and reports such threats and incidents to our board of directors and management when appropriate.
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|Through ongoing communication our management monitors the prevention, detection, mitigation and remediation of cybersecurity threats and incidents in real time and reports such threats and incidents to our board of directors and management when appropriate.
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|Our board of directors is currently the highest supervisory authority on this matter, and we are considering delegating some of these supervisory authorities to our audit committee in the future.
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef