|
Cybersecurity
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Item 1C. Cybersecurity
Risk Management and Strategy
We have established policies and processes for assessing, identifying, and managing risk from cybersecurity threats. We periodically assess risks from cybersecurity threats, including any potential unauthorized occurrence on or conducted through our information systems that may result in adverse effects on the confidentiality, integrity, or availability of our information systems or any information residing therein. Following these risk assessments, we evaluate how to reasonably address any identified gaps in existing safeguards and monitor the effectiveness of our safeguards. We devote resources and designate high-level personnel, including our Chief Legal Officer, who reports to our Chief Executive Officer, to manage the risk assessment and mitigation process in a manner that is consistent and integrated with our overall risk management processes.
As part of our overall risk management system, we monitor and test our safeguards and train our employees on these safeguards, including our cybersecurity safeguards, in collaboration with human resources, IT, and management. Personnel at all levels and departments receive periodic trainings on cybersecurity best practices and threats. For example, we conduct e-mail phishing campaigns with our employees and contractors which send phishing-style e-mails, monitor user responses, and automatically assign further training, as needed, and also provide convenient solutions for our employees to report suspicious messages.
We engage specialized third parties in connection with our risk assessment processes. These third parties assist us in designing and implementing our cybersecurity policies and procedures, as well as in monitoring and testing our safeguards.
We also conduct IT security assessments on our key third-party service providers and require them to implement and maintain reasonable security measures in connection with their work with us, and to promptly report any suspected breach of their security measures that may affect our company.
We have not previously experienced any cybersecurity risk or cybersecurity incident which has been determined to be material. For additional information regarding whether any risks from cybersecurity threats are reasonably likely to materially affect our company, including our business strategy, results of operations, or financial condition, please refer to Item 1A, “Risk Factors” in this Annual Report on Form 10-K, including the risk factor entitled “Our business and operations would suffer in the event of system failures, cyberattacks or a deficiency in our or our CMOs’, CROs’, manufacturers’, contractors’, consultants’ or collaborators’ cybersecurity”.
Governance
One of the key functions of our board of directors is informed oversight of our risk management process, including risks from cybersecurity threats. Our board of directors is responsible for monitoring and assessing strategic risk exposure, and our executive officers are responsible for the day-to-day management of the material risks we face. Our board of directors administers its cybersecurity risk oversight function directly as a whole, as well as through our audit committee.
Our Chief Legal Officer and our security governance steering committee, which includes our Vice President and Corporate Controller, Vice President of Human Resources, Senior Vice President of Development Operations, and Director of Information Technology and Cybersecurity, are primarily responsible for assessing and managing our risks from cybersecurity threats. Our Chief Legal Officer has more than a decade of operational experience overseeing and advising on risk management in the highly regulated biopharmaceutical industry, and leads a wide range of business functions, including IT/IS. Our Director of Information Technology and Cybersecurity has nearly 20 years of experience with IT, having had leadership roles in strategic technology development and information security, and holds several industry-recognized certifications such as the Certified Information Security Manager (CISM) and CompTIA Network+. They and other members of our security governance steering committee engage in training and education relating to cybersecurity risk.
Our Chief Legal Officer and our security governance steering committee oversee our cybersecurity policies and processes, including those described in “Risk Management and Strategy” above. Our Chief Legal Officer and our management committee on cybersecurity are informed about and monitor the prevention, detection, mitigation, and remediation of cybersecurity incidents through their work overseeing, working with, and delegating daily operations to the IT/IS team, as well as their work developing and implementing information security policies, consistent with the IT/IS processes. These policies are reviewed at least annually with updates authorized and approved by the security governance steering committee.
Our Chief Legal Officer and representatives from our security governance steering committee provide quarterly briefings to the audit committee regarding our company’s cybersecurity risks and activities, including any recent cybersecurity incidents and related responses, cybersecurity systems testing, activities of third parties, and the like. Our audit committee provides regular updates to the board of directors on such reports. In addition, our Chief Legal Officer and representatives from our security governance steering committee provide annual briefings to the board of directors on cybersecurity risks and activities.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|We devote resources and designate high-level personnel, including our Chief Legal Officer, who reports to our Chief Executive Officer, to manage the risk assessment and mitigation process in a manner that is consistent and integrated with our overall risk management processes.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
One of the key functions of our board of directors is informed oversight of our risk management process, including risks from cybersecurity threats. Our board of directors is responsible for monitoring and assessing strategic risk exposure, and our executive officers are responsible for the day-to-day management of the material risks we face. Our board of directors administers its cybersecurity risk oversight function directly as a whole, as well as through our audit committee.
Our Chief Legal Officer and our security governance steering committee, which includes our Vice President and Corporate Controller, Vice President of Human Resources, Senior Vice President of Development Operations, and Director of Information Technology and Cybersecurity, are primarily responsible for assessing and managing our risks from cybersecurity threats. Our Chief Legal Officer has more than a decade of operational experience overseeing and advising on risk management in the highly regulated biopharmaceutical industry, and leads a wide range of business functions, including IT/IS. Our Director of Information Technology and Cybersecurity has nearly 20 years of experience with IT, having had leadership roles in strategic technology development and information security, and holds several industry-recognized certifications such as the Certified Information Security Manager (CISM) and CompTIA Network+. They and other members of our security governance steering committee engage in training and education relating to cybersecurity risk.
Our Chief Legal Officer and our security governance steering committee oversee our cybersecurity policies and processes, including those described in “Risk Management and Strategy” above. Our Chief Legal Officer and our management committee on cybersecurity are informed about and monitor the prevention, detection, mitigation, and remediation of cybersecurity incidents through their work overseeing, working with, and delegating daily operations to the IT/IS team, as well as their work developing and implementing information security policies, consistent with the IT/IS processes. These policies are reviewed at least annually with updates authorized and approved by the security governance steering committee.
Our Chief Legal Officer and representatives from our security governance steering committee provide quarterly briefings to the audit committee regarding our company’s cybersecurity risks and activities, including any recent cybersecurity incidents and related responses, cybersecurity systems testing, activities of third parties, and the like. Our audit committee provides regular updates to the board of directors on such reports. In addition, our Chief Legal Officer and representatives from our security governance steering committee provide annual briefings to the board of directors on cybersecurity risks and activities.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
Our Chief Legal Officer and our security governance steering committee, which includes our Vice President and Corporate Controller, Vice President of Human Resources, Senior Vice President of Development Operations, and Director of Information Technology and Cybersecurity, are primarily responsible for assessing and managing our risks from cybersecurity threats. Our Chief Legal Officer has more than a decade of operational experience overseeing and advising on risk management in the highly regulated biopharmaceutical industry, and leads a wide range of business functions, including IT/IS. Our Director of Information Technology and Cybersecurity has nearly 20 years of experience with IT, having had leadership roles in strategic technology development and information security, and holds several industry-recognized certifications such as the Certified Information Security Manager (CISM) and CompTIA Network+. They and other members of our security governance steering committee engage in training and education relating to cybersecurity risk.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Our Chief Legal Officer and our security governance steering committee oversee our cybersecurity policies and processes, including those described in “Risk Management and Strategy” above.
|Cybersecurity Risk Role of Management [Text Block]
|
We have established policies and processes for assessing, identifying, and managing risk from cybersecurity threats. We periodically assess risks from cybersecurity threats, including any potential unauthorized occurrence on or conducted through our information systems that may result in adverse effects on the confidentiality, integrity, or availability of our information systems or any information residing therein. Following these risk assessments, we evaluate how to reasonably address any identified gaps in existing safeguards and monitor the effectiveness of our safeguards. We devote resources and designate high-level personnel, including our Chief Legal Officer, who reports to our Chief Executive Officer, to manage the risk assessment and mitigation process in a manner that is consistent and integrated with our overall risk management processes.
As part of our overall risk management system, we monitor and test our safeguards and train our employees on these safeguards, including our cybersecurity safeguards, in collaboration with human resources, IT, and management. Personnel at all levels and departments receive periodic trainings on cybersecurity best practices and threats. For example, we conduct e-mail phishing campaigns with our employees and contractors which send phishing-style e-mails, monitor user responses, and automatically assign further training, as needed, and also provide convenient solutions for our employees to report suspicious messages.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|Our Chief Legal Officer and our management committee on cybersecurity are informed about and monitor the prevention, detection, mitigation, and remediation of cybersecurity incidents through their work overseeing, working with, and delegating daily operations to the IT/IS team, as well as their work developing and implementing information security policies, consistent with the IT/IS processes.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Our Director of Information Technology and Cybersecurity has nearly 20 years of experience with IT, having had leadership roles in strategic technology development and information security, and holds several industry-recognized certifications such as the Certified Information Security Manager (CISM) and CompTIA Network+. They and other members of our security governance steering committee engage in training and education relating to cybersecurity risk.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|Our Chief Legal Officer and representatives from our security governance steering committee provide quarterly briefings to the audit committee regarding our company’s cybersecurity risks and activities, including any recent cybersecurity incidents and related responses, cybersecurity systems testing, activities of third parties
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef