|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Mar. 31, 2025
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Risk Management and Strategy
We have implemented and maintained various technical, physical, and organizational measures, processes, systems, standards and policies designed to identify, assess and manage material risks from cybersecurity threats to our computer-based communication systems and technology resources, peripheral equipment, and the information transmitted by, received from, or stored in these systems, whether distributed within the Company or externally (the “Information Systems”) , as well as any information that can be linked to an identified or identifiable person (the “Personal Data”). These measures, systems, policies include cybersecurity incident response policy, corporate information sharing and announcement policies, hardware purchase, use and storage policies, data storage and physical room management policies, corporate email and other data access account management system, office automation management system, system vulnerability management policy, disaster recovery or business continuity plans, security standards, encryption of data, network security controls, data segregation, access controls, physical security, asset management, tracking and disposal, systems monitoring and employee training.
We have established a specialized cybersecurity incident management team (the “CSI Management Team”) comprising representatives from both the center of internal control & compliance and IT department. Our CSI Management Team helps identify, assess and manage our cybersecurity threats and risks to the Information Systems and Personal Data by (i) investigating and gathering information regarding the scope of the suspected cybersecurity incidents, (ii) assuring that IS personnel determine appropriate actions to take to contain and remediate the cybersecurity incidents, (iii) taking appropriate action to preserve any relevant information and evidence, (iv) reviewing insurance availability and relevant obligations, (v) determining whether it is necessary or appropriate to make notifications to or engage the assistance of other parties, (vi) developing a response strategy and (vii) periodically reviewing and assessing the adequacy of this cybersecurity incident response policy, among others.
Our assessment and management of material risks from cybersecurity threats are integrated into our overall risk management processes. For example, our CSI Management Team consults with the center of internal control & compliance and senior management to evaluates material risks from cybersecurity threats against our overall business objectives and reports to the audit committee of the board of directors, which evaluates our overall enterprise risk.
We use third-party service providers to assist us from time to time to identify, assess, and manage material risks from cybersecurity threats, including, for example, qualified forensic investigators who are able to image affected devices, conduct a forensic computer investigation, or provide other services. We have strict procedures for the engagement of third-party service providers. Forensic investigators may only be engaged by our center of internal control & compliance or external legal counsel. To the extent additional third parties may need to be engaged to address a data security incident, those too shall be engaged by our center of internal control & compliance or external legal counsel. The center of internal control & compliance may establish and manage a list of pre-approved forensics providers and other third-party services providers.
For a description of the risks from cybersecurity threats that may materially affect our company and how they may do so, see “Item 3. Key information—D. Risk Factors—Risks Related to Extensive Government Regulations—We and our CROs are subject to stringent privacy laws, information security policies and contractual obligations related to data privacy and security, and we may be exposed to risks related to our management of the medical data of subjects enrolled in our clinical trials and other personal or sensitive information.”
|Cybersecurity Risk Management Processes Integrated [Text Block]
|Our assessment and management of material risks from cybersecurity threats are integrated into our overall risk management processes.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|We use third-party service providers to assist us from time to time to identify, assess, and manage material risks from cybersecurity threats, including, for example, qualified forensic investigators who are able to image affected devices, conduct a forensic computer investigation, or provide other services.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block]
|
For a description of the risks from cybersecurity threats that may materially affect our company and how they may do so, see “Item 3. Key information—D. Risk Factors—Risks Related to Extensive Government Regulations—We and our CROs are subject to stringent privacy laws, information security policies and contractual obligations related to data privacy and security, and we may be exposed to risks related to our management of the medical data of subjects enrolled in our clinical trials and other personal or sensitive information.”
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|true
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Governance
Our board of directors addresses our company’s cybersecurity risk management as part of its general oversight function. Our head of IT department is responsible for overseeing our cybersecurity risk management processes, including oversight and mitigation of risks from cybersecurity threats.
Our cybersecurity risk assessment and management processes are implemented and maintained by certain of our management, including our chief executive officer, our chief financial officer, head of IT department and our senior network engineer. With the experience of setting up servers and firewalls, our senior network engineer is responsible for hiring appropriate personnel, helping to integrate cybersecurity risk considerations into our overall risk management strategy, communicating key priorities to relevant personnel, and overseeing the operation of our cybersecurity risks and cloud services. With the experience of software programming, the head of IT department is mainly responsible for supervising our IT and software departments, including helping prepare for cybersecurity incidents, approving cybersecurity processes, and reviewing security assessments and other security-related reports. The head of IT department reports to our chief executive officer and our chief executive officer is responsible for approving budgets.
Our cybersecurity incident response and vulnerability management policies are designed to escalate certain cybersecurity incidents to cybersecurity incident management team (the “CSI management team”) depending on the circumstances, including our chief executive officers, chief financial officer and in-house general counsel. The CSI management team works with our company’s senior management team to help our company mitigate and remediate cybersecurity incidents of which they are notified. In addition, our company’s cybersecurity incident response and vulnerability management policies include reporting to the audit committee of the board of directors for certain cybersecurity incidents.
The audit committee receives periodic reports from our CSI management team concerning our company’s significant cybersecurity threats and risk and the processes our company has implemented to address them. The audit committee also has access to various reports, summaries or presentations related to cybersecurity threats, risk and mitigation.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|In addition, our company’s cybersecurity incident response and vulnerability management policies include reporting to the audit committee of the board of directors for certain cybersecurity incidents.
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef