|
Cybersecurity Risk Management, Strategy and Governance
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Risk management and strategy
Cybersecurity and data privacy risks are evaluated through our annual risk management assessment. The Chief Business Officer oversees our cybersecurity risk management program, in partnership with a Cybersecurity Incident Management Team ("CSI Management Team"). The program has been developed to respond to the threat of security breaches and cyberattacks, and to protect and preserve the confidentiality, integrity, and continued availability of information owned by Oculis.
To address cybersecurity threats and prevent IT system interruptions, we have implemented a company-wide Cybersecurity Incident Response Policy that details the procedures to be followed in the event of a known or suspected incident. Depending on the environment, we implement and maintain various technical, physical, and organizational measures, processes, standards and policies designed to manage and mitigate material risks from cybersecurity threats to our information systems and data, including, for example access controls through multifactor authentication, regular back-ups of data and information, and cybersecurity awareness training of employees. We also have installed and regularly update antivirus software on all company-managed systems and computers to detect and prevent malicious code from impacting our systems. Where appropriate, any incidents would be escalated by the CSI Management Team to the audit committee of our board of directors, pursuant to our Cybersecurity Incident Response Policy. Oculis has not experienced any known material cybersecurity incidents during the years ended December 31, 2024, 2023 or 2022.
Our assessment and management of material risks from cybersecurity threats are integrated into the Company’s overall risk management processes. For example, all systems are evaluated by management to prioritize our risk management processes and mitigate cybersecurity threats that are more likely to lead to a material impact to our business. Furthermore, the Company is leveraging industry frameworks such as ISO 27001 and the SEC Cybersecurity Rules adopted in July 2023 to benchmark and work towards continuous improvements of the Company’s cybersecurity practices.
We use third-party service providers to assist us from time to time to identify, assess, and manage material risks from cybersecurity threats, including, for example, by monitoring current information on system threats and vulnerabilities. We use third-party service providers to perform a variety of functions throughout our business, such as management of clinical studies, manufacturing and intellectual property management. Depending on the nature of the services provided, the sensitivity of the information systems and data at issue, and the identity of the provider, our vendor management process may involve different levels of assessment designed to help identify cybersecurity and data privacy risks associated with a provider and impose contractual obligations related to cybersecurity on the provider.
For a description of the risks from cybersecurity threats that may materially affect the Company and how they may do so, see our risk factors under Part 1. Item 3D. Risk Factors in this Annual Report on Form 20-F, including “Our business, financial condition and results of operations would suffer in the event of computer system failures, security breaches or other disruptions to our information technology systems.”
Our board of directors addresses our cybersecurity risk management as part of its general oversight function. The board of directors’ audit committee is responsible for overseeing our cybersecurity risk management processes, including oversight and mitigation of risks from cybersecurity threats.
Our cybersecurity risk assessment and management processes are implemented and maintained by certain Company management, including the Chief Business Officer and the Chief Financial Officer.
The Chief Business Officer, together with other company management, is responsible for hiring appropriate personnel, helping to integrate cybersecurity risk considerations into the Company’s overall risk management strategy, and communicating key priorities to relevant personnel. The Company’s board of directors and its audit committee is
responsible for approving budgets, helping prepare for cybersecurity incidents, approving cybersecurity processes, and reviewing security assessments and other security-related reports.
Our Cybersecurity Incident Response Policy is designed to escalate certain cybersecurity incidents to members of management depending on the circumstances. The CSI Management Teams works on mitigating and remediating cybersecurity incidents of which they are notified. In addition, our Cybersecurity Incident Response Policy includes reporting to the audit committee of the board of directors for certain cybersecurity incidents.
The audit committee receives quarterly reports concerning any significant cybersecurity threats and risk and the processes we have implemented to address them. The audit committee also receives various reports, summaries or presentations related to cybersecurity threats, risk and mitigation.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
Our assessment and management of material risks from cybersecurity threats are integrated into the Company’s overall risk management processes. For example, all systems are evaluated by management to prioritize our risk management processes and mitigate cybersecurity threats that are more likely to lead to a material impact to our business. Furthermore, the Company is leveraging industry frameworks such as ISO 27001 and the SEC Cybersecurity Rules adopted in July 2023 to benchmark and work towards continuous improvements of the Company’s cybersecurity practices.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block]
|
For a description of the risks from cybersecurity threats that may materially affect the Company and how they may do so, see our risk factors under Part 1. Item 3D. Risk Factors in this Annual Report on Form 20-F, including “Our business, financial condition and results of operations would suffer in the event of computer system failures, security breaches or other disruptions to our information technology systems.”
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Our board of directors addresses our cybersecurity risk management as part of its general oversight function. The board of directors’ audit committee is responsible for overseeing our cybersecurity risk management processes, including oversight and mitigation of risks from cybersecurity threats.
Our cybersecurity risk assessment and management processes are implemented and maintained by certain Company management, including the Chief Business Officer and the Chief Financial Officer.
The Chief Business Officer, together with other company management, is responsible for hiring appropriate personnel, helping to integrate cybersecurity risk considerations into the Company’s overall risk management strategy, and communicating key priorities to relevant personnel. The Company’s board of directors and its audit committee is
responsible for approving budgets, helping prepare for cybersecurity incidents, approving cybersecurity processes, and reviewing security assessments and other security-related reports.
Our Cybersecurity Incident Response Policy is designed to escalate certain cybersecurity incidents to members of management depending on the circumstances. The CSI Management Teams works on mitigating and remediating cybersecurity incidents of which they are notified. In addition, our Cybersecurity Incident Response Policy includes reporting to the audit committee of the board of directors for certain cybersecurity incidents.
The audit committee receives quarterly reports concerning any significant cybersecurity threats and risk and the processes we have implemented to address them. The audit committee also receives various reports, summaries or presentations related to cybersecurity threats, risk and mitigation.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The board of directors’ audit committee is responsible for overseeing our cybersecurity risk management processes, including oversight and mitigation of risks from cybersecurity threats.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
The audit committee receives quarterly reports concerning any significant cybersecurity threats and risk and the processes we have implemented to address them. The audit committee also receives various reports, summaries or presentations related to cybersecurity threats, risk and mitigation.
|Cybersecurity Risk Role of Management [Text Block]
|
Our cybersecurity risk assessment and management processes are implemented and maintained by certain Company management, including the Chief Business Officer and the Chief Financial Officer.
The Chief Business Officer, together with other company management, is responsible for hiring appropriate personnel, helping to integrate cybersecurity risk considerations into the Company’s overall risk management strategy, and communicating key priorities to relevant personnel. The Company’s board of directors and its audit committee isresponsible for approving budgets, helping prepare for cybersecurity incidents, approving cybersecurity processes, and reviewing security assessments and other security-related reports.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|
Our cybersecurity risk assessment and management processes are implemented and maintained by certain Company management, including the Chief Business Officer and the Chief Financial Officer.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|The CSI Management Teams works on mitigating and remediating cybersecurity incidents of which they are notified. In addition, our Cybersecurity Incident Response Policy includes reporting to the audit committee of the board of directors for certain cybersecurity incidents.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef