|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|We have implemented and maintain various information security processes designed to identify, assess and
manage material risks from cybersecurity threats to our critical information systems, third party hosted services,
communications systems, hardware and software, and our critical data (including intellectual property, confidential
information that is proprietary, strategic or competitive in nature, and data related to our clinical trials and products)
(collectively, “Information Systems and Data”).
Our Chief Financial Officer as well as our external Data Protection Officer (“DPO”) and Information
Technology Director (“IT Director”), and other independent service providers help identify, assess and manage the
our cybersecurity threats and risks. Individuals in these roles identify and assess risks from cybersecurity threats by
monitoring and evaluating our threat environment using various methods including, for example, maintaining
manual and automated tools, conducting scans of our threat environment, and conducting vulnerability assessments.
Depending on the environment, we implement and maintain various technical, physical, and organizational
measures, processes, standards and policies designed to manage and mitigate material risks from cybersecurity
threats to our Information Systems and Data. These measures, processes, standards, and policies include, for
example: incident response plans and policies, personnel training, phishing test campaigns, penetration testing,
system backups, cybersecurity insurance, network security controls, segmentation for certain systems and data
access controls and physical security controls.
Our assessment and management of material risks from cybersecurity threats are integrated into our overall
risk management processes. For example, our external DPO and IT Director work with management in an effort to
prioritize our risk management processes and mitigate cybersecurity threats that are more likely to lead to a material
impact to our business.
We use independent service providers to assist us from time to time to identify, assess, and manage material
risks from cybersecurity threats, including for example: professional service firms, including legal counsel,
penetration testing firms, dark web monitoring services, cybersecurity consultants, and cybersecurity software
providers.
Further, we use independent service providers to perform a variety of functions throughout our business, such
as hosting companies and contract research organizations. We undertake efforts designed to manage cybersecurity
risks associated with our use of these providers. For certain vendors, these efforts include security questionnaires,
reviews of vendors’ written security programs, reviews of security assessments, audits, and vulnerability scans
related to the vendors. Depending on the nature of the services provided, the sensitivity of the Information Systems
and Data at issue, and the identity of the provider, our vendor management process may involve different levels of
assessment designed to help identify cybersecurity risks associated with a provider and impose contractual
obligations related to cybersecurity on the provider.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|Depending on the environment, we implement and maintain various technical, physical, and organizational
measures, processes, standards and policies designed to manage and mitigate material risks from cybersecurity
threats to our Information Systems and Data. These measures, processes, standards, and policies include, for
example: incident response plans and policies, personnel training, phishing test campaigns, penetration testing,
system backups, cybersecurity insurance, network security controls, segmentation for certain systems and data
access controls and physical security controls.
Our assessment and management of material risks from cybersecurity threats are integrated into our overall
risk management processes. For example, our external DPO and IT Director work with management in an effort to
prioritize our risk management processes and mitigate cybersecurity threats that are more likely to lead to a material
impact to our business.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|Our Board addresses our cybersecurity risk management as part of its general oversight function. The Board is
responsible for overseeing our cybersecurity risk management processes, including oversight and mitigation of risks
from cybersecurity threats. Our Committee of Executives (“COMEX”), in addition to those identified below,
provides input to the Board on cybersecurity threats. Our Committee of Executives consists of all our company's
officers along with our heads of manufacturing and quality.
Our cybersecurity risk assessment and management processes are implemented and maintained by certain
management team members, including our Chief Financial Officer (“CFO”) who oversees our external IT Director
and DPO. Our CFO has prior significant experience in strategic business operations.
Our CFO as well as our external IT Director and DPO are responsible for helping to integrate cybersecurity
risk considerations into our overall risk management strategy, and communicating key priorities to relevant
personnel. Our CFO is responsible for approving cybersecurity-related budgets, approving cybersecurity processes,
and reviewing security assessments and other security-related reports.
Our cybersecurity incident response procedures are designed to escalate certain cybersecurity incidents to
members of management depending on circumstances, including our CFO. Our CFO works with our incident
responders (such as the external IT Director and DPO) to help us mitigate and remediate cybersecurity incidents of
which they are notified. In addition, our incident response process includes reporting to the Board for certain
cybersecurity incidents.
The Board receives periodic communications from the CFO and others (such as the IT Director and DPO)
concerning our significant cybersecurity threats, risk and the processes we have implemented in an effort to address
them.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Our Board addresses our cybersecurity risk management as part of its general oversight function. The Board is
responsible for overseeing our cybersecurity risk management processes, including oversight and mitigation of risks
from cybersecurity threats. Our Committee of Executives (“COMEX”), in addition to those identified below,
provides input to the Board on cybersecurity threats. Our Committee of Executives consists of all our company's
officers along with our heads of manufacturing and quality.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Our cybersecurity incident response procedures are designed to escalate certain cybersecurity incidents to
members of management depending on circumstances, including our CFO. Our CFO works with our incident
responders (such as the external IT Director and DPO) to help us mitigate and remediate cybersecurity incidents of
which they are notified. In addition, our incident response process includes reporting to the Board for certain
cybersecurity incidents.
The Board receives periodic communications from the CFO and others (such as the IT Director and DPO)
concerning our significant cybersecurity threats, risk and the processes we have implemented in an effort to address
them.
|Cybersecurity Risk Role of Management [Text Block]
|Our cybersecurity risk assessment and management processes are implemented and maintained by certain
management team members, including our Chief Financial Officer (“CFO”) who oversees our external IT Director
and DPO. Our CFO has prior significant experience in strategic business operations.
Our CFO as well as our external IT Director and DPO are responsible for helping to integrate cybersecurity
risk considerations into our overall risk management strategy, and communicating key priorities to relevant
personnel. Our CFO is responsible for approving cybersecurity-related budgets, approving cybersecurity processes,
and reviewing security assessments and other security-related reports.
Our cybersecurity incident response procedures are designed to escalate certain cybersecurity incidents to
members of management depending on circumstances, including our CFO. Our CFO works with our incident
responders (such as the external IT Director and DPO) to help us mitigate and remediate cybersecurity incidents of
which they are notified. In addition, our incident response process includes reporting to the Board for certain
cybersecurity incidents.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|Our cybersecurity risk assessment and management processes are implemented and maintained by certain
management team members, including our Chief Financial Officer (“CFO”) who oversees our external IT Director
and DPO. Our CFO has prior significant experience in strategic business operations.
Our CFO as well as our external IT Director and DPO are responsible for helping to integrate cybersecurity
risk considerations into our overall risk management strategy, and communicating key priorities to relevant
personnel. Our CFO is responsible for approving cybersecurity-related budgets, approving cybersecurity processes,
and reviewing security assessments and other security-related reports.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Our CFO has prior significant experience in strategic business operations
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|Our cybersecurity incident response procedures are designed to escalate certain cybersecurity incidents to
members of management depending on circumstances, including our CFO. Our CFO works with our incident
responders (such as the external IT Director and DPO) to help us mitigate and remediate cybersecurity incidents of
which they are notified. In addition, our incident response process includes reporting to the Board for certain
cybersecurity incidents.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef