|
Cybersecurity Risk Management, Strategy, and Governance
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Item 1C. Cybersecurity.
Cyber Risk Management and Strategy
We recognize the importance of assessing, identifying, and managing risks from cybersecurity threats. We have implemented a cybersecurity risk management program in accordance with our risk profile, which is informed by and incorporates elements of recognized industry standards. Our cybersecurity risk management strategy is guided by both internal cybersecurity risk assessments and third-party information security audits.
We leverage the support of third-party information technology and security providers as part of our cybersecurity risk management program, including for penetration testing. Further, we have adopted written information security policies and procedures, including an incident response plan, which is designed to establish our processes for identifying, responding to, and recovering from cybersecurity incidents.
We have also implemented a process to assess and review the cybersecurity practices of certain third-party vendors and service providers, including through the use of vendor security questionnaires. Additionally, the Company’s employees go through cybersecurity awareness training covering topics such as general cybersecurity best practices, phishing, data protection, password protection, and network security.
We have not identified any cybersecurity incidents or threats that have materially affected us or are reasonably likely to materially affect us, including our business strategy, results of operations or financial condition. However, like other companies in our industry, we and our third-party vendors may, from time to time, experience threats and security incidents that could effect our information or systems. For more information, please see the section entitled "Risk Factors".
Governance Related to Cybersecurity Risks
Our cybersecurity risk management program is managed by our Information Security Management Committee (the “InfoSec Committee”). The InfoSec Committee is currently made up of a cross-disciplinary team, including the Company’s acting Chief Information Security Officer (CISO), Chief Legal Officer, VP of People, Senior Director of R&D & Engineering, VP of Global Marketing, Medical Affairs and our Senior Corporate Counsel. The InfoSec Committee meets on a monthly basis to provide oversight of the Company's information security management system ("ISMS"), review the performance and effectiveness of the ISMS, and review and discuss the direction of the Company’s cybersecurity program, among other responsibilities. The committee also performs an annual audit to ensure Allurion's ISMS is effectively implemented and maintained. Our acting CISO, who is also our VP of Software Engineering, is responsible for the day-to-day oversight of the assessment and management of our information security program and cybersecurity risks. The individual who is currently in this role has approximately 25 years of experience in information technology.
The Board also engages in oversight of cybersecurity risks. With the input of the InfoSec Committee, our CISO may provide periodic updates to the Board on matters related to cybersecurity as needed.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Governance Related to Cybersecurity Risks
Our cybersecurity risk management program is managed by our Information Security Management Committee (the “InfoSec Committee”). The InfoSec Committee is currently made up of a cross-disciplinary team, including the Company’s acting Chief Information Security Officer (CISO), Chief Legal Officer, VP of People, Senior Director of R&D & Engineering, VP of Global Marketing, Medical Affairs and our Senior Corporate Counsel. The InfoSec Committee meets on a monthly basis to provide oversight of the Company's information security management system ("ISMS"), review the performance and effectiveness of the ISMS, and review and discuss the direction of the Company’s cybersecurity program, among other responsibilities. The committee also performs an annual audit to ensure Allurion's ISMS is effectively implemented and maintained. Our acting CISO, who is also our VP of Software Engineering, is responsible for the day-to-day oversight of the assessment and management of our information security program and cybersecurity risks. The individual who is currently in this role has approximately 25 years of experience in information technology.
The Board also engages in oversight of cybersecurity risks. With the input of the InfoSec Committee, our CISO may provide periodic updates to the Board on matters related to cybersecurity as needed.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Our cybersecurity risk management program is managed by our Information Security Management Committee (the “InfoSec Committee”). The InfoSec Committee is currently made up of a cross-disciplinary team, including the Company’s acting Chief Information Security Officer (CISO), Chief Legal Officer, VP of People, Senior Director of R&D & Engineering, VP of Global Marketing, Medical Affairs and our Senior Corporate Counsel.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The InfoSec Committee meets on a monthly basis to provide oversight of the Company's information security management system ("ISMS"), review the performance and effectiveness of the ISMS, and review and discuss the direction of the Company’s cybersecurity program, among other responsibilities.
|Cybersecurity Risk Role of Management [Text Block]
|Our acting CISO, who is also our VP of Software Engineering, is responsible for the day-to-day oversight of the assessment and management of our information security program and cybersecurity risks. The individual who is currently in this role has approximately 25 years of experience in information technology.
The Board also engages in oversight of cybersecurity risks. With the input of the InfoSec Committee, our CISO may provide periodic updates to the Board on matters related to cybersecurity as needed.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|Our acting CISO, who is also our VP of Software Engineering, is responsible for the day-to-day oversight of the assessment and management of our information security program and cybersecurity risks.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|The individual who is currently in this role has approximately 25 years of experience in information technology.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|The Board also engages in oversight of cybersecurity risks. With the input of the InfoSec Committee, our CISO may provide periodic updates to the Board on matters related to cybersecurity as needed.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef