|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Risk Management and Strategy
Our cybersecurity risk management program is designed to protect the confidentiality, integrity, and availability of our critical systems, information and data. The policies, standards, processes and practices of our cybersecurity risk management program are part of our information security management system, or ISMS, program, which is integrated into our enterprise risk management process. Our cybersecurity risk management program includes a comprehensive set of policies and procedures to prevent accidental or intentional unauthorized modification, destruction or disclosure of confidential, proprietary, personal or otherwise critical information, including an appropriate level of security over the equipment, processes and software used to process, store and transmit information.
Key elements of our cybersecurity risk management program include, but are not limited to the following:
To further improve the effectiveness of our cybersecurity risk management program, we engage third-party service providers, where appropriate, to assess and test the adequacy of our security controls and processes, consult best practices to address new challenges and evolving risks, or otherwise assist with aspects of our security processes. Additionally, our risk monitoring systems are regularly audited by our internal auditors as well as cybersecurity audit companies. We consider the results of external and internal audits of our risk detection and monitoring systems and implement modifications as necessary.
We also implement third-party risk management processes to identify, assess and monitor material risks from cybersecurity threats associated with key services providers that have access to our information technology systems or our confidential, proprietary, personal or otherwise critical information based on our assessment of the potential impact to our operations and respective risk profile.
We have established and seek to continuously improve effective information security governance. We apply a risk-based approach in line with our overall risk management framework to address potential gaps in security controls. The processes of our cybersecurity risk management program are aligned to ISO 27001:2022, an international standard for information security management.
As of the date of this Annual Report on Form 20-F, we have not experienced any cybersecurity incidents or risks from cybersecurity threats that have materially affected, or are currently viewed as reasonably likely to materially affect, us, our business strategy, results of operations, or financial condition. However, the scope and impact of any future cybersecurity threats cannot be predicted and there can be no assurance that our cybersecurity risk management program will be effective in preventing material cybersecurity threats in the future. For a description of the risks from cybersecurity threats that may materially affect us, including our results of operations and financial condition, see “Item 1. Key Information—D. Risk Factors—Risks related to our industry, business and operations—We or our CROs, contractors, consultants, or other third parties may suffer system failures, security breaches, or other incidents which may have a material adverse impact to our operations and financial position, which could result in material disruption of our product development programs and adversely impact our business, financial condition or results of operations.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|Our cybersecurity risk management program is designed to protect the confidentiality, integrity, and availability of our critical systems, information and data. The policies, standards, processes and practices of our cybersecurity risk management program are part of our information security management system, or ISMS, program, which is integrated into our enterprise risk management process.
|Cybersecurity Risk Role of Management [Text Block]
|
Key elements of our cybersecurity risk management program include, but are not limited to the following:
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|Additionally, our risk monitoring systems are regularly audited by our internal auditors as well as cybersecurity audit companies. We
consider the results of external and internal audits of our risk detection and monitoring systems and implement modifications as necessary.
We also implement third-party risk management processes to identify, assess and monitor material risks from cybersecurity threats associated with key services providers that have access to our information technology systems or our confidential, proprietary, personal or otherwise critical information based on our assessment of the potential impact to our operations and respective risk profile.
We have established and seek to continuously improve effective information security governance. We apply a risk-based approach in line with our overall risk management framework to address potential gaps in security controls. The processes of our cybersecurity risk management program are aligned to ISO 27001:2022, an international standard for information security management.
As of the date of this Annual Report on Form 20-F, we have not experienced any cybersecurity incidents or risks from cybersecurity threats that have materially affected, or are currently viewed as reasonably likely to materially affect, us, our business strategy, results of operations, or financial condition. However, the scope and impact of any future cybersecurity threats cannot be predicted and there can be no assurance that our cybersecurity risk management program will be effective in preventing material cybersecurity threats in the future. For a description of the risks from cybersecurity threats that may materially affect us, including our results of operations and financial condition, see “Item 1. Key Information—D. Risk Factors—Risks related to our industry, business and operations—We or our CROs, contractors, consultants, or other third parties may suffer system failures, security breaches, or other incidents which may have a material adverse impact to our operations and financial position, which could result in material disruption of our product development programs and adversely impact our business, financial condition or results of operations.
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block]
|As of the date of this Annual Report on Form 20-F, we have not experienced any cybersecurity incidents or risks from cybersecurity threats that have materially affected, or are currently viewed as reasonably likely to materially affect, us, our business strategy, results of operations, or financial condition.
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Governance
Our board of directors is responsible for overseeing cybersecurity risk as part of its enterprise risk oversight function and has delegated to the Audit Committee oversight of cybersecurity and other information technology risks. The Audit Committee oversees management’s implementation of our cybersecurity risk management program. Our board of directors receives periodic reports regarding operational, financial, strategic, regulatory and other risks to the Company, including risks and exposures associated with cybersecurity, information security and privacy matters and the steps management has taken to monitor and control such exposures. The Audit Committee and our board of directors receive biannual reports from our Chief Executive Officer regarding management’s plans to monitor and address cybersecurity risks and results from our internal audit function and third-party service-providers on their evaluation of the effectiveness of our cybersecurity risk management program.
Our cybersecurity management team, led by our head of information technology, is responsible for the day-to-day activities of our information technology systems and implementing our cybersecurity risk management program, assessing and managing our material risks from cybersecurity threats and supervising both our internal cybersecurity personnel and our external cybersecurity consultants. Our cybersecurity management team is informed about and monitors cybersecurity risks and incidents through various means, which may include briefings from internal security personnel, threat intelligence and other information obtained from governmental, public or private sources, including external consultants engaged by us, and alerts and reports produced by security tools deployed in the information technology environment. Our head of information technology has more than 10 years of experience in cybersecurity leadership, directing enterprise security strategies, managing cross-functional teams, and overseeing compliance with frameworks such as ISO27001. In addition, she performs risk assessments, security related policy development, and incident response coordination, ensuring alignment with business objectives. She has also implemented advanced security architectures including endpoint/virtual desktop infrastructure security, network security, data security, email security, and others and led audits for information technology security compliance as well as fostering a security-first culture through staff training and threat simulations. Based on ongoing communications with our cybersecurity management team and internal and external cybersecurity personnel, our head of information technology provides updates to our Chief Executive Officer as to our overall security controls, policies and operations and our Chief Executive Officer informs the Audit Committee and the board of directors regarding the effectiveness of our cybersecurity risk management program, associated risks and steps taken to reduce our vulnerability and mitigate impacts associated with cybersecurity threats.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Audit Committee oversees management’s implementation of our cybersecurity risk management program.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|Our cybersecurity management team is informed about and monitors cybersecurity risks and incidents through various means, which may include briefings from internal security personnel, threat intelligence and other information obtained from governmental, public or private sources, including external consultants engaged by us, and alerts and reports produced by security tools deployed in the information technology environment.
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef