|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|At Psychemedics, the Vice President of Information Technology also serves in a dual capacity as the Chief Information Security Officer (VPIT & CISO) overseeing our information security program. The VPIT & CISO’s team is tasked with the development and implementation of cybersecurity strategy, policy, standards, architecture, and processes. Our cybersecurity program is aligned with industry standards and best practices, such as the CIS Critical Security Controls (“CIS 18”) Implementation Group 1 (“IG1”) guidelines. We maintain an incident response and recovery plan, including measures for responding to and recovering from cybersecurity incidents. To minimize the threat surface, we strategically limit the use of third-party service providers with access to personal, confidential, or proprietary information. Also, we evaluate these providers and take steps to help mitigate risks associated with their use and minimize the potential for supply chain attacks. Employing a risk-based approach, we are committed to continuously reassessing our cybersecurity posture and improving our defenses in response to evolving and emerging threats. While we have not experienced any known material incident in the past year, we acknowledge that we have limited resources dedicated to identifying and mitigating cybersecurity risks and that an information security plan is not infallible.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block]
|At Psychemedics, the Vice President of Information Technology also serves in a dual capacity as the Chief Information Security Officer (VPIT & CISO) overseeing our information security program. The VPIT & CISO’s team is tasked with the development and implementation of cybersecurity strategy, policy, standards, architecture, and processes. Our cybersecurity program is aligned with industry standards and best practices, such as the CIS Critical Security Controls (“CIS 18”) Implementation Group 1 (“IG1”) guidelines. We maintain an incident response and recovery plan, including measures for responding to and recovering from cybersecurity incidents. To minimize the threat surface, we strategically limit the use of third-party service providers with access to personal, confidential, or proprietary information. Also, we evaluate these providers and take steps to help mitigate risks associated with their use and minimize the potential for supply chain attacks. Employing a risk-based approach, we are committed to continuously reassessing our cybersecurity posture and improving our defenses in response to evolving and emerging threats. While we have not experienced any known material incident in the past year, we acknowledge that we have limited resources dedicated to identifying and mitigating cybersecurity risks and that an information security plan is not infallible.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|At Psychemedics, the Vice President of Information Technology also serves in a dual capacity as the Chief Information Security Officer (VPIT & CISO) overseeing our information security program. The VPIT & CISO’s team is tasked with the development and implementation of cybersecurity strategy, policy, standards, architecture, and processes. Our cybersecurity program is aligned with industry standards and best practices, such as the CIS Critical Security Controls (“CIS 18”) Implementation Group 1 (“IG1”) guidelines. We maintain an incident response and recovery plan, including measures for responding to and recovering from cybersecurity incidents. To minimize the threat surface, we strategically limit the use of third-party service providers with access to personal, confidential, or proprietary information. Also, we evaluate these providers and take steps to help mitigate risks associated with their use and minimize the potential for supply chain attacks. Employing a risk-based approach, we are committed to continuously reassessing our cybersecurity posture and improving our defenses in response to evolving and emerging threats. While we have not experienced any known material incident in the past year, we acknowledge that we have limited resources dedicated to identifying and mitigating cybersecurity risks and that an information security plan is not infallible.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|At least twice each calendar year, the VPIT & CISO will report on the health and status of our information security program to our Board of Directors, or a committee thereof, as well as to our Chief Executive Officer and other members of our senior management as appropriate. These reports typically include a high-level overview of current and emerging cybersecurity risks; an assessment of the organization’s overall security posture; incident reports; an update on our compliance with relevant cybersecurity laws, regulations, and standards; an overview of ongoing and planned initiatives to strengthen the organization’s cybersecurity defenses; and strategic recommendations.
|Cybersecurity Risk Role of Management [Text Block]
|At least twice each calendar year, the VPIT & CISO will report on the health and status of our information security program to our Board of Directors, or a committee thereof, as well as to our Chief Executive Officer and other members of our senior management as appropriate. These reports typically include a high-level overview of current and emerging cybersecurity risks; an assessment of the organization’s overall security posture; incident reports; an update on our compliance with relevant cybersecurity laws, regulations, and standards; an overview of ongoing and planned initiatives to strengthen the organization’s cybersecurity defenses; and strategic recommendations.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|At least twice each calendar year, the VPIT & CISO will report on the health and status of our information security program to our Board of Directors, or a committee thereof, as well as to our Chief Executive Officer and other members of our senior management as appropriate. These reports typically include a high-level overview of current and emerging cybersecurity risks; an assessment of the organization’s overall security posture; incident reports; an update on our compliance with relevant cybersecurity laws, regulations, and standards; an overview of ongoing and planned initiatives to strengthen the organization’s cybersecurity defenses; and strategic recommendations.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|At least twice each calendar year, the VPIT & CISO will report on the health and status of our information security program to our Board of Directors, or a committee thereof, as well as to our Chief Executive Officer and other members of our senior management as appropriate. These reports typically include a high-level overview of current and emerging cybersecurity risks; an assessment of the organization’s overall security posture; incident reports; an update on our compliance with relevant cybersecurity laws, regulations, and standards; an overview of ongoing and planned initiatives to strengthen the organization’s cybersecurity defenses; and strategic recommendations.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|At least twice each calendar year, the VPIT & CISO will report on the health and status of our information security program to our Board of Directors, or a committee thereof, as well as to our Chief Executive Officer and other members of our senior management as appropriate. These reports typically include a high-level overview of current and emerging cybersecurity risks; an assessment of the organization’s overall security posture; incident reports; an update on our compliance with relevant cybersecurity laws, regulations, and standards; an overview of ongoing and planned initiatives to strengthen the organization’s cybersecurity defenses; and strategic recommendations.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef