|
Cybersecurity Risk Management, Strategy, and Governance
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Item 1C. Cybersecurity
We recognize the importance of safeguarding the security of our computer systems, software, networks, and other technology assets. Our security efforts are aimed at preserving the confidentiality, integrity, and continued availability of information under our ownership or care with the aim to continually improve security features in order to keep pace with the evolving cybersecurity threat landscape.
Overview of Cybersecurity Risk Management and Strategy
Based on our business model, we rely on the outsourcing of certain key business functions, including laboratory work, clinical research, and the manufacturing and distribution of our product. We utilize the vetted processes and procedures of these partners and ensure proper cybersecurity and risk mitigation strategies are in place and functioning, which is accessed through our Vendor Risk Assessment process prior to engaging with our partners. Our cybersecurity risk identification, assessment and management response process is a critical part of our overall enterprise risk management, or ERM, program. Within our ERM framework, we adhere to our Global Information Technology Policy, or IT Policy, among a host of other policies and procedures aimed at providing guidelines and standards to ensure the security, integrity, reliability and recoverability of our systems and infrastructure.
We employ and manage various third-party partnerships to help protect us from cybersecurity threats. These organizations provide services such as penetration testing, security assessments, as well as 24 hours per day monitoring, alerting and response, including incident responses, all of which adhere to our overall ERM framework. Our partners evaluate and rank our cybersecurity maturity and coverage as part of their services and keep us informed of emerging global threats. Our digital infrastructure undergoes both internal and external audits as part of our Sarbanes-Oxley audit process and is designed to address the requirements of applicable information security standards and an evolving cyber landscape.
Board Oversight of Risks from Cybersecurity Threats
Our Board of Directors has delegated to the Audit Committee oversight of risks from cybersecurity threats. The management team provides quarterly reports to the Audit Committee which cover cybersecurity and other information technology-related risks, based on our ERM framework. These quarterly updates keep the Audit Committee apprised of our ongoing cybersecurity enhancements and any emerging global threats. The Audit Committee keeps the remaining Board of Directors apprised of material risks from cybersecurity threats. The Board and management have made cybersecurity education and training a part of our overall corporate objectives, setting the tone for the organization about the importance of cybersecurity.
Management’s Role in Assessing and Managing Material Risks from Cybersecurity Threats
Our Information Technology and Security team is responsible for the management, maintenance, monitoring and response of our critical internal digital assets. This team is led by our Senior Director of Global Information Technology and Security, who has 25 years of cyber and Enterprise IT management experience. This position monitors current cyber risk trends, engages with third party cyber security experts, and meets with the Infrastructure and Security team regularly to stay apprised of internal cyber risks.
Our internal cybersecurity testing and reporting processes allow us to rank our overall risk on a periodic basis so as to enable us to identify and respond to internal risk trends. Further, we follow escalation procedures to support the communication of cyber-related events.
As of the date of this report, we do not believe that cybersecurity threats, including as a result of any previous cybersecurity incidents, have materially affected or are reasonably likely to affect the Company, including our business strategy, results of operations or financial condition for the reporting period covered by this report. For information regarding cybersecurity risks, see our discussion above in Item 1A. Risk Factors - Risks Related to Our Business - Our internal computer systems, or those of our third party
clinical research organizations or other contractors or consultants, may fail or suffer security breaches, which could result in a material disruption of our commercial, research and development and other programs.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|Our cybersecurity risk identification, assessment and management response process is a critical part of our overall enterprise risk management, or ERM, program. Within our ERM framework, we adhere to our Global Information Technology Policy, or IT Policy, among a host of other policies and procedures aimed at providing guidelines and standards to ensure the security, integrity, reliability and recoverability of our systems and infrastructure.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Board Oversight of Risks from Cybersecurity Threats
Our Board of Directors has delegated to the Audit Committee oversight of risks from cybersecurity threats. The management team provides quarterly reports to the Audit Committee which cover cybersecurity and other information technology-related risks, based on our ERM framework. These quarterly updates keep the Audit Committee apprised of our ongoing cybersecurity enhancements and any emerging global threats. The Audit Committee keeps the remaining Board of Directors apprised of material risks from cybersecurity threats. The Board and management have made cybersecurity education and training a part of our overall corporate objectives, setting the tone for the organization about the importance of cybersecurity.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Our Board of Directors has delegated to the Audit Committee oversight of risks from cybersecurity threats. The management team provides quarterly reports to the Audit Committee which cover cybersecurity and other information technology-related risks, based on our ERM framework
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The management team provides quarterly reports to the Audit Committee which cover cybersecurity and other information technology-related risks, based on our ERM framework. These quarterly updates keep the Audit Committee apprised of our ongoing cybersecurity enhancements and any emerging global threats.
|Cybersecurity Risk Role of Management [Text Block]
|
Our Information Technology and Security team is responsible for the management, maintenance, monitoring and response of our critical internal digital assets. This team is led by our Senior Director of Global Information Technology and Security, who has 25 years of cyber and Enterprise IT management experience. This position monitors current cyber risk trends, engages with third party cyber security experts, and meets with the Infrastructure and Security team regularly to stay apprised of internal cyber risks.
Our internal cybersecurity testing and reporting processes allow us to rank our overall risk on a periodic basis so as to enable us to identify and respond to internal risk trends. Further, we follow escalation procedures to support the communication of cyber-related events.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|Our Information Technology and Security team is responsible for the management, maintenance, monitoring and response of our critical internal digital assets. This team is led by our Senior Director of Global Information Technology and Security, who has 25 years of cyber and Enterprise IT management experience.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|This team is led by our Senior Director of Global Information Technology and Security, who has 25 years of cyber and Enterprise IT management experience. This position monitors current cyber risk trends, engages with third party cyber security experts, and meets with the Infrastructure and Security team regularly to stay apprised of internal cyber risks.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|
Our internal cybersecurity testing and reporting processes allow us to rank our overall risk on a periodic basis so as to enable us to identify and respond to internal risk trends. Further, we follow escalation procedures to support the communication of cyber-related events.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef