XML 54 R31.htm IDEA: XBRL DOCUMENT v3.25.0.1
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Risk Management and Strategy

We identify and assess material risks from cybersecurity threats to our information systems and the information residing in our information systems by monitoring and evaluating our threat environment on an ongoing basis using various methods including, for example, using manual and automated tools, subscribing to reports and services that identify cybersecurity threats, analyzing reports of threats and threat actors, conducting scans of the threat environment, and conducting risk assessments.

We manage material risks from cybersecurity threats to our information systems and the information residing in our information systems through various processes and procedures, including, depending on the environment, risk assessments, incident detection and response, vulnerability management, disaster recovery and business continuity plans, internal controls within our accounting and financial reporting functions, encryption of data, network security controls, access controls, physical security, asset management, systems monitoring, and employee training.  We engage third-party service providers to provide some of the resources used in our information systems and some third-party service providers have access to information residing in our information systems.  With respect to such third parties, we seek to engage reliable, reputable service providers that maintain cybersecurity programs. Depending on the nature and extent of the services provided, the sensitivity and quantity of information processed, and the identity of the service provider, our processes may include conducting due diligence on the cybersecurity practices of such provider and contractually imposing cybersecurity related obligations on the provider.  

We also engage third parties to assist with cybersecurity risk assessments, incident detection and response, vulnerability management, systems monitoring, and employee training.  

We are not aware of any risks from cybersecurity threats, including as a result of any cybersecurity incidents, which have materially affected or are reasonably likely to materially affect Cryoport, including our business strategy, results of operations, or financial condition.  Refer to “Part I, Item 1A—Risk Factors—Risks Related to Our Technology and Intellectual Property—Cyberattacks, data incidents and breaches in the security of our information systems and networks and of the electronic and confidential information in our possession could materially adversely impact our business, financial condition and results of operations, in addition to our reputation and relationships with our employees, customers, suppliers and business partners” in this Form 10-K for additional discussion about cybersecurity-related risks.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block] We manage material risks from cybersecurity threats to our information systems and the information residing in our information systems through various processes and procedures, including, depending on the environment, risk assessments, incident detection and response, vulnerability management, disaster recovery and business continuity plans, internal controls within our accounting and financial reporting functions, encryption of data, network security controls, access controls, physical security, asset management, systems monitoring, and employee training.  We engage third-party service providers to provide some of the resources used in our information systems and some third-party service providers have access to information residing in our information systems.  With respect to such third parties, we seek to engage reliable, reputable service providers that maintain cybersecurity programs. Depending on the nature and extent of the services provided, the sensitivity and quantity of information processed, and the identity of the service provider, our processes may include conducting due diligence on the cybersecurity practices of such provider and contractually imposing cybersecurity related obligations on the provider.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block] Our board of directors holds oversight responsibility over Cryoport’s risk management and strategy, including material risks related to cybersecurity threats. This oversight is executed directly by our board of directors and through its audit committee. Our audit committee oversees the management of Cryoport’s major financial risk exposures, the steps management has taken to monitor and control such exposures, and the process by which risk assessment and management is undertaken and handled, which would include cybersecurity risks, in accordance with its charter. The audit committee holds quarterly meetings and receives periodic reports from management regarding risk management, including major financial risk exposures from cybersecurity threats or incidents.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] board of directors and through its audit committee
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] The audit committee holds quarterly meetings and receives periodic reports from management regarding risk management, including major financial risk exposures from cybersecurity threats or incidents.
Cybersecurity Risk Role of Management [Text Block]

Our board of directors holds oversight responsibility over Cryoport’s risk management and strategy, including material risks related to cybersecurity threats. This oversight is executed directly by our board of directors and through its audit committee. Our audit committee oversees the management of Cryoport’s major financial risk exposures, the steps management has taken to monitor and control such exposures, and the process by which risk assessment and management is undertaken and handled, which would include cybersecurity risks, in accordance with its charter. The audit committee holds quarterly meetings and receives periodic reports from management regarding risk management, including major financial risk exposures from cybersecurity threats or incidents.

Within management, our Chief Information Security Officer is primarily responsible for assessing and managing our material risks from cybersecurity threats and keep the senior executive officers informed on a regular basis of the identification, assessment, and management of cybersecurity risks and of any cybersecurity incidents. Our Chief Information Security Officer is supported by the Chief Information Officer or Information Technology Director, as applicable, of our business units with respect to the assessment and management of our material risks from cybersecurity risks on a day-to-day basis. Such management personnel have prior experience and training in managing information systems and cybersecurity matters and participate in ongoing training programs.

Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] Within management, our Chief Information Security Officer is primarily responsible for assessing and managing our material risks from cybersecurity threats and keep the senior executive officers informed on a regular basis of the identification, assessment, and management of cybersecurity risks and of any cybersecurity incidents. Our Chief Information Security Officer is supported by the Chief Information Officer or Information Technology Director, as applicable, of our business units with respect to the assessment and management of our material risks from cybersecurity risks on a day-to-day basis
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] Such management personnel have prior experience and training in managing information systems and cybersecurity matters and participate in ongoing training programs.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] our Chief Information Security Officer is primarily responsible for assessing and managing our material risks from cybersecurity threats and keep the senior executive officers informed on a regular basis of the identification, assessment, and management of cybersecurity risks and of any cybersecurity incidents.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true