XML 33 R7.htm IDEA: XBRL DOCUMENT v3.25.1
Cybersecurity Risk Management, Strategy and Governance
 12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Cyber Risk Management and Strategy

We have implemented and maintain various information security processes designed to manage cybersecurity risks relating to our critical computer networks, third party hosted services, communications systems, hardware and software, and our critical data, including intellectual property, confidential information that is proprietary, strategic or competitive in nature, and data related to our clinical trials and products (Information Systems and Data).

Our Director of Information Technology, assisted by our managed information technology service provider and other third party service providers, leads the Company’s cybersecurity risk management processes. This group works to identify and assess risks from cybersecurity threats by monitoring and evaluating our threat environment and the Company’s risk profile using various methods in certain contexts, including, manual tools, subscribing to reports and services that identify cybersecurity threats, analyzing threat intelligence reports and feeds, conducting scans of certain environments, and other tests.

We implement and maintain various technical, physical, and organizational measures, processes, standards and policies designed to manage risks from cybersecurity threats to our Information Systems and Data, as applicable depending on the environment, including incident detection and response, disaster recovery/business continuity policies, network security controls and data segmentation, access controls, physical security, asset management and tracking, systems monitoring, and employee training.

Our assessment and management of risks from cybersecurity threats are part of the Company’s overall risk management processes. Our Director of Information Technology works with management to prioritize our risk management processes and mitigate cybersecurity threats that are more likely to lead to a material impact to our business.

We use third-party service providers to assist us to identify, assess, and manage risks from cybersecurity threats. These third-party service providers may include threat intelligence service providers, cybersecurity consultants, cybersecurity software providers, managed cybersecurity service providers, and dark web monitoring services.

We also have established a process to conduct diligence on certain third parties before engaging with those third parties, such as those that support our GxP processes, which may include a security assessment.

We have not identified any cybersecurity incidents or threats that have materially affected us or are reasonably likely to materially affect us, including our business strategy, results of operations or financial condition; however, like other companies in our industry, we and our third-party vendors may, from time to time, experience threats and security incidents relating to our and our third-party vendors’ information systems and infrastructure. For more information, please see our risk factors under Part 1 Item 1A. Risk Factors.

Governance

Our board of directors holds oversight responsibility over the Company’s cybersecurity risk management as part of its general oversight function. The audit committee of the board of directors is responsible for overseeing the Company’s cybersecurity risk management processes, including oversight of the Company’s processes for monitoring and controlling cybersecurity risks.

Our cybersecurity risk assessment and management processes are implemented and maintained by certain Company management, including our Director of Information Technology, who has over 10 years of information technology management experience.

The Director of Information Technology, along with management, is responsible for helping to integrate cybersecurity risk considerations into the Company’s overall risk management strategy and communicating key priorities to relevant personnel. Management is responsible for approving budgets, helping prepare for cybersecurity incidents, approving cybersecurity processes, and reviewing security-related reports.

We have processes designed to escalate certain cybersecurity incidents to members of management depending on the circumstances, including our Vice President Legal and Compliance, Vice President Finance and Administration, Vice President - Controller, Chief Financial Officer and Director of Information Technology. In addition, the Company’s incident response policy includes a process for reporting to the audit committee of the board of directors for certain cybersecurity incidents.

The audit committee receives reports from members of the Company’s management concerning the Company’s significant cybersecurity threats and risk and the processes the Company has implemented to address them, as applicable.

Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block]

Governance

Our board of directors holds oversight responsibility over the Company’s cybersecurity risk management as part of its general oversight function. The audit committee of the board of directors is responsible for overseeing the Company’s cybersecurity risk management processes, including oversight of the Company’s processes for monitoring and controlling cybersecurity risks.

Our cybersecurity risk assessment and management processes are implemented and maintained by certain Company management, including our Director of Information Technology, who has over 10 years of information technology management experience.

The Director of Information Technology, along with management, is responsible for helping to integrate cybersecurity risk considerations into the Company’s overall risk management strategy and communicating key priorities to relevant personnel. Management is responsible for approving budgets, helping prepare for cybersecurity incidents, approving cybersecurity processes, and reviewing security-related reports.

We have processes designed to escalate certain cybersecurity incidents to members of management depending on the circumstances, including our Vice President Legal and Compliance, Vice President Finance and Administration, Vice President - Controller, Chief Financial Officer and Director of Information Technology. In addition, the Company’s incident response policy includes a process for reporting to the audit committee of the board of directors for certain cybersecurity incidents.

The audit committee receives reports from members of the Company’s management concerning the Company’s significant cybersecurity threats and risk and the processes the Company has implemented to address them, as applicable.

Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] The audit committee of the board of directors is responsible for overseeing the Company’s cybersecurity risk management processes, including oversight of the Company’s processes for monitoring and controlling cybersecurity risks.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] Our board of directors holds oversight responsibility over the Company’s cybersecurity risk management as part of its general oversight function. The audit committee of the board of directors is responsible for overseeing the Company’s cybersecurity risk management processes, including oversight of the Company’s processes for monitoring and controlling cybersecurity risks.
Cybersecurity Risk Role of Management [Text Block]

Our cybersecurity risk assessment and management processes are implemented and maintained by certain Company management, including our Director of Information Technology, who has over 10 years of information technology management experience.

The Director of Information Technology, along with management, is responsible for helping to integrate cybersecurity risk considerations into the Company’s overall risk management strategy and communicating key priorities to relevant personnel. Management is responsible for approving budgets, helping prepare for cybersecurity incidents, approving cybersecurity processes, and reviewing security-related reports.

Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] Our cybersecurity risk assessment and management processes are implemented and maintained by certain Company management, including our Director of Information Technology
Cybersecurity Risk Management Expertise of Management Responsible [Text Block]

Our cybersecurity risk assessment and management processes are implemented and maintained by certain Company management, including our Director of Information Technology, who has over 10 years of information technology management experience.

Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]

We have processes designed to escalate certain cybersecurity incidents to members of management depending on the circumstances, including our Vice President Legal and Compliance, Vice President Finance and Administration, Vice President - Controller, Chief Financial Officer and Director of Information Technology. In addition, the Company’s incident response policy includes a process for reporting to the audit committee of the board of directors for certain cybersecurity incidents.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true