XML 30 R9.htm IDEA: XBRL DOCUMENT v3.25.1
Cybersecurity Risk Management, Strategy, and Governance
 12 Months Ended
Mar. 31, 2025
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Item 1C. Cybersecurity

We believe cybersecurity is critical to advancing our technological advancements. As a pharmaceutical and biotechnology services company, we face a multitude of cybersecurity threats that include attacks common in most industries, such as ransomware and denial-of service. Our customers, suppliers, subcontractors, and business partners face similar cybersecurity threats, and a cybersecurity incident impacting us or any of these entities could materially adversely affect our operations, performance, and results of operations. These cybersecurity threats and related risks make it imperative that we expend resources on cybersecurity.

 

Assessing, identifying, and managing cybersecurity related risks are factored into our overall business approach. We have implemented a governance structure and processes to assess, identify, manage, and report cybersecurity risks and have developed our own practices and framework, which we believe enhance our ability to identify and manage cybersecurity risks. Our Audit Committee oversees management’s processes for identifying and mitigating risks, including cybersecurity risks, to help align our risk exposure with our strategic objectives. The IT Risk Committee and our cybersecurity consultant, which has extensive information technology and program management experience, regularly brief the Audit Committee on our cybersecurity and information security posture and the Audit Committee is apprised of any cybersecurity incidents deemed to have a moderate or higher business impact, even if immaterial to us. The Audit Committee retains oversight of cybersecurity because of its importance. In the event of any incident, we intend to follow our detailed incident response playbook, which outlines the steps to be followed from incident detection to mitigation, recovery, and notification, including notifying functional areas (e.g., legal), as well as senior leadership and the Audit Committee, as appropriate.

 

Additionally, we must also comply with extensive regulations, including requirements imposed by the FDA related to adequately safeguarding patient information. We work with our cybersecurity consultant on assessing cybersecurity risk and on policies and practices aimed at mitigating these risks. Third parties also play a role in our cybersecurity. We engage third-party services to conduct evaluations of our security controls, whether through penetration testing, independent audits, or consulting on best practices to address new challenges.

 

We rely heavily on our supply chain to deliver our products and services, and a cybersecurity incident at a supplier, subcontractor or business partner could materially adversely impact us. We will require that our subcontractors report cybersecurity incidents to us so that we can assess the impact of the incident on us.

 

Notwithstanding the extensive approach we take to cybersecurity, we may not be successful in preventing or mitigating a cybersecurity incident that could have a material adverse effect on us. See “Risk Factors” for a discussion of cybersecurity risks, including, without limitation, the risk factor under the heading “We may be subject to security breaches or other cybersecurity incidents that could compromise our information and expose us to liability”. Except as set forth therein, risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, have not materially affected and are not reasonably likely to materially affect our Company, including our business strategy, results of operations, or financial condition.
Cybersecurity Risk Management Third Party Engaged [Flag] false
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] false
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block] Except as set forth therein, risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, have not materially affected and are not reasonably likely to materially affect our Company, including our business strategy, results of operations, or financial condition.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] The Audit Committee retains oversight of cybersecurity because of its importance.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] Our customers, suppliers, subcontractors, and business partners face similar cybersecurity threats, and a cybersecurity incident impacting us or any of these entities could materially adversely affect our operations, performance, and results of operations. These cybersecurity threats and related risks make it imperative that we expend resources on cybersecurity.
Cybersecurity Risk Role of Management [Text Block] Assessing, identifying, and managing cybersecurity related risks are factored into our overall business approach.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] Our Audit Committee oversees management’s processes for identifying and mitigating risks, including cybersecurity risks, to help align our risk exposure with our strategic objectives.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] false