Cybersecurity Risk Management and Strategy Disclosure |
12 Months Ended |
|---|---|
Dec. 31, 2025 | |
| Cybersecurity Risk Management, Strategy, and Governance [Line Items] | |
| Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] | Risk Management and Strategy We use, store, and process data related to research programs, clinical trials, intellectual property, employees and third-party partners. We have developed and maintain an information security program designed to assess, identify, and manage risks from cybersecurity threats. As part of this program, we conduct periodic assessments of our assets to evaluate the effectiveness of applicable security controls. These assessments are informed by industry standard frameworks and include a review of our information security controls to assess cybersecurity maturity compared to our peers and other security awareness trainings. We engage security technology vendors to assist with detecting potential threats to our information assets. In addition, we have implemented a cybersecurity third-party risk management process to assess mission and business critical third-party vendors for cyber risks and to assist the business in making risk-informed technology product and services decisions. Our practice is to perform due diligence, including the completion of security questionnaires and risk assessments, as appropriate, on third-parties who maintain material data or information to help us evaluate and verify third-party information security capabilities. Our process is designed to detect and respond to cybersecurity incidents that may represent a threat to the confidentiality, integrity or availability of our information assets is based on industry standards and best practices of peer companies. Our technology, procedures and key vendors with security responsibilities are designed to help contain, eradicate and recover from cybersecurity incidents in a timely manner. Senior management is informed about incidents that may have a significant impact on the business. Cybersecurity risks are reviewed by management through cross-functional collaboration among IT, Legal and Finance, with oversight by the Audit Committee. We have not identified risks from known cybersecurity threats or past incidents that have materially affected or are reasonably likely to materially affect us. For a description of the risks from cybersecurity threats that may materially affect the Company and how they may do so, see our risk factors under Part 1. Item 1A. “Risk Factors” in this Annual Report. |
| Cybersecurity Risk Management Processes Integrated [Flag] | true |
| Cybersecurity Risk Management Processes Integrated [Text Block] | We use, store, and process data related to research programs, clinical trials, intellectual property, employees and third-party partners. We have developed and maintain an information security program designed to assess, identify, and manage risks from cybersecurity threats. As part of this program, we conduct periodic assessments of our assets to evaluate the effectiveness of applicable security controls. These assessments are informed by industry standard frameworks and include a review of our information security controls to assess cybersecurity maturity compared to our peers and other security awareness trainings. We engage security technology vendors to assist with detecting potential threats to our information assets. In addition, we have implemented a cybersecurity third-party risk management process to assess mission and business critical third-party vendors for cyber risks and to assist the business in making risk-informed technology product and services decisions. Our practice is to perform due diligence, including the completion of security questionnaires and risk assessments, as appropriate, on third-parties who maintain material data or information to help us evaluate and verify third-party information security capabilities. Our process is designed to detect and respond to cybersecurity incidents that may represent a threat to the confidentiality, integrity or availability of our information assets is based on industry standards and best practices of peer companies. Our technology, procedures and key vendors with security responsibilities are designed to help contain, eradicate and recover from cybersecurity incidents in a timely manner. Senior management is informed about incidents that may have a significant impact on the business. Cybersecurity risks are reviewed by management through cross-functional collaboration among IT, Legal and Finance, with oversight by the Audit Committee. We have not identified risks from known cybersecurity threats or past incidents that have materially affected or are reasonably likely to materially affect us. |
| Cybersecurity Risk Management Third Party Engaged [Flag] | true |
| Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] | true |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] | false |
| Cybersecurity Risk Board of Directors Oversight [Text Block] | our Board of Directors, as a whole and through committees, has responsibility for the oversight of risk management, including risks from cybersecurity threats. Our Audit Committee has specific oversight of risk management, including risks from cybersecurity threats. |
| Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] | Audit Committee |
| Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] | The Head of IT provides periodic cybersecurity updates to the Audit Committee and our Board of Directors on at least an annual basis. Our incident response process contemplates that the executive team will notify the Audit Committee of our Board of Directors of any material cybersecurity incident. |
| Cybersecurity Risk Role of Management [Text Block] | Management is responsible for the day-to-day management of risks we face,Our Head of IT is responsible for developing, implementing, and maintaining our cybersecurity risk management policies and procedures. The Head of IT, reporting to our Chief Human Resources Officer, has over thirty years of experience in cybersecurity, information security, data protection, privacy, regulatory compliance and risk management within complex and international pharmaceutical and biotech companies. The Head of IT provides periodic cybersecurity updates to the Audit Committee and our Board of Directors on at least an annual basis. Our incident response process contemplates that the executive team will notify the Audit Committee of our Board of Directors of any material cybersecurity incident. |
| Cybersecurity Risk Management Positions or Committees Responsible [Flag] | true |
| Cybersecurity Risk Management Positions or Committees Responsible [Text Block] | Head of IT |
| Cybersecurity Risk Management Expertise of Management Responsible [Text Block] | Head of IT, reporting to our Chief Human Resources Officer, has over thirty years of experience in cybersecurity, information security, data protection, privacy, regulatory compliance and risk management within complex and international pharmaceutical and biotech companies. |
| Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] | The Head of IT provides periodic cybersecurity updates to the Audit Committee and our Board of Directors on at least an annual basis. Our incident response process contemplates that the executive team will notify the Audit Committee of our Board of Directors of any material cybersecurity incident. |
| Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] | true |