Cybersecurity Risk Management, Strategy, and Governance |
12 Months Ended |
|---|---|
Dec. 31, 2025 | |
| Cybersecurity Risk Management, Strategy, and Governance [Line Items] | |
| Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] | Item 1C. Cybersecurity.
Cyber Risk Management and Strategy
We recognize the importance of assessing, identifying, and managing risks from cybersecurity threats. We have implemented a cybersecurity risk management program scoped in accordance with our risk profile and our financial condition. This program is informed by and incorporates elements of recognized industry standards. Our cybersecurity risk management strategy has historically been guided by both internal cybersecurity risk assessments and third-party information security audits. We have historically leveraged the support of third-party information technology and security providers as part of our cybersecurity risk management program, including for penetration testing. Further, we have adopted written information security policies and procedures, including an incident response plan, which is designed to establish our processes for identifying, responding to, and recovering from cybersecurity incidents. We have also historically implemented a process to assess and review the cybersecurity practices of certain third-party vendors and service providers, including through the use of vendor security questionnaires. Additionally, the Company’s employees have gone through cybersecurity awareness training covering topics such as general cybersecurity best practices, phishing, data protection, password protection, and network security. We have not identified any cybersecurity incidents or threats that have materially affected us or are reasonably likely to materially affect us, including our business strategy, results of operations or financial condition. However, like other companies in our industry, we and our third-party vendors may, from time to time, experience threats and security incidents that could affect our information or systems. For more information, please see the section entitled "Risk Factors".
Governance Related to Cybersecurity Risks
Our cybersecurity risk management program has historically been managed by our Information Security Management Committee (the “InfoSec Committee”). The InfoSec Committee has historically been made up of a cross-disciplinary team, including the Company’s then Chief Information Security Officer (CISO), Chief Legal Officer, VP of People, and senior members from the Company’s R&D & Engineering, Global Marketing, and Medical Affairs teams. The InfoSec Committee met on a monthly basis to provide oversight of the Company's information security management system ("ISMS"), review the performance and effectiveness of the ISMS, and review and discuss the direction of the Company’s cybersecurity program, among other responsibilities. The committee also historically performed an annual audit to ensure Allurion's ISMS is effectively implemented and maintained. Our CISO was responsible for the day-to-day oversight of the assessment and management of our information security program and cybersecurity risks.
The Board also engages in oversight of cybersecurity risks. With the input of the InfoSec Committee, our CISO may provide periodic updates to the Board on matters related to cybersecurity as needed. |
| Cybersecurity Risk Management Third Party Engaged [Flag] | true |
| Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] | true |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] | false |
| Cybersecurity Risk Board of Directors Oversight [Text Block] | Governance Related to Cybersecurity Risks
Our cybersecurity risk management program has historically been managed by our Information Security Management Committee (the “InfoSec Committee”). The InfoSec Committee has historically been made up of a cross-disciplinary team, including the Company’s then Chief Information Security Officer (CISO), Chief Legal Officer, VP of People, and senior members from the Company’s R&D & Engineering, Global Marketing, and Medical Affairs teams. The InfoSec Committee met on a monthly basis to provide oversight of the Company's information security management system ("ISMS"), review the performance and effectiveness of the ISMS, and review and discuss the direction of the Company’s cybersecurity program, among other responsibilities. The committee also historically performed an annual audit to ensure Allurion's ISMS is effectively implemented and maintained. Our CISO was responsible for the day-to-day oversight of the assessment and management of our information security program and cybersecurity risks.
The Board also engages in oversight of cybersecurity risks. With the input of the InfoSec Committee, our CISO may provide periodic updates to the Board on matters related to cybersecurity as needed. |
| Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] | Our cybersecurity risk management program has historically been managed by our Information Security Management Committee (the “InfoSec Committee”). The InfoSec Committee has historically been made up of a cross-disciplinary team, including the Company’s then Chief Information Security Officer (CISO), Chief Legal Officer, VP of People, and senior members from the Company’s R&D & Engineering, Global Marketing, and Medical Affairs teams. |
| Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] | The InfoSec Committee met on a monthly basis to provide oversight of the Company's information security management system ("ISMS"), review the performance and effectiveness of the ISMS, and review and discuss the direction of the Company’s cybersecurity program, among other responsibilities. |
| Cybersecurity Risk Role of Management [Text Block] | Our CISO was responsible for the day-to-day oversight of the assessment and management of our information security program and cybersecurity risks.
The Board also engages in oversight of cybersecurity risks. With the input of the InfoSec Committee, our CISO may provide periodic updates to the Board on matters related to cybersecurity as needed. |
| Cybersecurity Risk Management Positions or Committees Responsible [Flag] | true |
| Cybersecurity Risk Management Positions or Committees Responsible [Text Block] | Our CISO was responsible for the day-to-day oversight of the assessment and management of our information security program and cybersecurity risks. |
| Cybersecurity Risk Management Expertise of Management Responsible [Text Block] | The InfoSec Committee met on a monthly basis to provide oversight of the Company's information security management system ("ISMS"), review the performance and effectiveness of the ISMS, and review and discuss the direction of the Company’s cybersecurity program |
| Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] | The Board also engages in oversight of cybersecurity risks. With the input of the InfoSec Committee, our CISO may provide periodic updates to the Board on matters related to cybersecurity as needed. |
| Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] | true |