Cybersecurity Risk Management and Strategy Disclosure |
12 Months Ended |
|---|---|
Dec. 31, 2025 | |
| Cybersecurity Risk Management, Strategy, and Governance [Line Items] | |
| Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] | Cybersecurity Risk Management We recognize the importance of developing, implementing, and maintaining cybersecurity measures designed to safeguard our information systems and protect the confidentiality, integrity, privacy, and availability of our data. We have implemented and integrated into our broader risk management framework a cybersecurity risk management program designed to promote a company-wide culture of cybersecurity risk awareness and management. Our cybersecurity risk management program includes a number of components, including periodic system audits and ongoing monitoring of critical risks from cybersecurity threats supported by third-party providers and technologies as well as automated tools. This process is designed to evaluate, assess, identify, and manage cyber risks in alignment with our business objectives and operational needs. In support of those efforts, we leverage a managed service provider (“MSP”) including a 24x7 Security Operations Center (SOC) and also engage with other third-party providers, consultants, and auditors to support our cyber risk management program, including periodic engagement of third parties to conduct security assessments and testing related to our computer systems. We have a process to implement mitigation plans to monitor, respond, and address identified cybersecurity events and incidents. Additionally, we have implemented an end-user education program that is designed to raise awareness of cybersecurity threats, including risks posed by phishing attempts and emerging threats associated with artificial intelligence (AI), such as AI-driven social engineering and automated attack techniques. We have implemented a process for this training to be included during the end-user onboarding process and at least annually thereafter. We rely on our vendor network to enable the performance of core research and development activities, including clinical trials. As part of our cybersecurity risk management program, we therefore maintain processes to, prior to onboarding and periodically thereafter, assess and review vendor standards and compliance with industry best practices around cybersecurity, incident management, and personal data processing, as applicable. Additionally, as appropriate, we include security requirements in vendor contracts. We, like other companies in our industry, face a number of cybersecurity risks in connection with our business. Although our business strategy, results of operations, and financial condition have not, to date, been materially affected by risks from cybersecurity threats, including as a result of previously identified cybersecurity incidents, we have, from time to time, experienced threats to and security incidents related to our data and systems, including phishing attacks. For more information on our cybersecurity-related risks, see “Our internal computer systems have suffered, and our collaborators or other contractors or consultants may suffer from security breaches, which could result in a material disruption of our product development programs,” in Item 1A “Risk Factors.”
|
| Cybersecurity Risk Management Processes Integrated [Flag] | true |
| Cybersecurity Risk Management Processes Integrated [Text Block] | We recognize the importance of developing, implementing, and maintaining cybersecurity measures designed to safeguard our information systems and protect the confidentiality, integrity, privacy, and availability of our data. We have implemented and integrated into our broader risk management framework a cybersecurity risk management program designed to promote a company-wide culture of cybersecurity risk awareness and management.
|
| Cybersecurity Risk Management Third Party Engaged [Flag] | true |
| Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] | true |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] | false |
| Cybersecurity Risk Board of Directors Oversight [Text Block] | The Board of Directors has responsibility for oversight of cybersecurity risk management. As part of our enterprise risk management program, the Board has established oversight mechanisms that seek to implement effective governance in managing risks associated with cybersecurity threats. In particular, the Audit Committee has been vested with cybersecurity governance mandate that includes defining the Company’s cybersecurity strategy and implementation plan, performing regular oversight over Company’s cybersecurity landscape, and assessing the impact of material cyber incidents, should they happen. Day-to-day responsibility for assessing, monitoring, and managing our cybersecurity risk management program rests with our IT Department, supported by broader MSP’s service team, and members of our finance and legal teams as appropriate, and our Head of Compliance on cyber matters. Our Head of Compliance oversees our risk management governance and works with our IT Department and other functions, as appropriate, on the mitigation and management of identified cyber risks. The IT Department, supported by broader MSP’s service team executes the cybersecurity strategy. The IT Department and Head of Compliance report periodically to the Chief Legal Officer as well as to our Governance, Risk Management, and Compliance Committee (“GRC Committee”) on cyber matters. Our GRC Committee is responsible for monitoring and overseeing our overall enterprise risk management process, including assessing, identifying, and managing cybersecurity related risks as part of its annual assessment of critical risks facing the Company. On at least an annual basis, management provides an update to the Audit Committee regarding critical cybersecurity risks and ongoing cybersecurity initiatives and strategies. We have implemented a process for significant cybersecurity matters and strategic risk management decisions related to cyber risks to be escalated to the GRC Committee and/or the Audit Committee, as appropriate.
|
| Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] | Our Head of Compliance oversees our risk management governance and works with our IT Department and other functions, as appropriate, on the mitigation and management of identified cyber risks. |
| Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] | Day-to-day responsibility for assessing, monitoring, and managing our cybersecurity risk management program rests with our IT Department, supported by broader MSP’s service team, and members of our finance and legal teams as appropriate, and our Head of Compliance on cyber matters. Our Head of Compliance oversees our risk management governance and works with our IT Department and other functions, as appropriate, on the mitigation and management of identified cyber risks. The IT Department, supported by broader MSP’s service team executes the cybersecurity strategy. The IT Department and Head of Compliance report periodically to the Chief Legal Officer as well as to our Governance, Risk Management, and Compliance Committee (“GRC Committee”) on cyber matters. Our GRC Committee is responsible for monitoring and overseeing our overall enterprise risk management process, including assessing, identifying, and managing cybersecurity related risks as part of its annual assessment of critical risks facing the Company. |
| Cybersecurity Risk Role of Management [Text Block] | The Board of Directors has responsibility for oversight of cybersecurity risk management. As part of our enterprise risk management program, the Board has established oversight mechanisms that seek to implement effective governance in managing risks associated with cybersecurity threats. In particular, the Audit Committee has been vested with cybersecurity governance mandate that includes defining the Company’s cybersecurity strategy and implementation plan, performing regular oversight over Company’s cybersecurity landscape, and assessing the impact of material cyber incidents, should they happen. Day-to-day responsibility for assessing, monitoring, and managing our cybersecurity risk management program rests with our IT Department, supported by broader MSP’s service team, and members of our finance and legal teams as appropriate, and our Head of Compliance on cyber matters. Our Head of Compliance oversees our risk management governance and works with our IT Department and other functions, as appropriate, on the mitigation and management of identified cyber risks. The IT Department, supported by broader MSP’s service team executes the cybersecurity strategy. The IT Department and Head of Compliance report periodically to the Chief Legal Officer as well as to our Governance, Risk Management, and Compliance Committee (“GRC Committee”) on cyber matters. Our GRC Committee is responsible for monitoring and overseeing our overall enterprise risk management process, including assessing, identifying, and managing cybersecurity related risks as part of its annual assessment of critical risks facing the Company. On at least an annual basis, management provides an update to the Audit Committee regarding critical cybersecurity risks and ongoing cybersecurity initiatives and strategies. We have implemented a process for significant cybersecurity matters and strategic risk management decisions related to cyber risks to be escalated to the GRC Committee and/or the Audit Committee, as appropriate.
|
| Cybersecurity Risk Management Positions or Committees Responsible [Flag] | true |
| Cybersecurity Risk Management Positions or Committees Responsible [Text Block] | The Board of Directors has responsibility for oversight of cybersecurity risk management. As part of our enterprise risk management program, the Board has established oversight mechanisms that seek to implement effective governance in managing risks associated with cybersecurity threats. In particular, the Audit Committee has been vested with cybersecurity governance mandate that includes defining the Company’s cybersecurity strategy and implementation plan, performing regular oversight over Company’s cybersecurity landscape, and assessing the impact of material cyber incidents, should they happen. Day-to-day responsibility for assessing, monitoring, and managing our cybersecurity risk management program rests with our IT Department, supported by broader MSP’s service team, and members of our finance and legal teams as appropriate, and our Head of Compliance on cyber matters. Our Head of Compliance oversees our risk management governance and works with our IT Department and other functions, as appropriate, on the mitigation and management of identified cyber risks. The IT Department, supported by broader MSP’s service team executes the cybersecurity strategy. The IT Department and Head of Compliance report periodically to the Chief Legal Officer as well as to our Governance, Risk Management, and Compliance Committee (“GRC Committee”) on cyber matters. Our GRC Committee is responsible for monitoring and overseeing our overall enterprise risk management process, including assessing, identifying, and managing cybersecurity related risks as part of its annual assessment of critical risks facing the Company. On at least an annual basis, management provides an update to the Audit Committee regarding critical cybersecurity risks and ongoing cybersecurity initiatives and strategies. We have implemented a process for significant cybersecurity matters and strategic risk management decisions related to cyber risks to be escalated to the GRC Committee and/or the Audit Committee, as appropriate.
|
| Cybersecurity Risk Management Expertise of Management Responsible [Text Block] | Our GRC Committee is responsible for monitoring and overseeing our overall enterprise risk management process, including assessing, identifying, and managing cybersecurity related risks as part of its annual assessment of critical risks facing the Company. |
| Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] | Day-to-day responsibility for assessing, monitoring, and managing our cybersecurity risk management program rests with our IT Department, supported by broader MSP’s service team, and members of our finance and legal teams as appropriate, and our Head of Compliance on cyber matters. Our Head of Compliance oversees our risk management governance and works with our IT Department and other functions, as appropriate, on the mitigation and management of identified cyber risks. The IT Department, supported by broader MSP’s service team executes the cybersecurity strategy. The IT Department and Head of Compliance report periodically to the Chief Legal Officer as well as to our Governance, Risk Management, and Compliance Committee (“GRC Committee”) on cyber matters. Our GRC Committee is responsible for monitoring and overseeing our overall enterprise risk management process, including assessing, identifying, and managing cybersecurity related risks as part of its annual assessment of critical risks facing the Company. |
| Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] | true |