Cybersecurity Risk Management, Strategy, and Governance |
12 Months Ended |
|---|---|
Dec. 31, 2024 | |
| Cybersecurity Risk Management, Strategy, and Governance [Line Items] | |
| Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] |
ITEM 1C. CYBERSECURITY Cybersecurity Risk Management and Strategy We have developed and maintain a cybersecurity program designed to assess, identify, and manage risks from cybersecurity threats. As part of this program, we conduct periodic assessments of our IT systems to evaluate the effectiveness of applicable security controls. These assessments follow industry-standard frameworks and include a review of our information security controls to assess cybersecurity capabilities and maturity. The results of these assessments are reported to the Audit Committee of the Board of Directors. In general, we seek to address cybersecurity risks through a cross-functional approach focused on preserving the confidentiality, integrity, and availability of the information that we collect and store by identifying, preventing, and mitigating cybersecurity threats and effectively responding to cybersecurity incidents when they occur. We have established a cybersecurity policy that outlines the governance processes for identifying and managing material risks to privacy and cybersecurity. Our policy also describes our capabilities and processes for detecting, responding to, analyzing, mitigating, recovering from, and reporting cybersecurity incidents. We also manage and maintain business continuity and disaster recovery capabilities to help ensure the availability of business-critical technology resources. Governance Related to Cybersecurity Risks Management is responsible for the day-to-day management of risks we face, while our board of directors, as a whole and through committees, has responsibility for the oversight of risk management. Our Audit Committee oversees the management of risks from cybersecurity threats. In addition, the full board reviews our major risk exposures, their potential impact on us, and the steps we take to manage them. Our Chief Information Officer (CIO) is responsible for developing, implementing, and maintaining our cybersecurity risk management policies and procedures. The individual currently serving as CIO has over thirty-five years of experience in cybersecurity, information security, data protection, regulatory compliance, and risk management within complex and international business verticals such as pharmaceutical/biotech, technology, and logistics. The CIO provides regular cybersecurity updates to our board of directors. Our Information Technology Steering Committee ("ITSC") oversees matters regarding the Company’s Information Technology strategy, priorities, and governance, including cybersecurity threats and risk assessments, through periodic meetings and frequent communications. ITSC members include representatives from the Finance, Regulatory Affairs, Operations, and Information Technology departments. The ITSC has a charter that is reviewed internally to ensure it is aligned with our business strategy. As outlined in its charter, and relative to cybersecurity, the ITSC is responsible for identifying and assessing material cybersecurity risks across the Company, including escalating to our Audit Committee and Executive Management where appropriate. |
| Cybersecurity Risk Board of Directors Oversight [Text Block] |
Governance Related to Cybersecurity Risks Management is responsible for the day-to-day management of risks we face, while our board of directors, as a whole and through committees, has responsibility for the oversight of risk management. Our Audit Committee oversees the management of risks from cybersecurity threats. In addition, the full board reviews our major risk exposures, their potential impact on us, and the steps we take to manage them. Our Chief Information Officer (CIO) is responsible for developing, implementing, and maintaining our cybersecurity risk management policies and procedures. The individual currently serving as CIO has over thirty-five years of experience in cybersecurity, information security, data protection, regulatory compliance, and risk management within complex and international business verticals such as pharmaceutical/biotech, technology, and logistics. The CIO provides regular cybersecurity updates to our board of directors. Our Information Technology Steering Committee ("ITSC") oversees matters regarding the Company’s Information Technology strategy, priorities, and governance, including cybersecurity threats and risk assessments, through periodic meetings and frequent communications. ITSC members include representatives from the Finance, Regulatory Affairs, Operations, and Information Technology departments. The ITSC has a charter that is reviewed internally to ensure it is aligned with our business strategy. As outlined in its charter, and relative to cybersecurity, the ITSC is responsible for identifying and assessing material cybersecurity risks across the Company, including escalating to our Audit Committee and Executive Management where appropriate. |
| Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] | Our Audit Committee oversees the management of risks from cybersecurity threats. In addition, the full board reviews our major risk exposures, their potential impact on us, and the steps we take to manage them. |
| Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] | The CIO provides regular cybersecurity updates to our board of directors. |
| Cybersecurity Risk Role of Management [Text Block] |
Management is responsible for the day-to-day management of risks we face, while our board of directors, as a whole and through committees, has responsibility for the oversight of risk management. Our Audit Committee oversees the management of risks from cybersecurity threats. In addition, the full board reviews our major risk exposures, their potential impact on us, and the steps we take to manage them. |
| Cybersecurity Risk Management Positions or Committees Responsible [Flag] | true |
| Cybersecurity Risk Management Positions or Committees Responsible [Text Block] |
Our Chief Information Officer (CIO) is responsible for developing, implementing, and maintaining our cybersecurity risk management policies and procedures. Our Information Technology Steering Committee ("ITSC") oversees matters regarding the Company’s Information Technology strategy, priorities, and governance, including cybersecurity threats and risk assessments, through periodic meetings and frequent communications. ITSC members include representatives from the Finance, Regulatory Affairs, Operations, and Information Technology departments. The ITSC has a charter that is reviewed internally to ensure it is aligned with our business strategy. As outlined in its charter, and relative to cybersecurity, the ITSC is responsible for identifying and assessing material cybersecurity risks across the Company, including escalating to our Audit Committee and Executive Management where appropriate. |
| Cybersecurity Risk Management Expertise of Management Responsible [Text Block] | The individual currently serving as CIO has over thirty-five years of experience in cybersecurity, information security, data protection, regulatory compliance, and risk management within complex and international business verticals such as pharmaceutical/biotech, technology, and logistics. |
| Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] | The CIO provides regular cybersecurity updates to our board of directors. |
| Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] | true |