Cybersecurity Risk Management and Strategy Disclosure |
12 Months Ended |
---|---|
Dec. 31, 2024 | |
Cybersecurity Risk Management, Strategy, and Governance [Line Items] | |
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] |
We have implemented and maintain various information security processes designed to identify, assess and manage material risks from cybersecurity threats to our critical computer networks, third party hosted services, communications systems, hardware and software, and our critical data, including intellectual property, confidential information that is proprietary, strategic or competitive in nature, and other data related to our ongoing research and development initiatives, which we refer to as Information Systems and Data. Our information technology function helps identify, assess and manage our cybersecurity threats and risks. Our information technology function identifies and assesses risks from cybersecurity threats by monitoring and evaluating our threat environment using various methods including, for example, automated vulnerability scanning tools of the network, third-party cybersecurity audits, and use of external intelligence feeds. Depending on the environment, we implement and maintain various technical, physical, and organizational measures, processes, standards and policies designed to manage and mitigate material risks from cybersecurity threats to our Information Systems and Data, including, for example, vulnerability management, disaster recovery and business continuity plan, incident response policy, system monitoring, data encryption and access controls. |
Cybersecurity Risk Management Processes Integrated [Flag] | true |
Cybersecurity Risk Management Processes Integrated [Text Block] | We have implemented and maintain various information security processes designed to identify, assess and manage material risks from cybersecurity threats to our critical computer networks, third party hosted services, communications systems, hardware and software, and our critical data, including intellectual property, confidential information that is proprietary, strategic or competitive in nature, and other data related to our ongoing research and development initiatives, which we refer to as Information Systems and Data. Our information technology function helps identify, assess and manage our cybersecurity threats and risks. |
Cybersecurity Risk Management Third Party Engaged [Flag] | true |
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] | true |
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] | false |
Cybersecurity Risk Board of Directors Oversight [Text Block] |
Responsibility for the oversight and management of cybersecurity risks and the Company’s cybersecurity policy rests with the board of directors, which has the responsibility for ensuring that the Company has adequate policies and procedures in place to prevent and mitigate cybersecurity incidents. The board of directors, receives briefings from management to ensure that it understands the Company’s cyber risk profile. Based upon this understanding, the board of directors oversees the development and implementation of cybersecurity policies. XORTX has an incident response plan to guide its response to a cybersecurity incident, whether on the cybersecurity incident is on the Company’s systems or those of any third party service providers, and communication with stakeholders in the event of an incident, developed in cooperation with third-party cybersecurity consultants. In the event of a cybersecurity incident, the CEO will immediately notify the Board of Directors about the incident and provide a detailed Cyber Incident Report that discloses relevant information about the date and time of the incident, as well as description of the attack, affected systems, actions taken, and further recommendations, which may be adjusted as additional details become now. XORTX’s cybersecurity program is overseen by a third-party company, Integrated Data Solutions, a company with more than 20 years of experience in software development, IT infrastructures, business cybersecurity. In the event of cybersecurity incident, the Company’s IT team will take immediate action to mitigate such an event and assess current and future impacts and will prepare the Cyber Incident Report to be delivered to the board of directors, which will then review and analyze the situation and will provide their feedback on the mitigation and prevention measures to avoid events in the future. |
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] | board of directors |
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] | Responsibility for the oversight and management of cybersecurity risks and the Company’s cybersecurity policy rests with the board of directors, which has the responsibility for ensuring that the Company has adequate policies and procedures in place to prevent and mitigate cybersecurity incidents. |
Cybersecurity Risk Role of Management [Text Block] | Our information technology function identifies and assesses risks from cybersecurity threats by monitoring and evaluating our threat environment using various methods including, for example, automated vulnerability scanning tools of the network, third-party cybersecurity audits, and use of external intelligence feeds. Depending on the environment, we implement and maintain various technical, physical, and organizational measures, processes, standards and policies designed to manage and mitigate material risks from cybersecurity threats to our Information Systems and Data, including, for example, vulnerability management, disaster recovery and business continuity plan, incident response policy, system monitoring, data encryption and access controls. |
Cybersecurity Risk Management Positions or Committees Responsible [Flag] | true |
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] | Our information technology function |
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] | XORTX’s cybersecurity program is overseen by a third-party company, Integrated Data Solutions, a company with more than 20 years of experience in software development, IT infrastructures, business cybersecurity. |
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] | In the event of cybersecurity incident, the Company’s IT team will take immediate action to mitigate such an event and assess current and future impacts and will prepare the Cyber Incident Report to be delivered to the board of directors, which will then review and analyze the situation and will provide their feedback on the mitigation and prevention measures to avoid events in the future. |
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] | true |