Urban Edge Properties LP 10-K Cybersecurity GRC - 2024-02-14

Page last updated on April 11, 2024

Urban Edge Properties LP reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-14 07:01:08 EST.

Filings

10-K filed on 2024-02-14

Urban Edge Properties LP filed an 10-K at 2024-02-14 07:01:08 EST
Accession Number: 0001611547-24-000012

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Governance Cybersecurity is an integral part of the Board of Trustees , Audit Committee s and Corporate Governance and Nominating Committee s risk analysis and discussions with management. In February 2023, the Board of Trustees assigned cybersecurity oversight responsibility to the Corporate Governance and Nominating Committee via an amendment to the Committee s Charter. We also have a Cyber Steering Committee which works in conjunction with the Computer Incident Response Team ( CIRT ) to develop strategies to mitigate risks and to address any cyber issues that may arise. The Cyber Steering Committee and CIRT are made up of certain executives, management, members of our information technology team and third-party advisors. The committees are led by our SVP, Chief Information Officer. Our policies outline processes for identifying, reporting, investigating, and responding to a cyber incident. In the event of such an incident, the CIRT coordinator will work with the Cyber Steering Committee to conduct a risk analysis. The committee may also engage other members of management to assess the tangible, intangible and financial impact of the incident. Any breach or cyber incident that meets certain criteria will be communicated by the Cyber Steering Committee to the Corporate Governance and Nominating Committee in a timely manner. The SVP, Chief Information Officer researches the latest technologies and trends used by cybercriminals through publications, conferences and discussions with peers. Cyber threats identified are communicated to all members of the Company via email to promote awareness and assist with protecting us from potential risks or breaches. All employees are required to undergo quarterly security awareness trainings and we routinely conduct internal phishing and other exercises to gauge the effectiveness of the trainings and assess the need for continued education and/or areas where improvement may be needed. Risk Management and Strategy As we see increased reliance on information technology in the workplace and our business operations, and an ongoing shift to remote and hybrid work schedules, Urban Edge has employed several measures to mitigate cyber risks. The Cyber Steering Committee is responsible for the risk management program which includes, but is not limited to, identifying cyber risks, the risk severity, risk response and tracking risk remediation. The Cyber Steering Committee meets (i) at least quarterly to review emerging threats, controls, and procedures, (ii) at least annually with the Corporate Governance and Nominating Committee to discuss trends in cyber risks and our strategy to defend our information against cybersecurity incidents, and (iii) promptly following the occurrence of a material cyber incident. In addition to a dedicated information technology and cybersecurity team monitoring our daily operations, the Company engages an independent third-party cybersecurity audit firm to periodically review cybersecurity risks and our Incident Response Program. The third-party firm evaluates our preparedness based on several factors including cyber risk assessment, vulnerability management, disaster recovery, and penetration testing. They also simulate attacks on the Company as part of their audit procedures to gauge if our incident response is repeatable and effective and provide recommendations for areas of improvement. We are in process of implementing a thorough vendor selection criteria and employing ongoing monitoring of our third-party service providers to ensure compliance with cybersecurity standards. We utilize a risk-based approach that aligns with the National Institute of Standards and Technology Cybersecurity Framework, and Microsoft best practices. Our policies and procedures are reviewed and updated annually by the Cyber Steering Committee and incorporate third-party assessments to benchmark ourselves against industry standards. The Company utilizes advanced endpoint protection, firewalls, intrusion detection and prevention, threat intelligence, security event logging and correlation, and backup and redundancy systems. We have formal policies and procedures addressing data retention, incident response, asset and device management and have a Disaster Recovery and Business Continuity Committee that meets biannually to review and update our plan, policies, and procedures to align with changes in risk assessment and emerging technologies. In addition, our Information Technology team conducts disaster recovery tests annually and reports results to the Cyber Steering Committee. A cybersecurity breach may 19 result in disruption of our operations, damage to our reputation and cause us to lose revenue or incur significant expenses to remediate which could have a material adverse effect on our results of operations or consolidated financial position. As of the date of this report, we have not experienced any material cyber breaches and are periodically reviewing our policies and procedures to respond to, and mitigate the impact of, emerging trends and technologies affecting our industry. Additionally, as a public company, we are subject to the Sarbanes-Oxley Act requirements and must undergo independent audits of information technology general controls in support of internal control over financial reporting. These audits, which are conducted by our independent public accounting firm, assess key information security and cybersecurity risks in the environment that may affect the confidentiality, integrity and availability of systems and data. Any control deficiencies that represent cybersecurity risks, as well as any recommended changes to our processes, if appropriate, would be reported to senior management and the Board.

Company Information