Claros Mortgage Trust, Inc. 10-K Cybersecurity GRC - 2024-02-20

Page last updated on April 11, 2024

Claros Mortgage Trust, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-20 16:13:13 EST.

Filings

10-K filed on 2024-02-20

Claros Mortgage Trust, Inc. filed an 10-K at 2024-02-20 16:13:13 EST
Accession Number: 0000950170-24-017115

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybers ecurity. Cybersecurity Risk Management and Strategy Our Manager has developed and implemented a cybersecurity risk management program intended to protect the confidentiality, integrity, and availability of its critical systems and our critical information. Our Manager s cybersecurity risk management program includes a cybersecurity incident response plan. Our Manager uses the Center for Internet Security Critical Security Controls as a guide to help identify, assess, and manage cybersecurity risks relevant to our business. This does not imply that our Manager meets any particular technical standards, specifications, or requirements. Our Manager s cybersecurity risk management program includes the following key elements: risk assessments designed to help identify material cybersecurity risks to critical systems, information, services, and our Manager s broader enterprise information technology ( IT ) environment; a team comprised of IT and Legal & Compliance personnel of our Manager principally responsible for directing (1) the cybersecurity risk assessment processes, (2) our Manager s security processes, and (3) our response to cybersecurity incidents; the use of external cybersecurity service providers, where appropriate, to assess, test or otherwise assist with aspects of our security processes or those of our Manager; cybersecurity awareness training of employees with access to our Manager s IT systems; a cybersecurity incident response plan; and a third-party risk assessment process for key service providers. We have not identified risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents, that have materially affected us, including our operations, business strategy, results of operations, or financial condition. We face certain ongoing risks from cybersecurity threats that, if realized, are reasonably likely to materially affect us, including our operations, business strategy, results of operations, or financial condition. See Risk Factors Operational risks, including the risk of cyberattacks, may disrupt our businesses, result in losses and limit our growth. Cybersecurity Governance Our Board has generally delegated the cybersecurity risk oversight function to the Audit Committee. The Audit Committee monitors our Manager s design and implementation of its cybersecurity risk management program. Our Manager s Director of Technology periodically reports to the Audit Committee and provides briefings on cybersecurity risks, our Manager s cyber risk management program, and, if applicable, known cybersecurity incidents. The Audit Committee reports to the full Board regarding its activities, including those related to cybersecurity. Audit Committee members also receive presentations on cybersecurity topics from our Manager s Director of Technology or external experts as part of the Board s continuing education on topics that impact public companies. 50 Our Manager s Director of Technology leads our Manager s overall cybersecurity function and supervises efforts to prevent, detect, mitigate, and remediate cybersecurity risks and incidents through various means, including alerts and reports produced by security tools deployed in our Manager s IT environment. Our Manager s Director of Technology is responsible for assessing and managing our Manager s material risks from cybersecurity threats and has primary responsibility for leading our Manager s overall cybersecurity risk management program and external IT cybersecurity service providers. Our Manager s Director of Technology has pertinent related experience in managing IT infrastructure and participates in various industry peer groups and organizations.

Company Information