CAMDEN PROPERTY TRUST 10-K Cybersecurity GRC - 2024-02-22

Page last updated on April 11, 2024

CAMDEN PROPERTY TRUST reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-22 12:40:20 EST.

Filings

10-K filed on 2024-02-22

CAMDEN PROPERTY TRUST filed an 10-K at 2024-02-22 12:40:20 EST
Accession Number: 0000906345-24-000007

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Addressing cybersecurity risks is a priority for us. We have in place systems of internal controls as well as business continuity and disaster recovery plans, and we regularly perform assessments of these systems and plans to address cybersecurity and technology. Our cybersecurity program has been developed based on industry standards set by the National Institute of Standards and Technology (“NIST”) and includes a comprehensive set of security policies and procedures that guide our protection strategy against threats by utilizing the following measures: identifying critical assets and high-risk threats; implementing cybersecurity detection, controls, and remediation practices; implementing a third-party risk management program to evaluate our cyber position; and, evaluating our cybersecurity program effectiveness by performing both internal and external testing and auditing risk. In addition to a dedicated information technology cybersecurity team monitoring our daily operations, we annually assess our cybersecurity program against the NIST framework and engage outside security firms to conduct penetration tests and assist with monitoring of daily operations. We require annual cybersecurity awareness training for all of our employees to aid in promptly identifying and reporting potential or actual issues. Additionally, our dedicated information technology cybersecurity team undertakes regular robust cybersecurity training to increase cybersecurity awareness, internal expertise, and readiness efforts. We install and regularly update antivirus software on all Company managed systems and workstations in an effort to detect and prevent malicious code. We conduct ongoing security breach and phishing simulations to raise awareness of various critical security threats. Periodically, we run tabletop exercises involving members of the Company’s management team intended to simulate a response to a cybersecurity incident and use the findings to improve our policies and procedures. All third-party service providers or vendors utilized as part of the Company s cybersecurity framework are required to comply with our policies regarding non-public personal information and information security. Our cybersecurity program is led by our Senior Vice President - Strategic Services and Chief Information Officer (“CIO”). Our CIO also serves as the Chair of our Cybersecurity Executive Oversight Committee (“CEOC”), comprised of senior executives representing various teams and functions of the Company including legal, finance, accounting, investor relations, and operations. The CEOC supports efforts to evaluate the materiality of any incidents, determines whether notice to third parties such as residents or vendors is required, and determine whether any disclosures to stakeholders are required. The CEOC is also responsible for ensuring the Company’s management and Board of Trust Managers (“Board”) are fully aware of key activities and events associated with our cybersecurity program on an ongoing basis. Although our entire Board is actively involved in overseeing risk management, the Audit Committee charter tasks the Audit Committee with providing oversight of management’s guidelines and policies to govern the process by which risk assessments and risks are managed, including the Company s major financial risk exposures and the steps management has taken to monitor and control such exposures. The Audit Committee also discusses with management the processes undertaken to evaluate our systems of disclosure controls and procedures, including those relating to cybersecurity risk management. Our CIO reports quarterly to the Audit Committee and Board regarding cybersecurity matters, which includes emerging cybersecurity threats and the risk landscape, updates on our cybersecurity program and related readiness, resiliency, and response efforts. Like other businesses, we have been, and expect to continue to be, subject to attempts on unauthorized access, mishandling or misuse, computer viruses or malware, cyber-attacks and intrusions and other events of varying degrees. To date, we have not experienced a cybersecurity breach nor are we aware of any of our third-party outside service providers experiencing a cybersecurity breach.

Company Information