SL GREEN OPERATING PARTNERSHIP, L.P. 10-K Cybersecurity GRC - 2024-02-23

Page last updated on April 11, 2024

SL GREEN OPERATING PARTNERSHIP, L.P. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-23 16:06:40 EST.

Filings

10-K filed on 2024-02-23

SL GREEN OPERATING PARTNERSHIP, L.P. filed an 10-K at 2024-02-23 16:06:40 EST
Accession Number: 0001040971-24-000010

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Risk Management and Strategy The Company’s business and proprietary information, information technology and operational technology assets are important to its success. The Company s cybersecurity program is designed to protect its information assets and operations from external and internal cyber threats by seeking to mitigate and manage risks while helping to ensure business resiliency. The program is applied across all levels of the Company. The Company takes a risk-based approach to cybersecurity and has implemented policies that are designed to address cybersecurity threats and incidents, including those related to third-party service providers. The Company assesses risks from cybersecurity threats, monitors its information systems for potential vulnerabilities and tests those systems pursuant to the Company’s cybersecurity standards, processes and practices, as part of the Company’s overall risk management system. The Company also leverages external resources and advisors as needed to reinforce its cybersecurity capacity. External consultants perform testing exercises to further assess the Company s cybersecurity program on an annual basis, or more frequently if circumstances warrant such testing. The Company s cybersecurity strategy is guided by prioritized risk, the National Institute for Standards and Technology (NIST) Cybersecurity Framework, and emerging business needs. The Company maintains a cybersecurity incident response plan, as well as a monitoring program, to support senior leadership and the Board. The Company s cybersecurity team manages its incident response plan and monitoring program. Company employees are provided cybersecurity awareness training, which includes topics on the Company s policies and procedures for reporting potential incidents. The Company s cybersecurity team is focused on evaluating emerging risks, regulations, and compliance matters and updating the policies and procedures accordingly. To date, cybersecurity risks, including as a result of any previous cybersecurity incidents, have not materially affected and we believe are not reasonably likely to affect the Company, including its business strategy, results of operations or financial condition. Refer to the risk factor captioned Our business and operations would suffer in the event of system failures or cyber security attacks in Part I, Item 1A. Risk Factors for additional description of cybersecurity risks and potential related impacts on the Company. Governance 24 Table of Contents The Board oversees the Company s risk management process directly and through its committees. Pursuant to the Audit Committee Charter, the Audit Committee of the Board provides compliance oversight to the Company s risk assessment and risk management policies and the steps management has taken to monitor and mitigate such exposures and risks. The Company s Senior Director, Information Security & Network Systems, in coordination with the Senior Vice President, Information Technology, is responsible for leading the assessment and management of cybersecurity risks. The Senior Director, Information Security & Network Systems and Senior Vice President, Information Technology regularly review and assess cybersecurity initiatives and are informed about and monitor the prevention, detection, mitigation, and remediation of cybersecurity incidents through briefings with internal and external personnel as well as alerts from security measures deployed in the Company’s IT environment. These individuals collectively have over 30 years of experience in information security. The Senior Vice President, Information Technology reports to the Board, the Audit Committee and management on cybersecurity risk assessment, policies, incident prevention, detection, mitigation, and remediation of cybersecurity incidents on an as needed basis.

Company Information