Medalist Diversified REIT, Inc. 10-K Cybersecurity GRC - 2024-03-06

Page last updated on April 11, 2024

Medalist Diversified REIT, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-06 16:30:58 EST.

Filings

10-K filed on 2024-03-06

Medalist Diversified REIT, Inc. filed an 10-K at 2024-03-06 16:30:58 EST
Accession Number: 0001558370-24-002614

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Risk management and strategy Our accounting and financial reporting platforms and related systems, and those that we, or our third-party service providers, offer to our tenants are necessary for the operation of our business. We use these platforms and systems, among others, to manage our tenant relationships, for accounting and financial reporting, and for other recordkeeping purposes. Our business operations and financial reporting rely on the secure collection, storage, transmission, and other processing of proprietary, confidential, and sensitive data. We have implemented and maintain various information security processes designed to identify, assess and manage material risks from cybersecurity threats to our critical computer networks, third-party hosted services, hardware and software, and our critical data, including financial information and other confidential information that is proprietary, strategic or competitive in nature, and tenant data ( Information Systems and Data ). We rely on our management and third-party service providers, as described further below, to manage any perceived cybersecurity threats and risks. Depending on the environment, we implement and maintain various technical, physical, and organizational measures, processes, standards, and/or policies designed to manage and mitigate material risks from cybersecurity threats to our Information Systems and Data, including incident detection and response, internal controls within our accounting and financial reporting functions, network security controls, access controls, physical security, systems monitoring, and employee training. We work with third parties from time to time that assist us in identifying, assessing, and managing cybersecurity risks, including professional services firms and information technology consulting and support firms. To operate our business, we utilize certain third-party service providers to perform a significant portion of our critical functions. We seek to engage reliable, reputable service providers that maintain cybersecurity programs. To address risks associated with third-party service providers, we will review and assess the cybersecurity controls of our third-party service providers and make changes to our business processes to manage these risks. This approach is designed to mitigate risks related to data breach or other security incidents originating from third-party service providers. We are not aware of any risks from cybersecurity threats, including as a result of any cybersecurity incidents, which have materially affected or are reasonably likely to materially affect our company, including our business strategy, results of operations, or financial condition. Governance The Board holds oversight responsibility over our strategy and risk management, including material risks related to cybersecurity threats. This oversight is executed directly by the Board through management. Our management, represented by our Chief Financial Officer, Brent Winn, leads our cybersecurity risk assessment and management processes and oversees their implementation and maintenance. Mr. Winn is an experienced compliance and risk management professional and has served as Chief Financial Officer since September 2020. Mr. Winn currently oversees key functions for the Company s accounting, finance, and treasury strategies, including risk management. In addition, Mr. Winn leads our cybersecurity risk oversight and the development and enhancement of 7 Table of Contents internal controls designed to prevent, detect, address, and mitigate the risk of cyber incidents. Our management will report any serious cybersecurity incidents to our Board.

Company Information