Page last updated on April 11, 2024
Sterling Real Estate Trust reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-13 20:29:01 EDT.
Filings
10-K filed on 2024-03-13
Sterling Real Estate Trust filed an 10-K at 2024-03-13 20:29:01 EDT
Accession Number: 0001558370-24-003150
Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!
Item 1C. Cybersecurity.
ITEM 1C. CYBERSECURITY With oversight from the Board of Trustees, the Advisor is responsible for managing all cyber risks and overseeing our security programs. Cybersecurity risk management has been delegated to the Advisor s executive officers, with day-to-day management carried out by the Advisor s Chief Transformation Officer (CTO), Jamie Bucholz. The Advisor s cybersecurity risk oversight includes: (i) reviewing and approving technology security policies and internal cybersecurity controls, (ii) monitoring cybersecurity and information security exposures, (iii) confirming the Advisor has adequate procedures in place to not only control and limit these exposures but also to timely respond to any cyber incident, and (iv) mandatory cyber security trainings for all Advisor personnel. The Advisor partners with several third-party technology providers to monitor and protect internal IT infrastructure and data. The Advisor has hired Marco Technologies, as the organization s Managed IT provider with tools that systematically update hardware and software while also monitoring uptime to ensure seamless business operations. Marco Technologies also provides cyber security trainings, which all Advisor personnel are required to complete on a monthly basis. The Advisor utilizes Red Canary to provide 24/7 monitoring on all end points with triggers to isolate and mitigate any suspicious cyber activity. Finally, High Point Networks provides physical and cloud-based network data backup solutions for the Advisor. In collaboration with the Advisor, an extensive data back-up plan is in place with Return to Operations objectives of less than 24 hours. Although our CTO does not come from an information technology background, she relies on her extensive organization and project management experience to coordinate and manage the third-party providers who perform our cybersecurity function and to implement our cybersecurity incident response plan described below. The Board of Trustees and Advisor are aware that preventive measures cannot prevent all cyber incidents. When a cyber incident occurs, our actions are guided by an incident response plan decision tree to (i) detect, contain and eradicate any threats, (ii) assess materiality, (iii) notify internal parties, (iv) recover any compromised data and information systems, (v) limit impacts of any such incident on the Trust s operations, and (vi) report any such incident as required by law or as otherwise necessary. Our business strategy, results of operations or financial condition have not been materially impacted by cybersecurity threats, including as a result of any previous cybersecurity incidents. Although we cannot predict the cybersecurity incidents we may face in the future, we believe we have implemented reasonable cybersecurity protections and do not have reason to believe our business strategy, results of operations or financial condition will be materially impacted by cybersecurity incidents in the future. For a discussion of risks from cybersecurity threats, please see Item 1A. Risk Factors. 23 Table of Contents
Company Information
| Name | Sterling Real Estate Trust |
| CIK | 0001412502 |
| SIC Description | Real Estate Investment Trusts |
| Ticker | |
| Website | |
| Category | Non-accelerated filer |
| Fiscal Year End | December 30 |