BROOKFIELD REAL ESTATE INCOME TRUST INC. 10-K Cybersecurity GRC - 2024-03-15

Page last updated on April 11, 2024

BROOKFIELD REAL ESTATE INCOME TRUST INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-15 17:03:13 EDT.

Filings

10-K filed on 2024-03-15

BROOKFIELD REAL ESTATE INCOME TRUST INC. filed an 10-K at 2024-03-15 17:03:13 EDT
Accession Number: 0001713407-24-000022

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Risk Management and Strategy As an externally advised company, our day-to-day operations are managed by our Adviser and our executive officers under the oversight of our board of directors. We rely on our Adviser s cybersecurity program for assessing, identifying, and managing material risks from cybersecurity threats to us. This cybersecurity program is designed to protect the integrity and availability of our information and technology. This program addresses security governance, security awareness, employee training, relevant access and end-point security, vulnerability management, penetration testing, security monitoring and incident response. Our Adviser s practices align with the National Institute of Standards and Technology (NIST) Cybersecurity Framework. Our Adviser s cybersecurity program includes a comprehensive policy framework, reviewed and updated annually security awareness training for all employees, completed annually technology risk assessments for critical information systems and applications, performed annually and following all changes to these systems monthly vulnerability scans quarterly technology risk assessments and the use of software to protect the confidentiality, integrity and availability of our systems, including the use of anti-malware applications and the use of programs that log, monitor and audit system activities. The effectiveness of our Adviser s cybersecurity programs is evaluated regularly through both internal and third-party audits. We may also engage third parties to conduct risk assessments. Our Adviser s Chief Information Security Officer ( CISO ) utilizes a variety of processes and systems to manage cybersecurity risks including third-party risk. This includes operational compliance monitoring processes within our information technology service management program, a security operations center managed by a security services provider and periodic assessments and tests conducted by external parties or internal audit and compliance functions. We also regularly monitor cybersecurity and data privacy risks of investments in our portfolio. Additionally, our vendor governance framework includes monitoring of vendors compliance with contractual terms and their cybersecurity risk profile. A risk assessment is conducted for each violation identified, which includes an assessment of the impact from a financial, operational, reputational, regulatory compliance, and client service perspective, to determine its materiality. Regular reporting includes information on material security incidents and policy breaches. No risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, have materially affected us, our business strategy, results of operations or financial condition. However, we can provide no assurance that we will not experience any material cybersecurity threats or incidents in the future. See Item 1.A. Risk Factors Cybersecurity failures and data security incidents could adversely affect our business by causing a disruption to our operations, a compromise or corruption of our confidential, personal or other sensitive information and/or damage to our business relationships or reputation, any of which could negatively impact our business, financial condition and operating results. Governance The audit committee of our board of directors (the Audit Committee ) is responsible for overseeing risk management strategies that are specific to us, including reviewing management s assessment of the current and emerging risks and related mitigation strategies across financial and non-financial risks, including cybersecurity risks. Regular reports and updates on material security incidents and cybersecurity risks are made to senior management and the Audit Committee by the Adviser. The Adviser has a dedicated cybersecurity team, led by the CISO, which manages and monitors our data protection, privacy and cybersecurity program. In addition, our Adviser has established a Security Governance Committee, led by the CISO, that is responsible for, among other things, communicating information security status and needs to all stakeholders overseeing that appropriate communication channels about cybersecurity risk occur at all levels and to executive management, including our management and the Audit Committee and overseeing that appropriate action is being taken and monitored where information risks are identified. The CISO and other members of the Security Governance Committee are selected from the Adviser s business groups. The CISO has over 20 years of cybersecurity and technology management experience. 41

Company Information