FS Credit Real Estate Income Trust, Inc. 10-K Cybersecurity GRC - 2024-03-15

Page last updated on April 11, 2024

FS Credit Real Estate Income Trust, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-15 17:05:32 EDT.

Filings

10-K filed on 2024-03-15

FS Credit Real Estate Income Trust, Inc. filed an 10-K at 2024-03-15 17:05:32 EDT
Accession Number: 0001628280-24-011520

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. Cybersecurity As an externally advised company, our day-to-day operations are managed by our adviser and our executive officers under the oversight of our board of directors. Our executive officers are senior FS Investments professionals and our adviser is an affiliate of FS Investments. As such, we are reliant on FS Investments for assessing, identifying and managing material risks to our business from cybersecurity threats. Our business is dependent on the communications and information systems of the adviser, as an affiliate of FS Investments. We also rely on the communications and systems of other third-party service providers. FS Investments has implemented a cybersecurity program that applies to all of its subsidiaries and affiliates, including us and our operations. Cybersecurity Program Overview FS Investments has instituted a cybersecurity program designed to identify, assess, and manage cybersecurity risks applicable to us. The cybersecurity risk management program involves, among other things, risk assessments, implementation of security measures, and ongoing monitoring of systems and networks, including networks on which we rely. FS Investments actively monitors the current threat landscape in an effort to identify material risks arising from new and evolving cybersecurity threats, including material risks faced by us. We rely on FS Investments to engage external experts, including cybersecurity assessors, consultants and auditors to evaluate cybersecurity measures and risk management processes, including those applicable to us. We are also included in the FS Investments risk management program and processes, which include cybersecurity risk assessments. We depend on and engage various third parties, including suppliers, vendors and service providers, to operate our business. We rely on the expertise of the third-party risk management, legal, information technology and compliance personnel of the adviser and FS Investments, including the Chief Information Security Officer (“CISO”), of FS Investments, when identifying and overseeing risks from cybersecurity threats associated with our use of such entities. To date, cybersecurity risks, including as a result of any previous cybersecurity incidents, have not materially affected and we believe are not reasonably likely to affect the Company, including its business strategy, results of operations or financial condition. Board Oversight of Cybersecurity Risks The audit committee of the board of directors (the “Audit Committee”), provides strategic oversight on cybersecurity matters, including risks associated with cybersecurity threats. The Audit Committee receives periodic updates from the FS Investments CISO and our Chief Compliance Officer (“CCO”) regarding the overall state of the FS Investments cybersecurity program, information on the current threat landscape, and risks from cybersecurity threats and cybersecurity incidents impacting us. Management’s Role in Cybersecurity Risk Management Our management, including our CCO, is responsible for assessing and managing material risks from cybersecurity threats. The CCO oversees our risk management function generally and relies on the FS Investments CISO to assist with assessing and managing material risks from cybersecurity threats. The CISO has over 10 years of experience in actively managing cybersecurity and information security programs for financial services companies with complex information systems. The CCO has been responsible for this oversight function as our CCO for over 10 years and has worked in the financial services industry for over 40 years, during which the CCO has gained expertise in assessing and managing risk applicable to us. Management is informed about and monitors the prevention, detection, mitigation and remediation of cybersecurity incidents impacting us, including through the receipt of notifications from service providers and reliance on communications with risk management, legal, information technology and/or compliance personnel of the adviser and FS Investments. Assessment of Cybersecurity Risk The potential impact of risks from cybersecurity threats on us are assessed on an ongoing basis, and how such risks could materially affect our business strategy, operational results, and financial condition are regularly evaluated. During the reporting period, we have not identified any impact from cybersecurity threats, including as a result of previous cybersecurity incidents, that we believe have materially affected, or are reasonably likely to materially affect us, including our business strategy, operational results, and financial condition.

Company Information