Shepherd's Finance, LLC 10-K Cybersecurity GRC - 2024-03-15

Page last updated on April 11, 2024

Shepherd’s Finance, LLC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-15 17:05:29 EDT.

Filings

10-K filed on 2024-03-15

Shepherd’s Finance, LLC filed an 10-K at 2024-03-15 17:05:29 EDT
Accession Number: 0001493152-24-010136

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY We face cybersecurity risks due primarily to our position in the industry and identity as a financial service company with potential for harm that could occur to us, our investors and our customers were we to suffer impacts of a material cybersecurity incident. We are committed to maintaining robust governance and oversight of these risks and to implementing mechanisms, controls, technologies, and processes designed to help us assess, identify, and manage these risks. While we have not, as of the date of this Annual Report, experienced a cybersecurity threat or incident that resulted in a material adverse impact to our business or operations, our business strategy, results of operations, or financial condition, there can be no guarantee that we will not experience such an incident in the future. In addition, the environment and threats are constantly evolving, thereby increasing the difficulty of successfully defending against them or implementing adequate preventative measures. We seek to detect and investigate unauthorized attempts and attacks against our network and services which are also dependent on third parties (multiple law firms, banks, settlement and title entities) and their technology, and to prevent their occurrence and recurrence where practical through changes, updates and enhancements to our internal processes and tools however, we remain potentially vulnerable to known or unknown threats. We aim to incorporate industry best practices throughout our cybersecurity program. Our cybersecurity strategy focuses on implementing effective and efficient controls, technologies, and other processes to assess, identify, and manage material cybersecurity risks. Our cybersecurity program is designed to be aligned with applicable industry standards and is assessed periodically by independent subject matter expert third parties who hold industry leading certifications such as Certified Information Systems Security Professional (CISSP), GIAC Certified Intrusion Analyst (GCIA), and GIAC Certified Incident Handler (GCIH). We have processes in place to identify, access, and address material cybersecurity threats and incidents with the help of the above noted expert third parties as needed. We monitor issues that are internally discovered or externally reported that may affect our business and have processes to assess those issues for potential cybersecurity impact or risk. Pursuant to our Audit Committee Charter, our Audit Committee is responsible for reviewing and assessing our risk assessment and risk management policies, including oversight of cybersecurity risk. Our risk assessment policy is utilized in making decisions with respect to company priorities, resource allocations, and oversight structures. Our Board of Managers, with the assistance of our Audit Committee and Technology Committee, regularly reviews our cybersecurity program with management and reports to the Board of Managers. Cybersecurity reviews generally occur at least annually, or more frequently as determined to be necessary or advisable. We have an escalation process in place to inform senior management and the Board of Managers of material issues. 26

Company Information