SmartStop Self Storage REIT, Inc. 10-K Cybersecurity GRC - 2024-03-18

Page last updated on July 16, 2024

SmartStop Self Storage REIT, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-18 15:32:54 EDT.


10-K filed on 2024-03-18

SmartStop Self Storage REIT, Inc. filed a 10-K at 2024-03-18 15:32:54 EDT
Accession Number: 0000950170-24-032792

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY We take a comprehensive approach to cybersecurity and prioritize the security and integrity of our data, including those of our customers and other stakeholders, as a top priority. Our board of directors (in particular our audit committee) and our management are actively involved in the oversight of our risk management program, of which cybersecurity represents an important component. As described in more detail below, we have established policies, standards, processes and practices for assessing, identifying, and managing material risks from cybersecurity threats. We have devoted significant resources to implement and maintain security measures to meet regulatory requirements and stakeholder expectations, and we intend to continue to make appropriate investments to maintain the security and integrity of our data. There can be no guarantee that our established policies, standards, processes and practices will be properly followed in every instance or that they will be effective at mitigating all cybersecurity threats. Although our risk factors include further detail about the material cybersecurity risks we face, we believe that risks from cybersecurity threats, have not materially affected our business to date. We can provide no assurance that there will not be incidents in the future or that they will not materially affect us, including our business, results of operations, or financial condition. Risk Management and Strategy Our policies, standards, processes and practices for assessing, identifying, and managing material risks from cybersecurity threats are integrated into our overall risk management process and are based on frameworks established by the National Institute of Standards and Technology (“NIST”), the International Organization for Standardization and other applicable industry standards and best practices. Our cybersecurity program in particular focuses on the following key areas: Collaboration Our cybersecurity risks are identified and addressed through a comprehensive, cross-functional approach. Key security, risk, and compliance stakeholders meet regularly to develop strategies for preserving the confidentiality, integrity and availability of Company and customer information, identifying, preventing and mitigating cybersecurity threats. We maintain controls and procedures that are designed to ensure prompt escalation of certain cybersecurity incidents so that decisions regarding public disclosure and reporting of such incidents can be made by management and our board of directors in a timely manner. Risk Assessment At least annually, we conduct a cybersecurity risk assessment that takes into account information from internal stakeholders, known security vulnerabilities, and other external sources (e.g., reported security incidents that have impacted other companies, industry trends, and evaluations by third parties and consultants). The results of the assessment are used to drive alignment on, and prioritization of, initiatives to enhance our security controls, make recommendations to improve processes, and updates are presented to our board of directors and members of management, as appropriate. Technical Safeguards We regularly assess and deploy technical safeguards designed to protect our information systems from cybersecurity threats. Such safeguards are regularly evaluated and improved based on vulnerability assessments, cybersecurity threat intelligence and other developing cybersecurity practices. Incident Response and Recovery Planning We have established comprehensive incident response and recovery plans and continue to evaluate the effectiveness of those plans. Our incident response and recovery plans address and guide our response to a cybersecurity incident. Third-Party Risk Management 34 We have implemented processes designed to identify and mitigate cybersecurity threats associated with our use of third-party service providers. Such providers are subject to security risk assessments at the time of onboarding, contract renewal, and upon detection of an increase in risk profile. We use a variety of inputs in our risk assessments, including information supplied by providers and third parties. In addition, we require our providers to meet appropriate security requirements, controls and responsibilities and investigate security incidents that have impacted our third-party providers, as appropriate. Education and Awareness We regularly remind employees of the importance of handling and protecting customer and employee data, including through annual certifications of our policies as well as periodic security training to enhance employee awareness of how to detect and respond to cybersecurity threats.

Company Information

NameSmartStop Self Storage REIT, Inc.
SIC DescriptionReal Estate Investment Trusts
CategoryNon-accelerated filer
Fiscal Year EndDecember 30