Power REIT 10-K Cybersecurity GRC - 2024-03-29

Page last updated on April 11, 2024

Power REIT reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-29 17:25:21 EDT.

Filings

10-K filed on 2024-03-29

Power REIT filed an 10-K at 2024-03-29 17:25:21 EDT
Accession Number: 0001493152-24-012040

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. We maintain a cyber risk management protocol designed to identify, assess, manage, mitigate, and respond to cybersecurity threats. We have undertaken, on an annual basis, to conduct an assessment of our cyber risk management processes and controls to identify, quantify, and categorize material cyber risks. In addition, we have developed a risk mitigation plan to address such risks, and where necessary, remediate potential vulnerabilities identified through the annual assessment process. 42 We employ a risk management strategy for the assessment, identification and management of material risks stemming from cybersecurity threats. Our methodologies involve a systematic evaluation of potential threats, vulnerabilities, and their potential impacts on our organization s operations, data, and systems. Our cybersecurity risk management program includes: Risk assessments designed to help identify material cybersecurity risks to our critical systems, and our IT environment The use of external service providers to assess, test or otherwise assist with aspects of our security controls Cybersecurity awareness training of our employees and senior management including consultation with third parties as deemed necessary A cybersecurity incident response plan that includes procedures for responding to cybersecurity incidents and We design and assess our program using the National Institute Cybersecurity Framework ( NIST CSF ) as a set of guiding principles. Our management team is responsible for oversight and administration of our cyber risk management protocol, and for informing relevant stakeholders regarding the prevention, detection, mitigation, and remediation of cybersecurity incidents. Our management team does not have prior experience administrating cybersecurity initiatives and processes, but intends to rely on threat intelligence as well as other information obtained from governmental, public or private sources and, if necessary, third-party consultants providing cyber risk services. Our Audit Committee also provides oversight of risks from cybersecurity threats, and specifically reviews and discusses our policies regarding information technology security and protection from cyber risks. Our third-party service providers are primarily responsible for the security of their own information technology environments and in certain instances we rely significantly on third-party service providers to supply and store our sensitive data in a secure manner. All of these third parties face potential risks relating to cybersecurity similar to ours which could disrupt their businesses and therefore adversely impact us. While we provide guidance and specific requirements in some cases, we do not directly control any of these parties information technology security operations, or the amount of investment they place in guarding against cybersecurity threats. Accordingly, we are subject to any flaw or breaches to their information technology systems, or those which they operate for us, which could have a material adverse effect on our financial condition or results of operations. We face risks from cybersecurity threats that could have a material adverse effect on our business, financial condition, results of operations, cash flows or reputation. We acknowledge that the risk of cyber incidents is prevalent in the current threat landscape and that a future cyber incident may occur in the normal course of its business. To date, we have not had a cybersecurity incident. We proactively seek to detect and investigate unauthorized attempts and attacks against our IT assets, data, and services, and to prevent their occurrence and recurrence where practicable through changes or updates to internal processes and tools and changes or updates to service delivery however, potential vulnerabilities to known or unknown threats will remain. Further, there is increasing regulation regarding responses to cybersecurity incidents, including reporting to regulators, investors, and additional stakeholders, which could subject us to additional liability and reputational harm. See Item 1A. Risk Factors for more information on cybersecurity risks.

Company Information