Sculptor Diversified Real Estate Income Trust, Inc. 10-K Cybersecurity GRC - 2024-03-29

Page last updated on April 11, 2024

Sculptor Diversified Real Estate Income Trust, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-29 21:49:10 EDT.

Filings

10-K filed on 2024-03-29

Sculptor Diversified Real Estate Income Trust, Inc. filed an 10-K at 2024-03-29 21:49:10 EDT
Accession Number: 0001914496-24-000042

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Assessment, Identification and Management of Material Risks from Cybersecurity We rely on the cybersecurity strategy and policies implemented by Sculptor, our sponsor and an affiliate of the Adviser. Sculptor s cybersecurity strategy prioritizes detection and analysis of and response to known, anticipated or unexpected threats, effective management of security risks and resilience against cyber incidents. Sculptor s cybersecurity risk management processes include technical security controls, policy enforcement mechanisms, monitoring systems, tools and related services, which include tools and services from third-party providers, and management oversight to assess, identify and manage risks from cybersecurity threats. Sculptor has implemented and continues to implement risk-based controls designed to prevent, detect and respond to information security threats and we rely on those controls to help us protect our information, our information systems, and the information of our investors, and other third parties who entrust us with their sensitive information. Sculptor s cybersecurity program includes physical, administrative and technical safeguards, as well as plans and procedures designed to help Sculptor prevent and timely and effectively respond to cybersecurity threats and incidents, including threats or incidents that may impact us, our Adviser or Sculptor. Sculptor s cybersecurity risk management process seeks to monitor cybersecurity vulnerabilities and potential attack vectors, evaluate the potential operational and financial effects of any threat and mitigate such threats. The assessment of cybersecurity risks, including those which may impact us, our Adviser or Sculptor, is integrated into Sculptor s risk management program. In addition, Sculptor periodically engages with third-party consultants and key vendors to assist it in assessing, enhancing, implementing, and monitoring its cybersecurity risk management programs and responding to incidents. Sculptor s cybersecurity risk management and awareness programs include periodic identification and testing of vulnerabilities, regular phishing simulations and annual general cybersecurity awareness training, including for all of the employees of Sculptor. Sculptor undertakes periodic internal security reviews of its information systems and related controls, including systems affecting personal data and the cybersecurity risks of Sculptor s and our critical third-party vendors and other partners. Sculptor also completes periodic external reviews of its cybersecurity program and practices, which include assessments of relevant data protection practices and targeted attack simulations. In the event of a cybersecurity incident impacting us, our Adviser or Sculptor, Sculptor has developed an incident response plan that provides guidelines for responding to such an incident and facilitates coordination across multiple operational functions of Sculptor, including coordinating with the relevant members of our Adviser. The incident response plan includes notification to the applicable members of cybersecurity leadership, and, as appropriate, escalation to the full Sculptor risk management team and/or an internal ad-hoc group of senior employees, tasked with helping to manage the cybersecurity incident. Depending on their nature, incidents may also be reported to the audit committee of our board of directors and to our full board of directors, if appropriate. Oversight of Cybersecurity Risks Our board of directors and audit committee have primary responsibility for oversight and review of guidelines and policies with respect to risk assessment and risk management, including cybersecurity. Certain members of the Sculptor cybersecurity team periodically report to our audit committee as well as our full board of directors, as appropriate, on cybersecurity matters. Such reporting includes updates on Sculptor s cybersecurity program as it impacts us, the external threat environment, and Sculptor s programs to address and mitigate the risks associated with the evolving cybersecurity threat environment. These reports also include updates on our and Sculptor s preparedness, prevention, detection, responsiveness, and recovery with respect to cyber incidents. Material Impact of Cybersecurity Risks As of the date of this filing, we have not experienced a material information security breach incident and the expenses we have incurred from information security incidents have been immaterial, and we are not aware of any cybersecurity risks that are reasonably likely to materially affect our business. However, future incidents could have a material impact on our business strategy, results of operations, or financial condition. For additional discussion of the risks posed by cybersecurity threats, see Item 1A. Risk Factors-Cybersecurity risks and cyber incidents may adversely affect our business by causing a disruption to our operations, a compromise or corruption of our confidential information and/or damage to our business relationships. 63

Company Information