New York REIT Liquidating LLC 10-K Cybersecurity GRC - 2024-04-01

Page last updated on April 11, 2024

New York REIT Liquidating LLC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-04-01 16:52:02 EDT.

Filings

10-K filed on 2024-04-01

New York REIT Liquidating LLC filed an 10-K at 2024-04-01 16:52:02 EDT
Accession Number: 0000950170-24-039443

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. Risk Management and Strategy We recognize the importance of assessing, identifying, and managing risk associated with cybersecurity threats. Our external advisor has implemented cybersecurity processes, technologies, and controls to aid in our efforts to assess, identify, and manage such risks. Our advisor has developed and implemented a cybersecurity risk management program intended to protect the confidentiality, integrity, and availability of our critical systems and information. This cybersecurity risk management program is integrated into our overall enterprise risk management program, and shares common methodologies, reporting channels and governance processes that apply across the enterprise risk management program to other legal, compliance, strategic, operational, and financial risk areas. 17 NEW YORK REIT LIQUIDATING LLC FORM 10-K DECEMBER 31, 2023 As we are fully externally advised, we are reliant on our external advisor s network and risk management program. Our external advisor has elected to engage third-party managed service providers to maintain its network and to manage the monitoring, detection, mitigation, and prevention of cybersecurity threats. These service providers are responsible for managing our advisor s hosted services, all of the computer and computer-related hardware and software they use, and for managing the backup process. Our advisor s primary managed service provider supplies management with monthly updates and activity reports related to network alerts, connectivity issues and help desk tickets. We are subject to risks from cybersecurity threats and incidents. As of December 31, 2023, we do not believe such risks have materially affected or are reasonably likely to materially affect the Company, including the Company s business strategy, results of operations or financial condition. However, there can be no assurance that the Company will not be materially affected in the future. For additional information regarding risks from cybersecurity threats, refer to Item 1A, Risk Factors , in this Annual Report on Form 10-K. Governance Our Board of Managers (the Board ) considers cybersecurity risk as part of its risk oversight function. In March 2024, the Board delegated to its Audit Committee oversight of cybersecurity and other information technology risks. Our Audit Committee oversees management s implementation of our cybersecurity risk management program. Our Audit Committee will receive periodic reports from our Chief Financial Officer on our cybersecurity risks. In addition, our Chief Financial Officer will update our Audit Committee, as necessary, regarding any significant cybersecurity incidents impacting our advisor s information systems. Our Board of Directors will also receive briefings from our Chief Financial Officer on our cybersecurity risk management program as part of our overall business risk updates. Our management, represented by our Chief Financial Officer, oversees the Company s cybersecurity risk management program. Our advisor has elected to engage third-party providers to maintain its network defenses and to manage and assess cybersecurity risk management and strategy for the Company. Our advisor’s third-party provider updates our Chief Financial Officer and members of our advisor s management team with any network issues on a monthly basis and makes recommendations for security upgrades as needed. Our Chief Financial Officer takes these recommendations into account in deciding which upgrades to implement. Our Chief Financial Officer will update the Audit Committee quarterly, or more frequently in the case of a significant cybersecurity incident impacting our information systems.

Company Information