Presidio Property Trust, Inc. 10-K Cybersecurity GRC - 2024-04-16

Page last updated on April 17, 2024

Presidio Property Trust, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-04-16 21:05:01 EDT.

Filings

10-K filed on 2024-04-16

Presidio Property Trust, Inc. filed an 10-K at 2024-04-16 21:05:01 EDT
Accession Number: 0001437749-24-012230

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Presidio Property Trust has a cross-departmental approach to addressing cybersecurity risk, including input from senior management, employees, external consultants, and our Board of Directors (the “Board”). Senior management devote significant resources to cybersecurity and risk management processes to adapt to the changing cybersecurity landscape and respond to emerging threats in a timely and effective manner, including providing periodic training to staff and periodic review of the Company s current posture to protect against threats. The Audit Committee of the Board of Directors oversees the steps taken by Presidio Property Trust s management to monitor and mitigate cybersecurity risks. Senior management briefs the Audit Committee and the Board of Directors on cybersecurity matters as necessary. The Company operates almost exclusively in a Software-as-a-Service (SaaS) IT environment. In addition to assessing our own cybersecurity preparedness, we also consider and evaluate cybersecurity risks associated with the use of third-party service providers. The internal business owners of the hosted applications are required to document quarterly user access reviews and obtain a System and Organization Controls (SOC) 1 or SOC 2 report from our SaaS vendors. With assistance from an external consultant, management conducts an annual review of third-party SOC reports with a specific focus on their data protection procedures. If a third-party vendor is not able to provide a SOC 1 report, management takes additional steps to assess their cybersecurity preparedness and assess our relationship with them on that basis. Our assessment of risks associated with the use of third-party providers is a significant part of the Company s overall cybersecurity risk management framework. The Company has also engaged a third-party managed service provider to manage server, network, and email security, including continuous monitoring and industry-leading antivirus software. Presidio Property Trust has robust business continuity and disaster recovery procedures in place, and an insurance policy that provides for network security liability, event response and recovery, direct business interruption, contingent business interruption, cyber extortion, social engineering, and computer fraud should an incident occur. 39 Table of Contents In addition, we have Company-wide policies and procedures concerning cybersecurity matters, including access security, system change management, development lifecycle, incident management and business continuity/disaster recovery policies. These policies go through an annual internal review process and are approved by appropriate members of management. Presidio Property Trust uses a third-party consultant to assess the Company s compliance with Sarbanes Oxley. Presidio Property Trust faces risks from cybersecurity threats that could have a material adverse effect on its business, financial condition, results of operations, cash flows or reputation. The Company has not, to date, experienced cyber incidents in the normal course of its business, nor have prior cybersecurity incidents had a material adverse effect on the Company s business, financial condition, results of operations, or cash flows. For more information about the cybersecurity risks we face, see the risk factor entitled Risks related to cyber-attacks, cyber intrusions and other security breaches in Item 1A- Risk Factors.

Company Information