Redwood Mortgage Investors IX 10-K Cybersecurity GRC - 2024-04-17

Page last updated on July 16, 2024

Redwood Mortgage Investors IX reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-04-17 17:51:18 EDT.


10-K filed on 2024-04-17

Redwood Mortgage Investors IX filed a 10-K at 2024-04-17 17:51:18 EDT
Accession Number: 0000950170-24-045202

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C - Cybersecurity Our manager has processes in place for assessing, identifying, and managing material risks from potential unauthorized occurrences on or through its electronic information systems that could adversely affect the confidentiality, integrity, or availability of its information systems or the information residing on those systems. These include a wide variety of mechanisms, controls, technologies, methods, systems, and other processes that are designed to prevent, detect, or mitigate data loss, theft, misuse, unauthorized access, or other security incidents or vulnerabilities affecting the data. The data include confidential, proprietary, and business and personal information that RMC collects, processes, stores, and transmits as part of our business, including on behalf of third parties. Our manager also use systems and processes designed to reduce the impact of a security incident at a third-party vendor or customer. Additionally, our manager uses processes to oversee and identify material risks from cybersecurity threats associated with its use of third-party technology and systems, including: technology and systems we use for encryption and authentication; employee email; content delivery to customers; back-office support; and other functions. As part of our manager’s risk management process, it conducts application security assessments, vulnerability management, penetration testing, security audits, and ongoing risk assessments. RMC also maintains a variety of incident response plans that are to be utilized when incidents are detected. RMC requires employees with access to information systems, including all corporate employees, to undertake data protection and cybersecurity training and compliance programs annually. RMC has a unified and centrally-coordinated team, led by a security vendor, QCC, that is responsible for implementing and maintaining centralized cybersecurity and data protection practices at RMC in close coordination with RMC’s senior leadership and other teams across RMC. QCC has a number of experienced information security team members responsible for various parts of our business, all of whom are supported by a team of trained cybersecurity professionals. In addition to QCC’s extensive in-house cybersecurity capabilities, at times they also engage assessors, consultants, auditors, or other third parties to assist with assessing, identifying, and managing cybersecurity risks. Cybersecurity risks and associated mitigations are evaluated by RMC’s senior leadership bimonthly. Additionally reviewed in these bimonthly meetings are hardware and software used throughout the business operation, from firewall devices to endpoints and peripherals, as well as internally hosted software and applications to SaaS and vendor sites. The security team at QCC, which is comprised of in-house technicians, in conjunction with senior leadership at RMC, oversees RMC’s policies and procedures for protecting RMC’s cybersecurity infrastructure and for compliance with applicable data protection and security regulations, and related risks. This security team also oversees RMC’s board’s response to any significant cybersecurity incidents. 21 QCC’s CEO Ron Jones, who has extensive cybersecurity knowledge and skills gained from over 30 years of work experience on the security team at QCC and an extensive career in the technology and cybersecurity industries as a senior network engineer providing support for other service providers in the industry, heads the team responsible for implementing and maintaining cybersecurity and data protection practices at RMC and reports directly to RMC’s President, Michael Burwell.

Company Information

NameRedwood Mortgage Investors IX
SIC DescriptionReal Estate
CategoryNon-accelerated filer
Smaller reporting company
Fiscal Year EndDecember 30