Redwood Mortgage Investors IX 10-K Cybersecurity GRC - 2025-04-24

Page last updated on April 24, 2025

Redwood Mortgage Investors IX reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-04-24 16:04:23 EDT.

Filings

10-K filed on 2025-04-24

Redwood Mortgage Investors IX filed a 10-K at 2025-04-24 16:04:23 EDT
Accession Number: 0000950170-25-057997

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C - Cybersecurity Our manager has processes in place for assessing, identifying, and managing material risks from potential unauthorized occurrences on or through its electronic information systems that could adversely affect the confidentiality, integrity, or availability of its information systems or the information residing on those systems. These include a variety of mechanisms, controls, protocols, technologies, methods, systems/network architecture, and other processes that are designed to prevent, detect, and/or mitigate unauthorized access, data loss, theft, and/or misuse, or other security incidents or vulnerabilities affecting the data. The data include confidential, proprietary, and business and personal information that RMC collects, processes, stores, and transmits as part of our business, including on behalf of third parties. Our manager also use systems and processes designed to reduce the impact of a security incident at a third-party vendor or customer. Additionally, our manager uses processes to oversee and identify material risks from cybersecurity threats associated with its use of third-party technology and systems , including: technology and systems we use for encryption and authentication; employee email; content delivery to customers; back-office support; and other functions. As part of our manager’s risk management process , it conducts application security assessments, vulnerability management, penetration testing, security audits, and ongoing risk assessments. RMC maintains a variety of incident response plans that are to be utilized when incidents are detected. RMC requires employees with access to information systems, including all corporate employees, to undertake data protection and cybersecurity training and compliance programs annually. Our security vendor is responsible for implementing and maintaining centralized cybersecurity and data protection practices at RMC in close coordination with RMC’s senior leadership and other teams across RMC. The vendor has a number of experienced information security team members responsible for various parts of our business, all of whom are supported by a team of trained cybersecurity professionals and at times may engage assessors, consultants, auditors, or other third parties to assist with assessing, identifying, and managing cybersecurity risks. Cybersecurity risks and associated mitigations are evaluated by RMC’s senior leadership bimonthly. Additionally reviewed in these bimonthly meetings are hardware and software used throughout the business operation, from firewall devices to endpoints and peripherals, as well as internally hosted software and applications to SaaS and vendor sites. As of the date of this filing, we have not identified any cybersecurity threats or incidents that have materially affected or are reasonably likely to materially affect our business strategy, results of operations, or financial condition. However, there can be no assurance that we, or our third-party business partners or service providers, will not experience a cybersecurity threat or incident in the future that could materially adversely affect our business strategy, results of operations, or financial condition. For further discussion of cybersecurity risks we face, see the risk factors discussed under " Cybersecurity risks and cyber incidents may adversely affect our business by causing a disruption to our operations, a compromise or corruption of our data or confidential information, and/or damage to our business relationships, all of which could negatively impact our financial results " in Risk Factors in Item 1A of this Form 10-K .

Company Information