Five Point Holdings, LLC 10-K Item 1C. Cybersecurity - 2026-03-06

Get alerts

Five Point Holdings, LLC disclosed their cybersecurity strategy, risk management and governance process in an annual SEC Filing 10-K filing on 2026-03-06 16:47:38 EST

Company Summary
Filings
- 10-K filed on 2026-03-06
Company
- Profile

Company Summary

Five Point Holdings, LLC is an owner and developer of mixed-use planned communities in California, primarily generating revenue by selling residential and commercial land sites and providing development management services.

Looking for governance insights? View the comprehensive Cyber Governance Profile for Five Point Holdings, LLC.

Filings

10-K filed on 2026-03-06

Five Point Holdings, LLC filed an SEC Filing 10-K filing on 2026-03-06 16:47:38 EST.
Accession Number: 0001574197-26-000005

Item 1C. Cybersecurity

Item 1C - Cybersecurity

ITEM 1C. Cybersecurity

Risk Management and Strategy

We understand the importance of identifying and managing cybersecurity risks that could materially disrupt our business operations. We rely on information technology systems to conduct important operational activities and to maintain business and employee records and financial data. Disruption of these systems could adversely impact our ability to conduct business activities.

We have implemented a cybersecurity risk management program intended to protect the security and availability of our critical systems and information. Our risk assessment process is modeled after the National Institute of Standards and Technology ("NIST") Guide for Conducting Risk Assessments and is performed annually. We may also elect to perform assessments more often

based on material changes in business activities or other factors. The results of our cybersecurity risk assessment aid in identifying potential cybersecurity risks and guiding the adoption of appropriate risk mitigation measures. Our cybersecurity threat defense approach incorporates certain guiding principles from the NIST Cybersecurity Framework (the "NIST Framework"). This does not imply that we meet any particular technical standards, specifications, or requirements, only that we use the NIST Framework as a guide to help us identify, assess, and manage cybersecurity risks relevant to our business. Our program includes a cybersecurity incident response plan that consists of incident identification, classification, investigation and diagnosis, response, and recovery.

Following our acquisition of the Hearthstone Venture, we have been integrating the Hearthstone Venture's information technology environment and related cybersecurity systems and processes into our enterprise cybersecurity program. Until integration is complete, certain Hearthstone Venture systems and controls operate under their pre-acquisition cybersecurity framework, which may differ from our established standards.

Our process for managing cybersecurity risk is a collaborative effort that includes key members of our information technology, legal, and finance departments, as well as internal audit and third-party cybersecurity firms. Our cybersecurity program takes into consideration the identification of critical data assets, information technology systems, third party service providers, and business processes that may be susceptible to cybersecurity threats. Potential technology vendor relationships are vetted based on the nature of services or technology being provided, and we continue to evaluate these relationships to determine the ongoing necessity of the services and the vendor's risk management posture.

As part of our cybersecurity program, we have implemented various strategies and processes to manage cybersecurity risks, which include:

providing training and guidance to our employees on cybersecurity threats and emerging trends, including phishing simulations to increase awareness of potential critical security threats;
obtaining independent and objective assessments by our internal audit department;
annual review of Service Organization Controls reports from our critical third-party vendors based upon a determination of their relative importance and risk level;
implementing preventative and detective security tools; and
using both internal resources and third-party security firms to provide ongoing monitoring of both internal systems as well as activity within third-party environments.

We also maintain insurance coverage for cybersecurity incidents. We have not identified risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents, that have materially affected or are reasonably likely to materially affect us, including our operations, business strategy, results of operations, or financial condition. We describe the risks from cybersecurity threats that could affect our operations and financial results under the heading " Cyber-attacks or acts of cyber-terrorism could disrupt our business operations and information technology systems or result in the loss or exposure of confidential or sensitive employee or company information ." included as part of our Item 1A. Risk Factors of this Annual Report on Form 10-K, which disclosures are incorporated by reference herein.

Governance

Our board of directors has designated the audit committee to oversee our exposure to risk, including risks related to cybersecurity threats, and the steps management has taken to monitor and control such risks. The audit committee receives periodic updates from our Vice President - Information Systems on our cybersecurity program, potential material cybersecurity threats, and results of the most recent cybersecurity risk assessment. Additionally, t he audit committee is regularly informed about (1) the results of independent and objective assessments of key components of our cybersecurity program as reported by our internal audit department and (2) material risks that could impact our operations or financial condition and the measures implemented to adequately mitigate relevant risks. The audit committee regularly reports to our board of directors regarding its activities, including those related to cybersecurity risk oversight, and members of our board of directors periodically discuss cybersecurity matters with members of management.

We have established a security committee, which contains management representation from our information technology, legal, and finance groups. The security committee includes our Vice President - Information Systems, who has more than 15 years of experience in the following information technology areas: compliance, security, auditing, vendor management, and systems and network operations. The security committee oversees our cybersecurity incident response plan and is responsible for assessing and managing cybersecurity threats and evaluating the potential impact of such threats on our business strategy, results of operations, and overall financial condition. The security committee is also overseeing the integration of the Hearthstone Venture systems and cybersecurity processes into our enterprise cybersecurity risk management and governance model. The security committee supervises efforts to prevent, detect, mitigate, and remediate cybersecurity risks and incidents through various means, which may include threat intelligence and other information obtained from governmental, public or private sources, including external consultants engaged by us; and alerts and reports produced by security tools deployed in the information technology systems environment. Our Vice President - Information Systems is responsible for proposing strategies and tactics to mitigate cybersecurity threats, which are subject to review and approval by the security committee.

Company

Profile

Name	Five Point Holdings, LLC
CIK	1574197
SIC Description
Industry
Ticker	FPH
Website
Category	Accelerated Filer
Fiscal Year End	December 31