Rithm Perpetual Life Residential Trust 10-K Cybersecurity GRC - 2026-03-06

Page last updated on March 6, 2026

Rithm Perpetual Life Residential Trust reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2026-03-06 09:37:13 EST.

Filings

10-K filed on 2026-03-06

Rithm Perpetual Life Residential Trust filed a 10-K at 2026-03-06 09:37:13 EST
Accession Number: 0001628280-26-015484

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity We are an externally managed company, and our day-to-day operations are managed by the Adviser and our officers under the oversight of our Board. Accordingly, we rely on our Adviser's cybersecurity risk management program and processes to identify, assess and manage material cybersecurity risks to our business. Risk Management and Strategy Pursuant to our Management Agreement, the Adviser, through Rithm, maintains and administers a cybersecurity risk management program designed to identify, assess, manage and monitor cybersecurity risks applicable to our business and operations. Rithm regularly assesses cybersecurity threats and continuously monitors and tests information systems for potential vulnerabilities as part of its cybersecurity program, which is led by Rithm's Chief Information Security Officer ("CISO") and is integrated into Rithm's broader enterprise risk management framework. Rithm's dedicated cybersecurity personnel oversee the controls, technologies, systems and processes used to mitigate risks related to data loss, theft, exploitation, unauthorized access or other cybersecurity vulnerabilities that may affect our information or data. Rithm's cybersecurity program includes incident response and recovery planning; information security policies and standards; vendor and third party risk management; employee training and awareness programs, including simulated phishing exercises; participation in industry information-sharing forums; and ongoing internal and external testing of information systems. Independent testing includes (i) periodic reviews and evaluations conducted by Rithm's internal audit function and (ii) annual network penetration testing performed by independent third party specialists. Rithm's processes for assessing, identifying and managing material cybersecurity risks have been integrated into its overall risk management systems and processes. As part of these efforts, Rithm monitors developments in applicable privacy and cybersecurity laws, regulations and guidance in the jurisdictions in which it operates, including, among others, SEC rules and privacy laws, as well as emerging regulatory requirements and evolving cybersecurity threats. To address cybersecurity risks associated with third-party service providers, Rithm maintains a third-party risk management program that includes contractual requirements for appropriate data protection and cybersecurity controls and risk-based due diligence during onboarding. Service providers are assigned tiered risk ratings that determine the frequency and scope of ongoing assessments. For key service providers, Rithm obtains and reviews materials such as System and Organization Control ("SOC") reports, including SOC 1 reports, standard information gathering (SIG) questionnaires and business continuity and disaster recovery documentation. To date, cybersecurity risks, including those arising from known prior cybersecurity incidents have not materially affected our business strategy, results of operations or financial condition, and we are not aware of any cybersecurity incidents that are reasonably likely to have a material impact on the Company. For additional information regarding cybersecurity risks, see "Part I. Item 1A. Risk Factors - Risks Related to Our Business and Operations - Our business and operations could suffer in the event of system failures or cybersecurity breaches. " Governance Our Board oversees the Company's enterprise risk management program, including cybersecurity risk, both directly and through its committees. The audit committee of the Board ("Audit Committee"), together with the Adviser, provides oversight of the Company's risk management framework and the most significant risks facing the Company over the short-, intermediate- and long-term. The Audit Committee receives regular updates and engages in periodic discussions regarding key risk areas, including cybersecurity. The Audit Committee receives reports from Rithm's CISO and Chief Information Officer ("CIO") on the Company's cybersecurity posture, enterprise risk profile and risk management policies and processes. In addition, Rithm maintains escalation protocols pursuant to which certain cybersecurity incidents are reported in a timely manner to the Audit Committee and, as appropriate, to the full Board. Pursuant to the Management Agreement, t he Adviser, through Rithm, employs a risk-based approach to cybersecurity supported by policies, standards and controls designed to address cybersecurity threats and incidents across its operations. Responsibility for cybersecurity risk management is led by the CISO, who oversees the design and implementation of the Company's information security program and works to enhance the security posture of Rithm and its subsidiaries and affiliates. The CISO coordinates closely with the other members of senior management, including the CIO and Rithm's Chief Legal Officer in managing cybersecurity risks. In carrying out these responsibilities, the CISO receives regular reports from Rithm's cybersecurity and information technology personnel regarding cybersecurity threats, vulnerabilities and incidents and oversees the ongoing evaluation of risk management measures designed to identify and mitigate data protection and cybersecurity risks. 61 At the operational level, Rithm maintains an information technology and cybersecurity team responsible for implementing privacy and cybersecurity controls and supporting the CISO in monitoring, reporting and mitigation activities. Rithm provides ongoing employee training related to cybersecurity, privacy, records and information management and conducts simulated phishing and other awareness exercises designed to promote cybersecurity risk awareness across the organization .

Company Information