Page last updated on July 16, 2024
ESSEX PORTFOLIO LP reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-23 16:05:20 EST.
Filings
10-K filed on 2024-02-23
ESSEX PORTFOLIO LP filed a 10-K at 2024-02-23 16:05:20 EST
Accession Number: 0000920522-24-000033
Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!
Item 1C. Cybersecurity.
Item 1C. Cybersecurity The Company has developed and implemented a cybersecurity risk management program intended to protect the confidentiality, integrity and availability of its critical systems and information. The Company’s cybersecurity risk management program employs several different measures, including perimeter monitoring, endpoint monitoring and user management, designed to assess and identify cybersecurity risks. The Company’s technology management team is principally responsible for managing the Company’s cybersecurity risk assessment and management processes. The Company’s technology management team performs enterprise-level risk assessments designed to help identify material cybersecurity risks to our critical systems, information, products, services, and our broader enterprise IT environment. The Company’s technology management team and third-party professionals perform penetration tests, vulnerability scans, and patch management to assess and protect the confidentiality, integrity and availability of its critical systems and information. The Company provides training to its employees on cybersecurity matters, performs periodic awareness testing to facilitate compliance with the Company’s cybersecurity policies, and maintains a method for its employees and consultants to communicate any suspected cybersecurity incident. In addition, the Company evaluates key third-party service providers before the Company grants the service provider access to its information systems and has a process in place to ensure that future access is appropriate. The Company has an established incident response plan for responding to cybersecurity incidents. The goal of the incident response plan is to detect and react to cybersecurity incidents, evaluate the scope and risk, respond appropriately, communicate effectively to all stakeholders, and ultimately reduce the likelihood of an incident recurrence. The Company’s incident response team consists of seasoned information technology, legal and financial reporting Company personnel. The incident response plan, members of the incident response team and the steps to respond to a security incident are evaluated for appropriateness and effectiveness, and key personnel from cross-functional departments are involved. The Board of Directors considers cybersecurity risk as part of its risk oversight function and has delegated to the Audit Committee oversight of enterprise level risks, including any cybersecurity-related risks faced by the Company. At least quarterly, the Audit Committee reviews cyber risks and mitigation strategies with senior management. The Audit Committee reports to the full Board regarding its activities, including those relating to cybersecurity. Additionally, on an annual basis, the Chief Technology Officer (“CTO”) presents to the Audit Committee on any material updates to the cybersecurity program, such as process improvements, new initiatives and key vendor performance. Material cybersecurity events, if any, are escalated to the Board on an ongoing basis. The Board is also briefed annually on all major enterprise risks, including cybersecurity risks. The Company’s management team, including the CTO, is responsible for assessing and managing the Company’s material risks from cybersecurity threats. The CTO leads the technology management team and has extensive cybersecurity knowledge and expertise developed through a career of serving in various roles in information technology for over 20 years. The CTO oversees the Company’s initiatives to address existing or evolving cyber risks and is a member of the Enterprise Risk Committee. The CTO reports to the Chief Executive Officer (“CEO”) and provides updates to the Company’s senior leadership team on a regular basis, at least quarterly, about risks from cybersecurity threats, the results of penetration tests, vulnerability scans and userbase issues. Over the past fiscal year, the Company has not identified risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents, that have materially affected or are reasonably likely to materially affect the Company, including its operations, business strategy, results of operations or financial condition. See “Risk Factors - We are subject to laws and regulations relating to the handling of personal information and we rely on information technology to sustain our operations. Any failure by us to comply with applicable requirements or material failure, inadequacy, interruption or breach of the Company’s privacy or information systems, or those of our vendors or other third parties, could materially adversely affect the Company’s business, results of operations and financial condition”.
Company Information
Name | ESSEX PORTFOLIO LP |
CIK | 0001053059 |
SIC Description | Real Estate Investment Trusts |
Ticker | |
Website | |
Category | |
Fiscal Year End | December 30 |