Chicago Atlantic Real Estate Finance, Inc. 10-K Cybersecurity GRC - 2024-03-12

Page last updated on July 16, 2024

Chicago Atlantic Real Estate Finance, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-12 07:00:41 EDT.

Filings

10-K filed on 2024-03-12

Chicago Atlantic Real Estate Finance, Inc. filed a 10-K at 2024-03-12 07:00:41 EDT
Accession Number: 0000950170-24-029644

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. As an externally managed company, our business is highly dependent on the communications and information systems of our Manager, its affiliates and third-party service providers. We, in conjunction with our Manager, have adopted processes designed to identify, assess and manage material risks from cybersecurity threats. These processes include responses to and assessments of internal and external threats to the security, confidentiality, integrity and availability of our and our Manager’s data and systems along with other material risks to operations. As part of its collective risk management process, our Manager engages a third party information technology consultant (“IT Consultant”) to evaluate risks associated with the Manager’s information and technology system(s), network and physical devices. Our Manager also uses the National Institute of Standards of Technology (NIST) Cybersecurity Framework to assess its cybersecurity controls. Governance Our board of directors has responsibility for the direction and oversight of our risk management. Our board of directors administers this oversight function directly, with support from its committees. In particular, the audit committee of our board of directors (the “audit committee”) has the responsibility to consider and discuss our major financial risk exposures and the steps our Manager takes, or is required to take, to monitor and control these exposures, including guidelines and policies to govern the process by which risk assessment and management is undertaken. Our audit committee also monitors compliance with legal and regulatory requirements. With respect to cybersecurity, the audit committee engages in discussions with management regarding the Company’s significant financial risk exposures and the measures implemented to monitor and control these risks, including those that may result from material cybersecurity threats. In addition, employees of our Manager and/or the IT Consultant will brief the audit committee on the Manager’s information security program and cybersecurity risks at least annually, and will brief the audit committee as needed in connection with any potentially material cybersecurity incidents affecting the Company. Annual briefings of the audit committee by employees of the Manager and/or the IT Consultant may include topics such as risk assessment, risk management and control decisions, service provider arrangements, test results, security incidents and responses, and recommendations for changes and updates to policies and procedures. As of the date of this report, we are not aware of any material risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, that have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations, or financial condition.


Company Information

NameChicago Atlantic Real Estate Finance, Inc.
CIK0001867949
SIC DescriptionReal Estate Investment Trusts
TickerREFI - Nasdaq
Website
Category
Emerging growth company
Fiscal Year EndDecember 30