GENERATION INCOME PROPERTIES, INC. 10-K Cybersecurity GRC - 2024-04-08

Page last updated on July 16, 2024

GENERATION INCOME PROPERTIES, INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-04-08 16:35:42 EDT.

Filings

10-K filed on 2024-04-08

GENERATION INCOME PROPERTIES, INC. filed a 10-K at 2024-04-08 16:35:42 EDT
Accession Number: 0000950170-24-042640

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Risk Management Approach and Strategy Our corporate information technology, accounting and financial reporting platforms, and related systems (our “Information Systems”) are necessary for our business. We use these systems, among others, to manage key aspects of our business, including relationships with our tenants and vendors, accounting, acquisitions, internal and external communications and property and asset management. We also rely on the secure collection, storage, transmission and processing of proprietary, confidential and sensitive data related to our business (our “Sensitive Data”). We engage a third-party managed information technology service provider (the “MSP”) for cybersecurity services, including threat detection and response, vulnerability assessment and monitoring, security incident response and recovery and general cybersecurity education and awareness. Our cybersecurity risk management is integrated into our overall enterprise risk management efforts and shares common methodologies, reporting channels and governance processes that apply across our overall enterprise risk management. We and our MSP identify, assess and manage material cybersecurity threats and risks to our Information Systems and Sensitive Data through the following, among others: - a multidisciplinary team, including a dedicated technology committee (the “Technology Committee”) comprising members from senior management, asset management and accounting and legal functions, in conjunction with our MSP and other third-party service vendors, to identify, assess and manage cybersecurity threats and risks; - various internal processes and procedures to monitor and evaluate threat environment and our risk profile using methods such as manual and automated tools, subscribing to reports and services that identify and analyze cybersecurity threats, conducting scans of the threat environment, evaluating our industry’s risk profile, utilizing internal and external audits and conducting threat and vulnerability assessments; 32 - various technical, physical and organizational processes and policies to manage and mitigate material cybersecurity risks, such as risk assessments, incident detection and response, vulnerability management, disaster recovery and business continuity plans, internal controls within our accounting and financial reporting functions, encryption of data, network security controls, access controls, physical security, asset management, systems monitoring, vendor risk management program, employee training and penetration testing; and - working with third-party vendors from time to time that assist us to identify, assess and manage cybersecurity risks, such as professional services firms and penetration testing firms.

Company Information