MacKenzie Realty Capital, Inc. 10-K Cybersecurity GRC - 2024-09-27

Page last updated on September 27, 2024

MacKenzie Realty Capital, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-09-27 17:17:43 EDT.

Filings

10-K filed on 2024-09-27

MacKenzie Realty Capital, Inc. filed a 10-K at 2024-09-27 17:17:43 EDT
Accession Number: 0001140361-24-042226

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. CYBER SECURITY Risk Management and Strategy As an externally managed company, our day-to-day operations are managed by our Advisers and our executive officers under the oversight of our board of directors. As such, we rely on our Advisers’ cybersecurity program, as discussed herein, for assessing, identifying, and managing material risks to our business from cybersecurity threats. Due to the small size of our operations, our Advisers have elected to outsource the information technology function to a third-party managed service provider, or the MSP, that specializes in fully managed information technology services and fully managed cybersecurity. The MSP is responsible for managing all of our Advisers’ hosted services, all of the computer and computer-related hardware and software used by our Advisers to manage our operations, and all onsite and offsite backups. The MSP also provides managed security services designed to prevent cybersecurity threats, to identify and remediate vulnerabilities, to monitor systems, to protect data and systems, to detect potential intrusions and cybersecurity incidents, to quarantine systems should they be compromised, and to recover from business interruptions or other disasters. The MSP follows the NIST Cybersecurity Framework, developed by the National Institute of Standards and Technology of the U.S. Department of Commerce, to measure the maturity of the services it provides to us and its other clients. The MSP conducts ongoing cybersecurity training to ensure all employees are aware of cybersecurity risks and performs periodic phishing simulation testing for increased cyber resilience. Annually, the MSP conducts penetration testing to assess cybersecurity measures and to review the information security control environment and operating effectiveness. In addition, our Advisers evaluate key third-party service providers before granting the service provider access to its information systems and have a process in place to ensure that future access is appropriate. Our assessment of risks associated with the use of third-party providers is part of the Advisers’ overall cybersecurity risk management framework. For any software platforms that are hosted by third parties, our Advisers confirm the vendor maintains a System and Organization Controls (“SOC”) report. While we have control, through our contract with the MSP, over our information systems, we do not have control over the information systems of third parties who provide services, and in particular certain property management services, at our commercial and residential real estate properties. Although we confirm third party software platforms maintain a SOC report, we rely on third parties for managing their cybersecurity risk. Our Advisers maintain third-party cyber insurance and upon identification of a significant cyber incident involving the Advisers managed IT environment, our Advisers would notify their cyber insurance carrier. As of the date of this annual report, we are not aware of any risks from cybersecurity threats, including as a result of any cybersecurity incidents, that have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations, or financial condition. However, our business is highly dependent on our ability to collect, use, store and manage organizational and property data. If any of our significant information and data management systems do not operate properly or are disabled, we could suffer a material disruption of our business or managing real estate, liability to tenants, loss of tenant or other sensitive data, regulatory intervention, breach of confidentiality or other contract provisions, or reputational damage. These systems may fail to operate properly or become disabled as a result of events wholly or partially beyond our control, including disruptions of electrical or communications services, natural disasters, political instability, terrorist attacks, sabotage, computer viruses, deliberate attempts to disrupt our computer systems through “hacking,” “phishing,” or other forms of both deliberate or unintentional cyber-attack, or our inability to occupy our office location. As our Advisers have elected to outsource our information technology functions to third-party providers, we bear the risk of having less direct control over the security and performance of those systems. Governance As part of its responsibilities pursuant to our corporate governance guidelines, our board of directors oversees our policies with respect to risk assessment and risk management, including with respect to cybersecurity risks. The board of directors administers its risk oversight function by receiving regular reports from our executive officers on areas of material risk to us, which reports include any updates regarding cybersecurity incidents or other developments. As discussed above, we engage the MSP to assist us with the identification, monitoring and management of cybersecurity risks and rely on the expertise and knowledge of the MSP with respect to supporting our information technology network. The MPS reports periodically to our management team as necessary, including our Chief Executive Officer and Chief Financial Officer. These senior executive officers then brief our board of directors on security matters as required and no less frequently than annually. Our Chief Operating Officer is responsible for managing our cybersecurity risk and developing mitigation strategies and implementing controls to reduce the likelihood of a cybersecurity incident occurring and to reduce the impact of such an incident should this occur.


Company Information

NameMacKenzie Realty Capital, Inc.
CIK0001550913
SIC DescriptionReal Estate Investment Trusts
TickerAENPP - OTCMKZR - OTC
Website
CategoryNon-accelerated filer
Smaller reporting company
Fiscal Year EndJune 29