Medalist Diversified REIT, Inc. 10-K Cybersecurity GRC - 2025-02-27

Page last updated on February 27, 2025

Medalist Diversified REIT, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-02-27 16:06:51 EST.

Filings

10-K filed on 2025-02-27

Medalist Diversified REIT, Inc. filed a 10-K at 2025-02-27 16:06:51 EST
Accession Number: 0001558370-25-001807

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Risk management and strategy Our accounting and financial reporting platforms and related systems, and those that we, or our third-party service providers, offer to our tenants are necessary for the operation of our business. We use these platforms and systems, among others, to manage our tenant relationships, for accounting and financial reporting, and for other recordkeeping purposes. Our business operations and financial reporting rely on the secure collection, storage, transmission, and other processing of proprietary, confidential, and sensitive data. We have implemented and maintain various information security processes designed to identify, assess and manage material risks from cybersecurity threats to our critical computer networks, third-party hosted services, hardware and software, and our critical data, including financial information and other confidential information that is proprietary, strategic or competitive in nature, and tenant data (“Information Systems and Data”). Our cybersecurity risk management processes are integrated into our broader enterprise risk management framework. Cybersecurity risks are assessed and managed alongside other material risks, including financial, operational, legal, and strategic risks, to ensure a comprehensive approach to risk oversight. We rely on our management and third-party service providers, as described further below, to manage any perceived cybersecurity threats and risks. Depending on the environment, we implement and maintain various technical, physical, and organizational measures, processes, standards, and/or policies designed to manage and mitigate material risks from cybersecurity threats to our Information Systems and Data, including incident detection and response, internal controls within our accounting and financial reporting functions, network security controls, access controls, physical security, systems monitoring, and employee training. We work with third parties from time to time that assist us in identifying, assessing, and managing cybersecurity risks, including professional services firms and information technology consulting and support firms. To operate our business, we utilize certain third-party service providers to perform a significant portion of our critical functions. We seek to engage reliable, reputable service providers that maintain cybersecurity programs. To address risks associated with third-party service providers , we will review and assess the cybersecurity controls of our third-party service providers and make changes to our business processes to manage these risks. This approach is designed to mitigate risks related to data breach or other security incidents originating from third-party service providers. As of December 31, 2024, we are not aware of any risks from cybersecurity threats, including as a result of any cybersecurity incidents, which have materially affected or are reasonably likely to materially affect our company, including our business strategy, results of operations, or financial condition but we cannot provide assurance that they will not be materially affected in the future by such risks or any future material incidents. Attacks are increasingly sophisticated and increasing in volume, and attackers respond rapidly to changes in defensive measures. Accordingly, risks related to a cybersecurity event, including litigation and enforcement risks, are elevated due to the dynamic nature and sophistication and frequency of these threats. Governance The Board holds oversight responsibility over our strategy and risk management, including material risks related to cybersecurity threats. This oversight is executed directly by the Board through management. Our management, represented by our Chief Financial Officer , Brent Winn, leads our cybersecurity risk assessment and management processes and oversees their implementation and maintenance. Mr. Winn is an experienced compliance and risk management professional and has served as Chief Financial Officer since September 2020. Mr. Winn currently oversees key functions for our company’s accounting, finance, and treasury strategies, including risk management. In addition, Mr. Winn leads our cybersecurity risk oversight and the development and enhancement of internal controls designed to prevent, detect, address, and mitigate the risk of cyber incidents. Our management will report any material cybersecurity incidents to our Board. Our cybersecurity efforts are managed through third-party service providers and third-party software providers who will notify Mr. Winn of a significant cybersecurity incident report that details the nature of the incident, the measures taken to mitigate its impact, and the steps implemented to remediate the situation. We receive periodic summary reports from our providers that outline emerging threats, trends, and the overall effectiveness of our current cybersecurity controls. These processes ensure that Mr. Winn remains actively informed and engaged in overseeing the prevention, detection, mitigation, and remediation of cybersecurity incidents.

Company Information