Copper Property CTL Pass Through Trust 10-K Cybersecurity GRC - 2025-03-07

Page last updated on March 7, 2025

Copper Property CTL Pass Through Trust reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-07 16:53:02 EST.

Filings

10-K filed on 2025-03-07

Copper Property CTL Pass Through Trust filed a 10-K at 2025-03-07 16:53:02 EST
Accession Number: 0001837671-25-000011

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY As an externally managed trust, our risk management function, including cybersecurity, is governed by the cybersecurity policies and procedures of the Manager. While w e rely on our Manager’s and our Manager’s parent company’s technology infrastructure and information systems to perform operational activities as well as to maintain the Trust’s business records and financial data, we do not possess sensitive personal data for any third parties or employees. The Trust’s business is highly dependent on the communications and information systems of the Manager, its affiliates and third-party service providers or employees. The Manager has adopted processes designed to identify, assess and manage material risks from cybersecurity threats to the Trust. These processes include assessments of internal and external threats to the confidentiality, integrity and availability of the Trust’s data and systems along with other material risks to its operations. These risk assessments inform our cybersecurity program and the continued development of a layered set of controls aimed at preventing, detecting, and responding to threats. Management, including our Principal Executive Officer and Principal Financial Officer , oversees our enterprise risk management process in collaboration with our Manager and our Manager’s parent company. Our Principal Executive Officer and Principal Financial Officer bring over 17 and 20 years of experience, respectively, in overseeing IT 18 infrastructure management as part of their executive and audit committee roles across various companies. Additionally, both have completed cybersecurity training to enhance their expertise in risk management and IT security. No less frequently than annually, the Manager completes an assessment to identify potential cybersecurity threats and vulnerabilities and to better prioritize and mitigate the Trust’s cybersecurity risk. The Manager maintains a comprehensive, risk-based approach to identifying and overseeing cybersecurity risks presented by third parties , including key vendors, service providers and other external users of the Trust’s systems, as well as the systems of third parties that could adversely impact our business in the event of a cybersecurity incident affecting those third-party systems. The Manager provides regular, mandatory training for its employees regarding cybersecurity threats as a means to equip its employees with effective tools to address cybersecurity threats, and to communicate the Manager’s evolving information security policies, standards, processes and practices. We are not aware of any risks from cybersecurity threats, including any cybersecurity incidents, which have materially affected or are reasonably likely to materially affect the Trust, including its business, results of operations or financial condition. Refer to Item 1A. Risk Factors in this Annual Report on Form 10-K, specifically “Information technology, data security breaches and other similar events could harm the Trust,” for additional discussion about cybersecurity-related risks.

Company Information