FrontView REIT, Inc. 10-K Cybersecurity GRC - 2025-03-20

Page last updated on March 20, 2025

FrontView REIT, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-20 17:21:13 EDT.

Filings

10-K filed on 2025-03-20

FrontView REIT, Inc. filed a 10-K at 2025-03-20 17:21:13 EDT
Accession Number: 0000950170-25-042774

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. Risk Management and Strategy Cybersecurity Processes We have implemented various information security processes designed to identify, assess, and manage material risks from cybersecurity threats to our critical computer networks, third-party hosted services, communications systems, hardware and software, and our critical data, including sensitive and confidential information (including intellectual property and tenant and property-related information) that is proprietary, strategic, or competitive in nature (“Information Systems and Data”). Our information security processes are overseen by an outsourced IT Manager, with oversight from our Chief Operating Officer, who works to help identify, assess, and manage the Company’s cybersecurity threats and risks by monitoring and evaluating our threat environment using various methods. We have implemented and maintain technical, physical, and organizational measures and processes designed to manage and mitigate material risks from cybersecurity threats to our Information Systems and Data, including with respect to incident response, network security controls, access controls, periodic back-ups of data, and employee training addressing awareness of cybersecurity risks and how to detect certain cyberattacks. Some of these measures and processes involve the assistance of additional third-party service providers. For example, we rely on third-party service providers to assist us with our employee phishing testing and cybersecurity awareness training. Risk Assessment Our assessment and management of material risks from cybersecurity threats are integrated into the Company’s overall risk management processes. For example, the Company’s overall risk management processes include an assessment of risks posed to data that is critical to our business operations (e.g., to support financial reporting, process payroll, and collect and maintain property and lease information). Third Party Risk Management We use third-party service providers to perform a variety of functions throughout our business, including application providers and hosting companies. The Company has implemented a risk-based approach designed to help identify and mitigate cybersecurity threats associated with the use of third-party service providers , including an assessment of the security protocols of certain service provider s. Depending on the nature of the services provided, the sensitivity of the Information Systems and Data at issue, and the identity of the provider, our third-party service provider risk management process involves different levels of assessment designed to identify cybersecurity risks associated with the provider and imposes contractual obligations related to cybersecurity on the provider. Cyber Threats As of the date of this Report, we have not identified risks from cybersecurity threats, including as a result of any prior cybersecurity incident, that has materially affected us, or is reasonably likely to affect us, including our business strategy, results of operations, or financial condition. For a description of the risks from cybersecurity threats that we face, see our risk factors under Part 1. Item 1A. Risks Related to our Business and Properties - Security breaches and other technology disruptions could disrupt our operations, compromise our confidential information or information systems and expose us to liability, which could materially and adversely affect us. 43 Governance Our board of directors addresses the Company’s cybersecurity risk management as part of its general risk oversight function, and has delegated responsibility to the audit committee for overseeing the Company’s cybersecurity risk management processes, including oversight and mitigation of risks from cybersecurity threats. The audit committee reviews the processes developed by management to assess, monitor, manage, and mitigate risks from cybersecurity threats to the Company. The audit committee will review our cybersecurity processes and cybersecurity threats, and will brief the entire board of directors on these processes and threats, in each case on at least an annual basis. Our cybersecurity risk assessment and management processes are overseen by our Chief Operating Officer and the IT Manager, who has worked in various roles responsible for securing networks, hardware , and other application systems. Our outsourced IT team is responsible for hiring appropriate personnel, helping to integrate cybersecurity risk considerations into the Company’s overall risk management strategy, and communicating key priorities to relevant personnel. Our cybersecurity incident response processes are designed to escalate cybersecurity incidents to members of management depending on the circumstances, including senior management. The Company has identified and designated a group of Company employees as members of a cybersecurity incident response team, which includes the Chief Financial Officer. This team is intended to help the Company mitigate and remediate cybersecurity incidents of which they are notified. In addition, the Company’s incident response process also requires reporting to the audit committee about certain cybersecurity incidents.

Company Information