Principal Credit Real Estate Income Trust 10-K Cybersecurity GRC - 2025-03-26

Page last updated on March 26, 2025

Principal Credit Real Estate Income Trust reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-26 14:14:22 EDT.

Filings

10-K filed on 2025-03-26

Principal Credit Real Estate Income Trust filed a 10-K at 2025-03-26 14:14:22 EDT
Accession Number: 0002026448-25-000028

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk Management and Strategy As externally advised by the Adviser, we rely on Principal Financial Group’s information technology (“IT”) systems, including data hosting facilities and other hardware and software platforms, some of which are hosted by third-party service providers, to assist in conducting our businesses. Principal’s IT systems, like those of most companies, may be vulnerable to certain cybersecurity threats such as ransomware, interruption of services, data breaches, or any other cybersecurity incidents, or a series of related cybersecurity incidents, that could adversely impact our financial condition, results of operations, cash flows or business strategy, including our ability to operate core business functions. Principal continually monitors the risk landscape and did not experience any cybersecurity breaches, including malware and computer virus attacks, that have materially affected, or are reasonably likely to materially affect our financial condition, results of operations, cash flows, or business strategy. For more information on our cybersecurity-related risks, see “Item 1A. Risk Factors” included elsewhere in this Annual Report on Form 10-K. Principal proactively assess potential risks presented by new services or systems integrated within the Principal network or data and ensure appropriate controls are applied under such circumstances. Principal has proactive security controls built into software development life cycle that help engineers identify and resolve security issues at every stage of software development. Principal identity verification processes, which include multi-factor authentication and other identity verification technologies, provide further protection for information. Principal performs due diligence and monitors third party relationships to assess the suitability of their cybersecurity controls and protocols based on risk profile for the business operations or services for which they are engaged. Principal’s awareness and training program is designed to create a risk-aware culture to ensure employees understand cybersecurity threats and are accountable for completing required training. Principal has trained their employees to recognize and resist phishing attempts with simulated phishing program. At least quarterly, employees are presented with simulated phishing scenarios that deliver hands-on experience and on-the-spot education opportunities. All engineers and employees holding equivalent roles who are involved in software development also receive mandated secure software development training. Principal has an enterprise incident management plan that provides a framework for preparing for, managing and responding to cybersecurity incidents that may arise. The plan ensures stakeholders across the organization are identified who have the appropriate experience, training and expertise in incident management and that the organization is well positioned to address incidents. Principal carries out cybersecurity incident response exercises to develop widespread familiarity and experience in responding to cybersecurity incidents. No risks from any known cybersecurity incidents have materially affected or are reasonably likely to materially affect our business strategy, results of operations or financial condition. Governance Our board of trustees is ultimately responsible for the oversight of risks from cybersecurity threats and has delegated joint responsibility for such oversight of cybersecurity matters to the Audit Committee (as defined below). The Audit Committee receives periodic updates from the Adviser on our cybersecurity program, including measures taken to address cybersecurity risks and significant cybersecurity incidents. The Adviser’s IT management holds relevant expertise in assessing and managing cybersecurity threats. Numerous members of management and employees across the information security and risk functions hold nationally recognized designations and certifications, including the Certified Information Systems Security Professional designation, Global Information Assurance Certifications and Amazon Web Services Cloud Certifications. In addition to its in-house cybersecurity capabilities, at times Principal also engages third parties to assist with assessing, identifying, and managing cybersecurity risks.

Company Information