New Mountain Net Lease Trust 10-K Cybersecurity GRC - 2025-03-28

Page last updated on March 28, 2025

New Mountain Net Lease Trust reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-28 16:55:47 EDT.

Filings

10-K filed on 2025-03-28

New Mountain Net Lease Trust filed a 10-K at 2025-03-28 16:55:47 EDT
Accession Number: 0001410578-25-000532

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. Cybersecurity Risk Management and Strategy As an externally managed company, the Company’s day-to-day operations are managed by the Adviser and our executive officers under the oversight of our Board of Trustees. Our executive officers are senior New Mountain Capital professionals and our Adviser is a subsidiary of New Mountain Capital . As such, we rely on the cybersecurity policies and procedures implemented by New Mountain Capital. Below are details New Mountain Capital has provided to us regarding its cybersecurity program that are relevant to us. New Mountain Capital has processes in place for assessing, identifying, and managing material risks from potential unauthorized occurrences on or through our electronic information systems that could adversely affect the confidentiality, integrity, or availability of our information systems or the information residing on those systems. These include a wide variety of controls, processes , systems, and tools that are designed to prevent, detect, or mitigate data loss, theft, misuse, unauthorized access, or other security incidents or vulnerabilities affecting our data. Pursuant to New Mountain Capital’s Information Security Program, the New Mountain Capital Information Technology Steering Committee (“ITSC”) is responsible for the development, evolution, and implementation of policies and technical measures to reasonably prevent security incidents. At times New Mountain Capital may also engage assessors, consultants, auditors, or other third parties to assist with assessing, identifying, and managing cybersecurity risks. New Mountain Capital uses processes to oversee and identify material risks from cybersecurity threats, including those associated with the use of third-party service providers. Additionally, New Mountain Capital uses systems and processes designed to reduce the impact of a security incident at a third-party service provider. As part of its risk management process, New Mountain Capital also maintains an incident response plan that is utilized when cybersecurity incidents impacting us, our Investment Adviser, or our Administrator are detected. New Mountain Capital also requires that all employees, including employees of the Investment Adviser and Administrator, complete interactive security awareness training on an annual basis. Material Impact of Cybersecurity Risks As of the date of this report, we are not aware of any material risks from cybersecurity threats that have materially affected or are reasonably likely to materially affect the Company, including our business strategy, results of operations, or financial condition. However, future incidents could have a material impact on our business. Additional information about cybersecurity risks we face is discussed in “Item 1A. Risk Factors,” under the heading “Cybersecurity risks could result in the loss of data, interruptions in our business, damage to our reputation and subject us to regulatory actions, increased costs and financial losses, each of which could materially adversely affect our business and results of operations,” which should be read in conjunction with the information above. Cybersecurity Governance Our cybersecurity risks and associated mitigations are evaluated by the Adviser and the ITSC as needed, but no less frequently than annually. Management and representatives of the ITSC periodically report to our Board of Trustees on developments to the information security and cybersecurity risks we face. Reports include, among other things, an overview of New Mountain Capital’s controls and procedures related to assessing, identifying, and managing risks related to cybersecurity threats, oversight of third-party service providers and related cybersecurity threats, and management’s evaluation of cybersecurity risks material to us. Our Board of Trustees is responsible for understanding the primary risks to our business. The audit committee of our Board of Trustees is responsible for reviewing the Adviser’s IT security controls with management and evaluating the adequacy of our and the Adviser’s IT security program, compliance and controls with management.

Company Information