MINISTRY PARTNERS INVESTMENT COMPANY, LLC 10-K Cybersecurity GRC - 2025-03-31

Page last updated on March 31, 2025

MINISTRY PARTNERS INVESTMENT COMPANY, LLC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-31 16:20:27 EDT.

Filings

10-K filed on 2025-03-31

MINISTRY PARTNERS INVESTMENT COMPANY, LLC filed a 10-K at 2025-03-31 16:20:27 EDT
Accession Number: 0000944130-25-000007

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Risk Management We maintain a comprehensive cybersecurity program designed to protect both customer data and our proprietary information. Our cybersecurity framework is governed by our Board of Managers and driven by a dedicated Information Security Officer, ensuring that all processes comply with regulatory requirements and industry best practices. This framework is documented in our Cybersecurity Policy and Information Security Program Policy, which outlines the risk management, preventive, detective, and corrective controls we have implemented across the organization. Our approach begins with regular, in-depth risk assessments that identify both inherent and residual cybersecurity risks. Utilizing standards such as the National Institute of Standards and Technology Cybersecurity Framework, Federal Financial Institutions Examinations Council guidance, and the foundational safeguards outlined in CIS Controls v8, we continuously monitor, evaluate, and update our security controls. These assessments allow us to effectively manage vulnerabilities across our Company assets and software, ensuring that only authorized and securely configured systems are connected to our network. In addition to proactive risk identification, our cybersecurity process includes a robust incident response capability. We maintain detailed procedures for detecting, containing, and remediating cyber threats, which are regularly tested through internal audits and third-party assessments. This ensures that should an incident occur; our team can swiftly activate the Incident Response Plan to minimize potential impacts and restore secure operations. We extend our cybersecurity diligence to third-party service providers and require periodic employee training. All external partners are required to adhere to our cybersecurity standards, and our employees receive ongoing training to stay current with emerging threats and best practices. This comprehensive, layered approach not only safeguards critical data but also reinforces our commitment to continuous improvement and compliance with statutory and regulatory requirements. Governance Our Board of Managers retains supervisory oversight responsibility for enterprise risk management and cybersecurity risks. The primary responsibility for maintaining an information security has been assigned to an Information Security Officer (" ISO “) . The ISO works with the Audit Committee to address information security risks found by each business segment. Our ISO conducts an annual risk assessment report and submits the report to the Audit Committee for its review. The Audit Committee meets with Company management, the ISO and external auditors to review the Company’s risk management processes and enterprise-wide risks found by the Company. The scope of this review is intended to address cybersecurity governance risks and related controls and identify any deficiencies that could adversely affect the Company’s ability to record, process and report financial data. As of the date of this Report on Form 10-K, there have been no cybersecurity incidents we believe have had a material effect on our operations, business, results of operations or financial condition.

Company Information