SOTHERLY HOTELS LP 10-K Cybersecurity GRC - 2025-03-31

Page last updated on March 31, 2025

SOTHERLY HOTELS LP reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-31 15:45:39 EDT.

Filings

10-K filed on 2025-03-31

SOTHERLY HOTELS LP filed a 10-K at 2025-03-31 15:45:39 EDT
Accession Number: 0000950170-25-047657

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cyberse curity The Company’s management recognizes the critical importance of monitoring for and properly addressing cybersecurity threats. Our Chief Financial Officer is the executive primarily responsible for identifying and managing risks to the Company from cybersecurity threats . With respect to the Company’s information systems, we rely on third-party technology and software providers to manage the cybersecurity risk to which those systems are subject. For elements of cybersecurity risk which fall outside the purview of the third-party technololgy and software providers, our Chief Financial Officer oversees the implementation of additional controls to reduce the likelihood of a cybersecurity incident occurring as well as to reduce the impact of any such incident, should it occur. At least annually, he discusses cybersecurity risk and the Company’s mitigation efforts and effectiveness of controls with the Audit Committee of the Board of Directors, which is the committee that has primary responsibility for overseeing our risk assessment and is composed solely of independent directors. The Audit Committee reviews and discusses our cybersecurity risk and reviews the tests of controls performed by consultants that perform the Company’s internal audit function. The chair of the Audit Committee may, at his discretion, report to the Chairman of the Board or the full Board of Directors. As of December 31, 2024, no risk from cybersecurity threats, including as a result of any previous cybersecurity incidents, has materially affected or is reasonably likely to materially affect the Company, including our business strategy, results of operations or financial condition. Although we have implemented controls to protect our data and information systems and monitor our systems on an ongoing basis, such efforts may not prevent material compromises to our information systems in the future, including those that could have a material adverse effect on our business. We maintain cybersecurity insurance coverage to mitigate our financial 38 exposure to certain incidents, and we consult with our consultants that perform the Company’s internal audit function regarding opportunities and enhancements to strengthen our policies and procedures. We do not retain any confidential information from our customers. While we have control over our information systems, we do not have control over the information systems of our hotel manager, Our Town, or of our franchisors. Although we set expectations for Our Town and our franchisors, we rely on them to manage the cybersecurity risk to which they are subject. Our hotel manager maintains separate cybersecurity insurance coverage to offset a portion of potential costs incurred from a security breach. We currently do not have a cybersecurity incident response plan with respect to our data and information systems. We rely on our hotel manager and their cybersecurity consultants as well as our franchisors, to maintain cybersecurity incident response plans applicable to their systems and hotel-level systems they manage on our behalf. For additional information about cybersecurity risk, see “Item 1A. Risk Factors - We and our hotel manager rely on information technology in our operations, and any material failure, inadequacy, interruption or security failure of that technology could harm our business.” 39

Company Information