IRONSTONE PROPERTIES, INC. 10-K Cybersecurity GRC - 2025-04-15

Page last updated on April 16, 2025

IRONSTONE PROPERTIES, INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-04-15 21:36:22 EDT.

Filings

10-K filed on 2025-04-15

IRONSTONE PROPERTIES, INC. filed a 10-K at 2025-04-15 21:36:22 EDT
Accession Number: 0001437749-25-012105

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY RISK MANAGEMENT AND STRATEGY The Company maintains basic cybersecurity measures appropriate for our small size and limited technology infrastructure. Our primary business systems consist of QuickBooks and standard office productivity software. Our approach to cybersecurity risk identification includes: ● Regular review of user access to our financial systems ● Monitoring for unusual login attempts or activities ● Awareness of cybersecurity threats common to small businesses through industry publications and alerts Risk Management Process Our cybersecurity risk management process is designed to address identified risks through: ● Implementation of basic safeguards, including strong password requirements and regular password changes ● Multi-factor authentication for access to QuickBooks and other critical business applications ● Regular backup of business-critical data ● Installation of commercially available antivirus and security software on all Company computers ● Timely application of security updates and patches to operating systems and applications ● Use of secure, password-protected Wi-Fi networks for all business operations Material Effects of Cybersecurity Threats During the reporting period, the Company has not experienced cybersecurity threats or incidents that have materially affected or are reasonably likely to materially affect our business strategy, results of operations, or financial condition. Cybersecurity Governance Board Oversight Given our small size, our full Board of Directors maintains direct oversight of cybersecurity matters. The Board reviews cybersecurity as part of its risk oversight responsibilities at least annually, and more frequently if specific concerns arise. During these reviews, the Board considers: ● Any cybersecurity incidents or concerns that occurred since the last review ● Changes to the Company’s technology usage that might affect cybersecurity risk ● Basic protective measures in place and any recommended improvements ● Resource allocation for cybersecurity protection Management’s Role Due to our limited organizational structure: ● Our [CEO/President] has primary responsibility for overseeing the Company’s cybersecurity practices ● Our [Controller/Bookkeeper] is responsible for implementing security measures related to our financial systems, including QuickBooks ● We engage an external IT support provider on an as-needed basis to assist with technical security matters and recommend appropriate safeguards ● All employees are expected to follow basic security protocols, including proper password management and data protection Cybersecurity Expertise The Company does not have dedicated cybersecurity personnel or specialized expertise on the Board. We compensate for this by: ● Utilizing our external IT support provider for technical guidance ● Accessing free cybersecurity resources available to small businesses through organizations such as the Small Business Administration (SBA) and the Federal Trade Commission (FTC) ● Subscribing to cybersecurity alert services relevant to small businesses ● Considering basic cybersecurity training for key personnel who handle sensitive information Use of External Resources The Company relies on the following external resources to support our cybersecurity efforts: ● Contracted IT support services on an as-needed basis ● Standard commercial security software for virus and malware protection ● Cloud service providers that maintain security for hosted applications we use ● QuickBooks security features and Intuit’s security infrastructure for financial data

Company Information