CAPITAL PROPERTIES INC /RI/ - (CPTP)

10-K Filing Date: February 16, 2024
Item 1C. Cybersecurity

Risk Management

The Company’s corporate information technology, communication networks, and accounting and financial reporting platforms are necessary for the operation of its business. The Company uses these systems, along with others, to manage its tenant and vendor relationships, for internal and external communications and for accounting to operate recordkeeping and reporting functions. The Company has implemented and maintains various information security processes designed to identify, assess and manage material risks from cybersecurity threats to its critical computer networks, third-party hosted services, communications systems, hardware and software, and our critical data, including confidential information.

Management works primarily with third parties (principally professional services and consulting firms) that assist management in identifying, assessing, and managing cybersecurity risks. To operate its business, the Company utilizes certain third-party service providers to perform a variety of functions and seeks to engage reliable, reputable service providers that maintain cybersecurity programs. The Company is not aware of any risks from cybersecurity threats, including as a result of any cybersecurity incidents, which have materially affected or are reasonably likely to materially affect it, including its business strategy, results of operations, or financial condition.

 

5


 

Governance:

 

The Board of Directors oversees the Company’s strategy and risk management, including material risks related to cybersecurity threats. The Board has delegated to the Audit Committee oversight of cybersecurity matters.

Management is responsible for day-to-day assessment and management of cybersecurity risks. The Treasurer has primary oversight of material risks from cybersecurity threats and works primarily with third parties to identify, assess, and manage cybersecurity risks. The Treasurer meets with the Audit Committee periodically to review the Company’s information technology systems and discuss key cybersecurity risks.