Pacific Oak Strategic Opportunity REIT, Inc. - (PCOK)

10-K Filing Date: April 01, 2024
ITEM 1C. CYBERSECURITY
Risk Management and Strategy
We and our advisor have processes for assessing, identifying, and managing material risks from cybersecurity threats. These processes are integrated into our overall risk management systems as they have been designed to fit within and complement the enterprise-wide risk assessment framework as implemented by our management and our advisor and as overseen by our board of directors. These processes also include overseeing and identifying risks from cybersecurity threats associated with the use of third-party service providers.
38


Our management and our advisor are responsible for establishing and monitoring the integrity and effectiveness of our controls and other procedures, which are designed to ensure that all information required to be disclosed is recorded, processed, summarized and reported accurately and on a timely basis, and all such information is accumulated and communicated to management and the audit committee, as appropriate, to allow for timely decisions regarding such disclosures. The controls and procedures subject to the board’s oversight include processes related to managing material risks from cybersecurity threats. Accordingly, our cybersecurity processes have been integrated into our overall processes.
In the last three fiscal years, cybersecurity threats have not materially affected us, including our business strategy, results of operations or financial condition. See also, Item 1A, “Risk Factors—Risks Related to an Investment in Us—We face risks associated with security breaches through cyber-attacks, cyber intrusions or otherwise, as well as other significant disruptions of our information technology (IT) networks and related systems.”
Governance
The audit committee oversees, among other things, a system of internal controls, including internal controls designed to assess, identify, and manage material risks from cybersecurity threats. The audit committee is composed of all of our independent directors.
Our advisor utilizes a team of dedicated external IT professionals, which leads enterprise-wide cybersecurity strategy, policy, standards, architecture, and processes. The IT professionals provide periodic reports to our board of directors, our advisor and its affiliates, as well as our Chief Executive Officer and other members of our senior management as appropriate. These reports include updates on our cybersecurity risks and threats, the status of projects to strengthen our information security systems, assessments of the information security program, and the emerging threat landscape. Our program is regularly evaluated by our advisor and external experts with the results of those reviews reported to senior management and the board of directors. We also actively engage with key vendors, industry participants, and intelligence and law enforcement communities as part of our continuing efforts to evaluate and enhance the effectiveness of our information security policies and procedures.
39