SAN JUAN BASIN ROYALTY TRUST - (SJT)
10-K Filing Date: April 01, 2024
CYBERSECURITY
The Trust does not have a board of directors, so the Trustee is responsible for oversight of the Trusts risks from cybersecurity threats. The Trustee has dedicated personnel that are responsible for assessing and managing the Trusts cyber risk management program, informing senior management of the Trustee regarding the prevention, detection, mitigation, and remediation of cybersecurity incidents and supervising such efforts. The Trustees information technology team has decades of experience selecting, deploying, and operating cybersecurity technologies, initiatives, and processes, and relies on threat intelligence as well as other information obtained from governmental, public or private sources, including external consultants engaged by the Trustee to monitor the prevention, detection, mitigation, and remediation of cybersecurity incidents. External partners are a key part of the Trustees cybersecurity protocols and policies. The Trustee works with leading firms in the cybersecurity industry, leveraging their technology and expertise to monitor and maintain the performance and effectiveness of products and services that are used by the Trustee.
The Trustee maintains a cyber risk management program designed to identify, assess, manage, mitigate, and respond to cybersecurity threats, which processes are integrated into the Trustees overall risk management process. The Trustee maintains robust cybersecurity protocols including, but not limited to technological capabilities that prevent and detect disruptions; computer workstations and programs protected with passwords and passphrases, as well as employee training throughout the year on financial regulations and cybersecurity followed up by testing of that knowledge. The protocols are based on recognized best practices and standards for cybersecurity and information technology. The Trustee has an annual assessment, performed by a third-party vendor, of the Trustees cyber risk management program.
Other, non-technical protocols include securing of documents and work areas that could contain personal, non-public information and independent verification of information changes by outside vendors.
The Trust faces risks from cybersecurity threats that could have a material adverse effect on its business, financial condition, results of operations, cash flows or reputation. The Trustee has experienced, and will continue to experience, cyber incidents in the normal course of its business. However, prior cybersecurity incidents have not had a material adverse effect on the Trusts business, financial condition, results of operations, or cash flows. See Risk Factors Cybersecurity Risks.