Trinity Place Holdings Inc. - (TPHS)
10-K Filing Date: March 29, 2024
Risk management and strategy
Our accounting and financial reporting platforms and related systems, and those that we, or our third-party service providers, offer to our tenants are necessary for the operation of our business. We use these platforms and systems, among others, to manage our tenant relationships, for accounting and financial reporting, and for other recordkeeping purposes. Our business operations and financial reporting rely on the secure collection, storage, transmission, and other processing of proprietary, confidential, and sensitive data.
We have implemented and maintain various information security processes designed to identify, assess and manage material risks from cybersecurity threats to our critical computer networks, third-party hosted services, hardware and software, and our critical data, including financial information and other confidential information that is proprietary, strategic or competitive in nature, and tenant data (“Information Systems and Data”).
We rely on our management and third-party service providers to manage any perceived cybersecurity threats and risks. Depending on the environment, we implement and maintain various technical, physical, and organizational measures, processes, standards, and/or policies designed to manage and mitigate material risks from cybersecurity threats to our Information Systems and Data, including incident detection and response, internal controls within our accounting and financial reporting functions, network security controls, access controls, physical security, systems monitoring, and employee training.
We work with third parties from time to time that assist us in identifying, assessing, and managing cybersecurity risks, including professional services firms and information technology consulting and support firms. To operate our business, we utilize certain third-party service providers to perform a significant portion of our critical functions. We seek to engage reliable, reputable service providers that maintain cybersecurity programs. To address risks associated with third-party service providers, we will review and assess the cybersecurity controls of our third-party service providers and make changes to our business processes to manage these risks. This approach is designed to mitigate risks related to data breach or other security incidents originating from third-party service providers.
We are not aware of any risks from cybersecurity threats, including as a result of any cybersecurity incidents, which have materially affected or are reasonably likely to materially affect our company, including our business strategy, results of operations, or financial condition.
Governance
The Board holds oversight responsibility over our strategy and risk management, including material risks related to cybersecurity threats. This oversight is executed directly by the Board through management. Our management, represented by our Chief Financial Officer, Steven Kahn, leads our cybersecurity risk assessment and management processes and oversees their implementation and maintenance. Mr. Kahn is an experienced compliance and risk management professional and has served as Chief Financial Officer since September 2015. Mr. Kahn currently oversees key functions for the Company’s accounting, finance, and treasury strategies, including risk management. In addition, Mr. Kahn leads our cybersecurity risk oversight and the development and enhancement of internal controls designed to prevent, detect, address, and mitigate the risk of cyber incidents. Our management will report any serious cybersecurity incidents to our Board.
19