XML 53 R37.htm IDEA: XBRL DOCUMENT v3.25.0.1
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
The Company, under the oversight of the Audit Committee of its Board of Directors, has implemented and maintains a cybersecurity risk management program that includes processes for the systematic identification, assessment and treatment (through mitigation, transfer, avoidance and/or acceptance) of cybersecurity risks. This program extends to third-party vendors and the various properties under the Company’s management, including corporate and commercial properties, through establishing vendor risk requirements and conducting vendor risk assessments.

This risk management program addresses, but is not limited to, risks identified by external auditors and assessors, internal auditors and assessors, threat intelligence providers, internal stakeholders, vulnerability management programs and security management programs. An internal audit team at the Company manages and maintains remediation strategies for identified risks, and reports on them regularly to senior leadership. As part of the Company’s cyber risk management program, the Company has engaged external independent assessors to conduct cyber risk assessments, evaluate cyber risk management controls, and report both findings and recommendations to management.

The Company, like other companies in its industry, faces a number of cybersecurity risks in connection with its business. Although such risks have not materially affected the Company, including its business strategy, results of operations or financial condition, to date, the Company has, from time to time, experienced threats to and security incidents related to its data and systems. For more information about the cybersecurity risks the Company faces, see Item 1A. Risk Factors.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block]
The Company, under the oversight of the Audit Committee of its Board of Directors, has implemented and maintains a cybersecurity risk management program that includes processes for the systematic identification, assessment and treatment (through mitigation, transfer, avoidance and/or acceptance) of cybersecurity risks. This program extends to third-party vendors and the various properties under the Company’s management, including corporate and commercial properties, through establishing vendor risk requirements and conducting vendor risk assessments.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block]
The Company’s cyber risk management program and related operations and processes are directed by the Senior Vice President of Information Technology (the “SVP-IT”). Currently, the SVP-IT role is held by an individual who has over twenty five years of cybersecurity, information technology and systems engineering experience. The SVP-IT meets with the Chief Financial Officer and Chief Legal Officer quarterly to monitor and review the outcomes of the Company’s cybersecurity risk management processes and to discuss and decide matters related to cybersecurity risk treatment strategy (including mitigations).
The Company also formed the Business Continuity Plan ("BCP") and Cyber Security Risk Committee (the “Security Committee”), which oversees the prioritization and escalation of risks from cybersecurity threats to senior leadership, is chaired by the SVP-IT and the Executive Vice President of Portfolio Operations and People. The Security Committee reports to the Chief Financial Officer and Chief Legal Officer, and the committee’s members include senior company leadership responsible for asset management, risk management, property management, marketing, and business development. Collectively, the Security Committee members possess experience in information security, risk management, oversight and legal compliance.
The Company’s Board of Directors plays an important role in risk oversight and discharges its duties both as a full board and through its committees. The Board has delegated oversight of risk management matters, including cybersecurity and information technology matters, to its Audit Committee. As reflected in the Audit Committee charter, the committee is responsible for reviewing information technology, cybersecurity and other data protection strategies and plans, as well as assessing incident response protocols. The Security Committee provides quarterly reports to the Audit Committee and the SVP-IT attends board meetings yearly, or more frequently as appropriate, to inform the Company’s Board of Directors on cybersecurity risks.
Additionally, the Company is subject to the requirements of the Sarbanes-Oxley Act of 2002 and information technology general controls are an important part of the Company's internal control over financial reporting and are subject to controls testing. Control deficiencies that represent cybersecurity risks would be reported by management to the Audit Committee.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] The Company’s Board of Directors plays an important role in risk oversight and discharges its duties both as a full board and through its committees. The Board has delegated oversight of risk management matters, including cybersecurity and information technology matters, to its Audit Committee.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
The Company also formed the Business Continuity Plan ("BCP") and Cyber Security Risk Committee (the “Security Committee”), which oversees the prioritization and escalation of risks from cybersecurity threats to senior leadership, is chaired by the SVP-IT and the Executive Vice President of Portfolio Operations and People. The Security Committee reports to the Chief Financial Officer and Chief Legal Officer, and the committee’s members include senior company leadership responsible for asset management, risk management, property management, marketing, and business development. Collectively, the Security Committee members possess experience in information security, risk management, oversight and legal compliance.
Cybersecurity Risk Role of Management [Text Block]
The Company’s cyber risk management program and related operations and processes are directed by the Senior Vice President of Information Technology (the “SVP-IT”). Currently, the SVP-IT role is held by an individual who has over twenty five years of cybersecurity, information technology and systems engineering experience. The SVP-IT meets with the Chief Financial Officer and Chief Legal Officer quarterly to monitor and review the outcomes of the Company’s cybersecurity risk management processes and to discuss and decide matters related to cybersecurity risk treatment strategy (including mitigations).
The Company also formed the Business Continuity Plan ("BCP") and Cyber Security Risk Committee (the “Security Committee”), which oversees the prioritization and escalation of risks from cybersecurity threats to senior leadership, is chaired by the SVP-IT and the Executive Vice President of Portfolio Operations and People. The Security Committee reports to the Chief Financial Officer and Chief Legal Officer, and the committee’s members include senior company leadership responsible for asset management, risk management, property management, marketing, and business development. Collectively, the Security Committee members possess experience in information security, risk management, oversight and legal compliance.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] The Security Committee reports to the Chief Financial Officer and Chief Legal Officer, and the committee’s members include senior company leadership responsible for asset management, risk management, property management, marketing, and business development. Collectively, the Security Committee members possess experience in information security, risk management, oversight and legal compliance.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] Currently, the SVP-IT role is held by an individual who has over twenty five years of cybersecurity, information technology and systems engineering experience.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] As reflected in the Audit Committee charter, the committee is responsible for reviewing information technology, cybersecurity and other data protection strategies and plans, as well as assessing incident response protocols. The Security Committee provides quarterly reports to the Audit Committee and the SVP-IT attends board meetings yearly, or more frequently as appropriate, to inform the Company’s Board of Directors on cybersecurity risks.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true