XML 363 R29.htm IDEA: XBRL DOCUMENT v3.25.0.1
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
We and our property managers rely on information technology in our operations, and any material failures, inadequacies, interruptions, security failures, social engineering attacks or cyber-attacks could harm our business. To help manage these risks, we engage and rely on external experts, internal auditors, and third-party assessors, including an information technology managed services provider. Our managed services provider currently provides us with both a virtual chief information security officer (vCISO) and a virtual chief information officer (vCIO), who offer us advice on technology, infrastructure, management, and productivity in relation to our information technology capabilities.

Our current view of cybersecurity risk is informed by a risk assessment conducted by a leading third-party assessor based on a recognized industry framework, which evaluated our cyber risk management controls. Our managed services provider also conducts periodic assessments of certain applications on our systems to determine, in part, any necessary security improvements. Our senior management reviews assessments performed by third-party assessors and our managed services provider to determine the appropriate treatment of identified risks.

We have also developed and implemented a cyber risk management program for our third-party property managers. This program aims to assess the cybersecurity maturity of various commercial properties that we own through an evaluation of our property managers’ cybersecurity risk profile.

We, like other companies in our industry, face a number of cybersecurity risks in connection with our business. Although such risks have not materially affected us, including our business strategy, results of operations or financial condition, to date, we have, from time to time, experienced threats to and security incidents related to our data and systems. For more information about the cybersecurity risks we face, see Item 1A "Risk Factors."
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block]
We and our property managers rely on information technology in our operations, and any material failures, inadequacies, interruptions, security failures, social engineering attacks or cyber-attacks could harm our business. To help manage these risks, we engage and rely on external experts, internal auditors, and third-party assessors, including an information technology managed services provider. Our managed services provider currently provides us with both a virtual chief information security officer (vCISO) and a virtual chief information officer (vCIO), who offer us advice on technology, infrastructure, management, and productivity in relation to our information technology capabilities.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block]
Our Board of Directors plays an important role in the risk oversight of the Company. Our Board is involved in risk oversight through its direct decision-making authority with respect to significant matters and the oversight of management by the Board’s committees. Our Board also relies on management to bring significant matters impacting DiamondRock to its attention.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] DiamondRock engages a managed services provider, which includes vCISO and vCIO services, to assist DiamondRock with the identification, monitoring, and management of cybersecurity risks.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
DiamondRock engages a managed services provider, which includes vCISO and vCIO services, to assist DiamondRock with the identification, monitoring, and management of cybersecurity risks. Our managed services provider reports periodically to our management team, including our Chief Accounting Officer, Chief Financial Officer & Treasurer and General Counsel & Chief Risk Officer. These senior executives then brief the Board on information regarding security matters at least quarterly. Additionally, we provide cybersecurity training for all Board members and senior executives.

As part of its charter, the Audit Committee oversees our policies with respect to risk assessment and risk management, including with respect to cybersecurity risks. The Audit Committee administers its risk oversight function by receiving regular reports from members of senior management, including the Chief Accounting Officer, Chief Financial Officer & Treasurer and General Counsel & Chief Risk Officer, on areas of material risk to the Company. Our Audit Committee discusses DiamondRock’s cybersecurity program at least annually, and receives quarterly updates from internal audit or management on cybersecurity incidents or other developments. Our Audit Committee reports on these matters to our Board of Directors as needed.
Cybersecurity Risk Role of Management [Text Block]
DiamondRock engages a managed services provider, which includes vCISO and vCIO services, to assist DiamondRock with the identification, monitoring, and management of cybersecurity risks. Our managed services provider reports periodically to our management team, including our Chief Accounting Officer, Chief Financial Officer & Treasurer and General Counsel & Chief Risk Officer. These senior executives then brief the Board on information regarding security matters at least quarterly. Additionally, we provide cybersecurity training for all Board members and senior executives.

As part of its charter, the Audit Committee oversees our policies with respect to risk assessment and risk management, including with respect to cybersecurity risks. The Audit Committee administers its risk oversight function by receiving regular reports from members of senior management, including the Chief Accounting Officer, Chief Financial Officer & Treasurer and General Counsel & Chief Risk Officer, on areas of material risk to the Company. Our Audit Committee discusses DiamondRock’s cybersecurity program at least annually, and receives quarterly updates from internal audit or management on cybersecurity incidents or other developments. Our Audit Committee reports on these matters to our Board of Directors as needed.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] Our managed services provider currently provides us with both a virtual chief information security officer (vCISO) and a virtual chief information officer (vCIO), who offer us advice on technology, infrastructure, management, and productivity in relation to our information technology capabilities.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] Additionally, we provide cybersecurity training for all Board members and senior executives.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
DiamondRock engages a managed services provider, which includes vCISO and vCIO services, to assist DiamondRock with the identification, monitoring, and management of cybersecurity risks. Our managed services provider reports periodically to our management team, including our Chief Accounting Officer, Chief Financial Officer & Treasurer and General Counsel & Chief Risk Officer. These senior executives then brief the Board on information regarding security matters at least quarterly. Additionally, we provide cybersecurity training for all Board members and senior executives.

As part of its charter, the Audit Committee oversees our policies with respect to risk assessment and risk management, including with respect to cybersecurity risks. The Audit Committee administers its risk oversight function by receiving regular reports from members of senior management, including the Chief Accounting Officer, Chief Financial Officer & Treasurer and General Counsel & Chief Risk Officer, on areas of material risk to the Company. Our Audit Committee discusses DiamondRock’s cybersecurity program at least annually, and receives quarterly updates from internal audit or management on cybersecurity incidents or other developments. Our Audit Committee reports on these matters to our Board of Directors as needed.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true