|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Angel Oak Capital, an affiliate of our Manager, has engaged a third-party managed information technology service provider (the “IT Service Provider”), to serve as Angel Oak Capital’s dedicated information technology manager. We have no employees and are externally managed by our Manager, an affiliate of Angel Oak Capital, and as such rely on our Manager for the implementation and execution of our risk management program, and, as it pertains to the assessment, identification, and management of material risks from cybersecurity threats, our Manager relies on the IT Servicer Provider. As an affiliate of Angel Oak Capital, our Manager is subject to and participates in the cybersecurity policies and procedures of Angel Oak Capital. The IT Service Provider provides Angel Oak Capital a system and organization controls report on itself consistent with SOC 2® as part of annual reviews of the IT Service Provider. Members of the IT Service Provider have relevant qualifications such as extensive work experience implementing data security measures, developing cybersecurity policies and procedures and assessing, managing and reporting cybersecurity risk.
As part of its overall enterprise risk management program, Angel Oak Capital has developed an information security framework (the “Cybersecurity Program”). The purpose of the Cybersecurity Program is to mitigate the risks associated with unauthorized attempts to access Angel Oak Capital’s (including our) network for unintended purposes. The Cybersecurity Program is used to assess and understand risks involving information systems and to provide controls and procedures for mitigating those risks and promptly responding to cybersecurity threats and incidents.
The IT Service Provider has implemented processes and procedures to assess, identify, manage and protect against material risks from cybersecurity threats including 24/7 network monitoring, ongoing vulnerability and penetration assessments, and employee security awareness training.
The IT Service Provider provides Angel Oak Capital with regularly scheduled status reports, including summaries of vulnerabilities, any cybersecurity threats or incidents and the status of responses, and meets with Angel Oak Capital’s Chief Operating Officer and Angel Oak Capital’s Head of Information Technology (the “Head of IT”) on a regular basis to review the reports and the IT Service Provider’s services.
In addition, the IT Service Provider and Angel Oak Capital have established a notification and escalation framework, based on the severity of a cybersecurity threat or incident, to determine when and to whom the IT Service Provider will provide notifications regarding cybersecurity threats or incidents. The framework includes notification to the Head of IT. Depending on their nature, incidents may also be reported to members of our management, the Audit Committee of our Board of Directors and to our full Board of Directors, as appropriate. In addition to its engagement of the IT Service Provider, we and/or Angel Oak Capital may engage other third parties, including auditors and
consultants, to perform assessments or audits of our and/or its cybersecurity policies and procedures and/or to assist with the evaluation of a cybersecurity threat or incident, among other matters.
As of the date of this filing, we have not experienced any risks from cybersecurity threats that have materially affected, or are reasonably likely to materially affect, us, including our business strategy, results of operations or financial condition. However, future threats or incidents could have a material impact on our business strategy, results of operations or financial condition. For a discussion of the risks we face from cybersecurity threats, including those that could materially affect us, see “Part I, Item 1A. “Risk Factors—Risks Related to Our Company—Maintaining cybersecurity and data security is important to our business and a breach of our cybersecurity or data security could result in serious harm to our reputation and have a material adverse impact on our business and financial results” and “— We are highly dependent on information systems, and system failures could significantly disrupt our business, which may, in turn, have a material adverse effect on us.”
We maintain a cybersecurity insurance policy to mitigate risks associated with cybersecurity incidents.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
As part of its overall enterprise risk management program, Angel Oak Capital has developed an information security framework (the “Cybersecurity Program”). The purpose of the Cybersecurity Program is to mitigate the risks associated with unauthorized attempts to access Angel Oak Capital’s (including our) network for unintended purposes. The Cybersecurity Program is used to assess and understand risks involving information systems and to provide controls and procedures for mitigating those risks and promptly responding to cybersecurity threats and incidents.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Our Board of Directors holds oversight responsibility over our risk management process, including material risks related to cybersecurity threats. Our Board of Directors administers this oversight function through its committees, including the Audit Committee and the Affiliated Transactions and Risk Committee. A key part of the Audit Committee’s responsibility is overseeing the Cybersecurity Program.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Our Board of Directors administers this oversight function through its committees, including the Audit Committee and the Affiliated Transactions and Risk Committee. A key part of the Audit Committee’s responsibility is overseeing the Cybersecurity Program.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
Certain representatives of Angel Oak Capital, including our Manager, regularly report (not less frequently than annually) to the Audit Committee as well as to our full Board of Directors, as appropriate, on cybersecurity matters, primarily through presentations by the Head of IT. Such reporting includes updates on the Cybersecurity Program as it impacts us, the reports and services provided by the IT Service Provider, the external threat environment, risk management strategies and any cybersecurity threats or incidents. Presentations to the Audit Committee or our full Board of Directors may also be provided from time to time by the IT Service Provider or another third party firm providing cybersecurity-related services for us or Angel Oak Capital, including our Manager, as deemed necessary or appropriate. The Audit Committee reports to the full Board of Directors regarding its activities, including those related to cybersecurity.
|Cybersecurity Risk Role of Management [Text Block]
|
Certain representatives of Angel Oak Capital, including our Manager, regularly report (not less frequently than annually) to the Audit Committee as well as to our full Board of Directors, as appropriate, on cybersecurity matters, primarily through presentations by the Head of IT. Such reporting includes updates on the Cybersecurity Program as it impacts us, the reports and services provided by the IT Service Provider, the external threat environment, risk management strategies and any cybersecurity threats or incidents. Presentations to the Audit Committee or our full Board of Directors may also be provided from time to time by the IT Service Provider or another third party firm providing cybersecurity-related services for us or Angel Oak Capital, including our Manager, as deemed necessary or appropriate. The Audit Committee reports to the full Board of Directors regarding its activities, including those related to cybersecurity.
In addition, the Cybersecurity Program provides for the notification and escalation of identified cybersecurity threats and incidents, with different severity thresholds triggering notification to different recipient groups, including, as appropriate, to members of our management, the Audit Committee and to our full Board of Directors. In the event we or Angel Oak Capital, including our Manager, experiences a cybersecurity incident that materially affects, or is reasonably likely to materially affect us, members of our management and of our Manager would review the incident with the Audit Committee to consider whether and to what extent disclosure would be required under Item 1.05 of Form 8-K. An independent member of our Board of Directors has experience managing the information technology function of a mortgage acquisition, servicing, and securitization platform.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|
Certain representatives of Angel Oak Capital, including our Manager, regularly report (not less frequently than annually) to the Audit Committee as well as to our full Board of Directors, as appropriate, on cybersecurity matters, primarily through presentations by the Head of IT. Such reporting includes updates on the Cybersecurity Program as it impacts us, the reports and services provided by the IT Service Provider, the external threat environment, risk management strategies and any cybersecurity threats or incidents. Presentations to the Audit Committee or our full Board of Directors may also be provided from time to time by the IT Service Provider or another third party firm providing cybersecurity-related services for us or Angel Oak Capital, including our Manager, as deemed necessary or appropriate. The Audit Committee reports to the full Board of Directors regarding its activities, including those related to cybersecurity.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Members of the IT Service Provider have relevant qualifications such as extensive work experience implementing data security measures, developing cybersecurity policies and procedures and assessing, managing and reporting cybersecurity risk.An independent member of our Board of Directors has experience managing the information technology function of a mortgage acquisition, servicing, and securitization platform.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|
In addition, the Cybersecurity Program provides for the notification and escalation of identified cybersecurity threats and incidents, with different severity thresholds triggering notification to different recipient groups, including, as appropriate, to members of our management, the Audit Committee and to our full Board of Directors. In the event we or Angel Oak Capital, including our Manager, experiences a cybersecurity incident that materially affects, or is reasonably likely to materially affect us, members of our management and of our Manager would review the incident with the Audit Committee to consider whether and to what extent disclosure would be required under Item 1.05 of Form 8-K. An independent member of our Board of Directors has experience managing the information technology function of a mortgage acquisition, servicing, and securitization platform.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef