|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
TIAA, on behalf of the Account, has a program and formal processes in place to assess, identify, and manage material risks from cybersecurity threats. The Account’s business is dependent on the communications and information technology (“IT”) systems of TIAA and other third-party IT service providers to TIAA. TIAA, with support from certain of its subsidiaries, manages the Account’s day-to-day operations and has implemented a cybersecurity program that applies to the Account.
The Account depends on and engages various third parties and service providers, including suppliers, custodians, transfer agents, property management companies, and joint venture partners, to operate its commercial real estate and investment business. The Account relies on the expertise of risk management, legal, information technology, and compliance personnel of TIAA when identifying and overseeing risks from cybersecurity threats associated with the Account’s use of such entities.
Cybersecurity Program Overview
TIAA has instituted an enterprise cybersecurity program designed to identify, assess, and mitigate cyber risks applicable to TIAA, the Account, and other products, subsidiaries and affiliates of TIAA and their respective third party service providers.
This cyber risk management program is integrated into TIAA’s overall risk management program. It involves risk assessments, implementation of security measures, and ongoing monitoring of systems and networks, including networks on which the Account relies. TIAA relies on its internal subject matter experts and external experts, as needed, including but not limited to cybersecurity assessors, consultants, and auditors, to evaluate cybersecurity measures and risk management processes, applicable to the Account and other products, subsidiaries, and affiliates of TIAA.
TIAA actively monitors the current cyber threat landscape in an effort to identify material risks arising from new and evolving cybersecurity threats, including material risks faced by the Account in connection with its day-to-day commercial real estate, investment, and other operations.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|TIAA, on behalf of the Account, has a program and formal processes in place to assess, identify, and manage material risks from cybersecurity threats. The Account’s business is dependent on the communications and information technology (“IT”) systems of TIAA and other third-party IT service providers to TIAA. TIAA, with support from certain of its subsidiaries, manages the Account’s day-to-day operations and has implemented a cybersecurity program that applies to the Account.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
The Board provides strategic oversight on cybersecurity matters, including risks associated with cybersecurity threats. The Board receives periodic updates from TIAA’s Cybersecurity leadership regarding the overall state of TIAA’s cybersecurity program, information on the current threat landscape, and risks from cybersecurity threats and cybersecurity incidents impacting the Account.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|TIAA’s management, including its Chief Information Security Officer ("CISO"), is responsible for assessing and managing material risks from cybersecurity threats to the TIAA organization, including the Account.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|TIAA’s management, including its Chief Information Security Officer ("CISO"), is responsible for assessing and managing material risks from cybersecurity threats to the TIAA organization, including the Account. The CISO and cybersecurity leaders have significant expertise in this area, including in IT and cybersecurity engineering as well as cybersecurity leadership experience in other major financial institutions. In particular, the CISO holds an master of business administration (MBA) degree and a bachelor of science (BS) degree in computer science. He has several security industry certifications including the Certified Information Systems Security Professional (CISSP) and Certified Secure Software Lifecycle Profession (CSSLP) designations, and has held prior management positions in the technology space with Snap Finance, American Express, Visa and Paypal. Management of the Account is informed about and monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents impacting the Account, including through the receipt of notifications from third party service providers and reliance on communications with cybersecurity, risk management, legal, IT, and/or compliance personnel of TIAA.
|Cybersecurity Risk Role of Management [Text Block]
|TIAA’s management, including its Chief Information Security Officer ("CISO"), is responsible for assessing and managing material risks from cybersecurity threats to the TIAA organization, including the Account. The CISO and cybersecurity leaders have significant expertise in this area, including in IT and cybersecurity engineering as well as cybersecurity leadership experience in other major financial institutions. In particular, the CISO holds an master of business administration (MBA) degree and a bachelor of science (BS) degree in computer science. He has several security industry certifications including the Certified Information Systems Security Professional (CISSP) and Certified Secure Software Lifecycle Profession (CSSLP) designations, and has held prior management positions in the technology space with Snap Finance, American Express, Visa and Paypal. Management of the Account is informed about and monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents impacting the Account, including through the receipt of notifications from third party service providers and reliance on communications with cybersecurity, risk management, legal, IT, and/or compliance personnel of TIAA.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|TIAA’s management, including its Chief Information Security Officer ("CISO"), is responsible for assessing and managing material risks from cybersecurity threats to the TIAA organization, including the Account. The CISO and cybersecurity leaders have significant expertise in this area, including in IT and cybersecurity engineering as well as cybersecurity leadership experience in other major financial institutions. In particular, the CISO holds an master of business administration (MBA) degree and a bachelor of science (BS) degree in computer science. He has several security industry certifications including the Certified Information Systems Security Professional (CISSP) and Certified Secure Software Lifecycle Profession (CSSLP) designations, and has held prior management positions in the technology space with Snap Finance, American Express, Visa and Paypal. Management of the Account is informed about and monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents impacting the Account, including through the receipt of notifications from third party service providers and reliance on communications with cybersecurity, risk management, legal, IT, and/or compliance personnel of TIAA.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|The CISO and cybersecurity leaders have significant expertise in this area, including in IT and cybersecurity engineering as well as cybersecurity leadership experience in other major financial institutions. In particular, the CISO holds an master of business administration (MBA) degree and a bachelor of science (BS) degree in computer science. He has several security industry certifications including the Certified Information Systems Security Professional (CISSP) and Certified Secure Software Lifecycle Profession (CSSLP) designations, and has held prior management positions in the technology space with Snap Finance, American Express, Visa and Paypal.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|TIAA’s management, including its Chief Information Security Officer ("CISO"), is responsible for assessing and managing material risks from cybersecurity threats to the TIAA organization, including the Account. The CISO and cybersecurity leaders have significant expertise in this area, including in IT and cybersecurity engineering as well as cybersecurity leadership experience in other major financial institutions. In particular, the CISO holds an master of business administration (MBA) degree and a bachelor of science (BS) degree in computer science. He has several security industry certifications including the Certified Information Systems Security Professional (CISSP) and Certified Secure Software Lifecycle Profession (CSSLP) designations, and has held prior management positions in the technology space with Snap Finance, American Express, Visa and Paypal. Management of the Account is informed about and monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents impacting the Account, including through the receipt of notifications from third party service providers and reliance on communications with cybersecurity, risk management, legal, IT, and/or compliance personnel of TIAA.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef