RIDGEWOOD ENERGY S FUND LLC 10-K Cybersecurity GRC - 2024-02-26

Page last updated on April 11, 2024

RIDGEWOOD ENERGY S FUND LLC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-26 14:59:27 EST.

Filings

10-K filed on 2024-02-26

RIDGEWOOD ENERGY S FUND LLC filed an 10-K at 2024-02-26 14:59:27 EST
Accession Number: 0001214659-24-003503

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Pursuant to the terms of the Fund s LLC Agreement, the Manager renders management, advisory and administrative services to the Fund, which includes the assessing, identifying, and managing of material risks from cybersecurity threats through its Corporate IT Security Governance program. Ridgewood Energy s Corporate IT Security Governance program consists of an information security framework and organizational structure with senior management oversight that are designed to safeguard critical information assets. Cybersecurity risk is evaluated based upon risk-based approach. An analysis of information and technology assets that ranks the assets based upon their risk of potential internal and external threats and the impact of the potential loss of integrity, confidentiality, and availability of that asset is updated as appropriate. An Information Security Risk Assessment led by the Manager s Chief Information Officer ( CIO ) is performed on an annual basis, and/or upon major changes of cybersecurity related processes and infrastructure, for evaluating the potential impacts to key technology, processes, and people upon known relevant threats. Either a mitigating action plan and/or risk acceptance with valid business reasons is required as a response to each identified risk. The results of the Information Security Risk Assessment are available to senior management for review and approval. 10 Table of Contents The Manager has developed and implemented additional programs that assist in reducing risk and providing additional protection of confidential information including: Collaborative Approach: A comprehensive, cross-functional approach to identifying, preventing and mitigating cybersecurity threats and incidents, while also implementing controls and procedures that provide for the prompt escalation of certain cybersecurity incidents so that decisions regarding the public disclosure and reporting of such incidents can be made by senior management in a timely manner. Technical Safeguards: Technical safeguards designed to protect the Fund s information systems from cybersecurity threats, including firewalls, intrusion prevention and detection systems, anti-malware functionality and access controls, which are evaluated and improved through vulnerability assessments and cybersecurity threat intelligence. Incidence Response and Recovery Planning: An Incident Response Plan that dictates how the Manager prepares, identifies, contains, remediates, and recovers from various vulnerabilities, threats, and events, including cybersecurity events impacting the Fund. Third-Party Risk Management: A comprehensive, risk-based approach to identifying and overseeing cybersecurity risks presented by third parties, including vendors, service providers and other external users of the Manager s systems, as well as the systems of third-parties that could adversely impact the Fund and its investors in the event of a cybersecurity incident affecting those third-party systems. Education and Awareness: Security Awareness training is provided for all new and existing employees that reviews information concerning cyber risks and user responsibilities, and heightens awareness of cyber threats. Training is documented and reported to senior management when appropriate. Governance The Fund does not have its own board of directors or any board committees. The Fund relies upon the senior management oversight of the Manager reporting cybersecurity risks to the executive officers of the Fund. The Manager has a Cyber Risk Committee in place comprised of the CIO and other executive officers of the Fund that is responsible for reviewing and approving or rejecting escalated non-standard IT change requests. The CIO communicates regularly and serves as the Fund s representation to address significant information technology activities and initiatives. The CIO has more than twenty years of experience as an information technology professional and has been CIO since 2007. The CIO has periodic calls with a third-party virtual Chief Information Security Officer on review of policy and procedures best practices and cybersecurity threats. In 2023, there were no risks from cybersecurity threats that have materially affected or reasonably likely to material affect the Fund, its business strategy, results of operations or financial condition.

Company Information