Nuveen Churchill Direct Lending Corp. 10-K Cybersecurity GRC - 2024-02-27

Page last updated on April 11, 2024

Nuveen Churchill Direct Lending Corp. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-27 07:28:50 EST.

Filings

10-K filed on 2024-02-27

Nuveen Churchill Direct Lending Corp. filed an 10-K at 2024-02-27 07:28:50 EST
Accession Number: 0001628280-24-007039

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Cybersecurity The Company depends on and engages various third parties and service providers, including suppliers, custodians, transfer agents, administrative agents, fund administrators and other third parties to source, make and manage its investments. Accordingly, the Company s business is dependent on the communications and information technology ( IT ) systems that it shares with the Advisers and their ultimate parent company, TIAA, which further relies upon the systems of third-party IT service providers to TIAA. TIAA has established a cybersecurity program across its enterprise, which applies to certain of its affiliates, including the Advisers and the Company. When identifying and overseeing risks from cybersecurity threats associated with its use of third-party service providers, the Company further relies upon the expertise of risk management, legal, information technology, and compliance personnel of TIAA. TIAA conducts onboarding and ongoing due diligence of certain of the Company s key third-party service providers to identify and oversee risks from cybersecurity threats associated with the Company s use of such entities. Cybersecurity Program Overview TIAA has instituted an enterprise cybersecurity program designed to identify, assess, and mitigate cyber risks applicable to TIAA and its affiliates, which applies to the Company and the Advisers. This cyber risk management program is integrated into TIAA s overall risk management program and involves risk assessments, implementation of security measures, and ongoing monitoring of systems and networks, including networks on which the Company relies. TIAA relies on its internal subject matter experts and external experts, as needed, including, but not limited to, cybersecurity assessors, consultants, and auditors, to evaluate cybersecurity measures and risk management processes applicable to the Advisers, the Company and other affiliates of TIAA. TIAA actively monitors the current cyber threat landscape in an effort to identify material risks arising from new and evolving cybersecurity threats, including material risks faced by the Company and Advisers, in connection with their day-to-day operations. TIAA s cybersecurity leadership team are responsible for maintaining and overseeing the overall state of TIAA s cybersecurity program, information on the current threat landscape, and risks from cybersecurity threats and cybersecurity incidents impacting TIAA and its affiliates, including the Company, the Advisers and their respective third-party service providers. TIAA s cybersecurity team, including its Chief Information Security Officer, is responsible for assessing and managing material risks from cybersecurity threats to the TIAA organization, including the Company and the Advisers. TIAA s Chief Information Security Officer and cybersecurity leaders have significant expertise in in this area, including in IT and cybersecurity engineering, and have cybersecurity leadership experience in other major financial institutions. Management of the Company is informed about and monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents impacting the Company, including through the receipt of notifications from third party service providers and reliance on communications with cybersecurity, risk management, legal, IT, and/or compliance personnel of TIAA. Oversight of Cybersecurity Risk The potential impact of risks from cybersecurity threats on the Company is assessed on an ongoing basis, as well as how such risks could materially affect the Company s business strategy, operational results, and financial condition. Cybersecurity risk remains heightened to the financial industry, including the Company, and a failure in or breach of our systems or infrastructure, or those of a material third party or service provider, could cause disruption and adversely impact the Company s operations. TIAA and the Advisers continue to invest in the cybersecurity program to protect against emerging threats, including threats against third parties and service providers. The Company has not experienced any material cybersecurity incident, and the Company is not aware of any cybersecurity risks that are reasonably likely to materially affect its business. TIAA s cybersecurity team periodically reports to the Company s management on cybersecurity matters, primarily through presentations. Such reporting will include updates on TIAA s cybersecurity program as it relates to the Company, the external cybersecurity threat environment, and TIAA s programs to address and mitigate the risks associated with the evolving cybersecurity threat environment. These reports also include updates on TIAA s preparedness, prevention, detection, responsiveness and recovery with respect to cybersecurity incidents. The Board has the primary responsibility for overseeing and reviewing the guidelines and policies with respect to risk assessment and risk management, including cybersecurity. The Board receives periodic updates from the Company s management regarding TIAA s cybersecurity program, information on current threat landscape and risks from cybersecurity threats and cybersecurity incidents impacting the Company. 56

Company Information