SLR Private Credit BDC II LLC 10-K Cybersecurity GRC - 2024-02-27

Page last updated on April 11, 2024

SLR Private Credit BDC II LLC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-27 16:19:52 EST.

Filings

10-K filed on 2024-02-27

SLR Private Credit BDC II LLC filed an 10-K at 2024-02-27 16:19:52 EST
Accession Number: 0001193125-24-047952

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk Management and Strategy We recognize the importance of assessing, identifying, and managing material risks from cybersecurity threats, as such term is defined in Item 106(a) of Regulation S-K. These risks include, among other things, operational risks, financial loss, intellectual property theft, fraud, extortion, loss of sensitive data, harm to individuals including stockholders, violation of privacy or security laws, increased costs associated with mitigation of damages and remediation, and other legal and reputational risks. We have implemented several cybersecurity processes and controls to aid in our efforts to assess, identify, and manage such material risks. We rely on the Adviser s enterprise-wide cybersecurity program to protect our information, including due oversight of the cybersecurity programs of our key service providers and processes for the assessment, identification, and management of material risks from cybersecurity threats, including those associated with the use of third-party service providers. The Adviser considers such cybersecurity threats as part of its broader risk management framework, and its cybersecurity program is designed to, among other things, protect us, insofar as is practicable, from the hazards of cybersecurity threats and vulnerabilities in accordance with applicable legal requirements and guidance. The Adviser collaborates with third-party subject-matter experts, as necessary, to identify and assess material cybersecurity threat risks and evaluate and test its 66 Table of Contents cybersecurity protections, including through continuous network and endpoint monitoring, employee anti-phishing training, vulnerability assessments, and penetration testing to inform the Adviser s risk identification and assessment. The Adviser also performs due diligence reviews on third-parties that have access to our systems, data, or facilities that house such systems or data and continually monitors cybersecurity threat risks identified through such diligence. Together with management, the Board has designated an Information Security Group ( ISG ) to monitor issues relating to cybersecurity and work with the Adviser s third-party Information Technology ( IT ) service provider to evaluate potential cyber risk vulnerabilities. While its composition may change over time, the ISG currently consists of our Chief Financial Officer and Chief Compliance Officer. The ISG, together with the Adviser s third-party IT service provider, annually reviews the cyber risks applicable to our business and the measures established by the Adviser and other service providers to protect against those risks and recommends changes or enhancements, as necessary. The Adviser s management and the third-party IT service provider also monitor the Adviser s network to identify internal and external cybersecurity threats and vulnerabilities in order to determine any steps that should be taken to protect information stored on the Adviser s network and promptly inform the ISG of any identified cybersecurity threats or vulnerabilities. The ISG also makes inquiries of the Adviser s management and the third-party IT service provider regarding such efforts. Material Impact of Cybersecurity Risks The potential impact of risks from cybersecurity threats on us are assessed on an ongoing basis, and how such risks could materially affect our business strategy, operational results, or financial condition are regularly evaluated. During the reporting period, we did not identify any risks from cybersecurity threats, including as a result of previous cybersecurity incidents, that we believe have materially affected, or are reasonably likely to materially affect, our business strategy, operational results, or financial condition. We further describe cybersecurity risks that we face in The failure in cyber security systems, as well as the occurrence of events unanticipated in our disaster recovery systems and management continuity planning could impair our ability to conduct business effectively and We, our Adviser and our portfolio companies are subject to risks associated with cyber-attacks under Item 1A. Risk Factors of this annual report on Form 10-K. Governance The Board has overall responsibility for risk oversight, including risks related to cybersecurity threats. The Board is aware of the critical nature of managing these risks and has sought to establish oversight mechanisms to ensure effective governance in managing risks associated with cybersecurity and appropriate review of the protections provided to us by the Adviser. In conducting its duties, the ISG relies on the experience and expertise of the Adviser s third-party IT service provider, which includes, among other things, over two decades of managing network security for companies, a track record of collaborating with management teams on incident response and threat mitigation, and, through various partnerships, vetting and implementing cutting-edge cybersecurity technologies. The ISG will provide a report, at least annually, to the entire Board regarding our cybersecurity threat risk management and strategy processes, covering topics such as data security posture, results from third-party assessments, progress towards pre-determined risk mitigation-related goals, the Adviser s incident response plan, and cybersecurity threat risks or incidents and developments, as well as the steps the Adviser s management has taken to respond to and mitigate such risks. The Adviser s incident response plan provides guidelines for responding to cyber incidents and facilitates coordination across multiple operational functions of the Adviser. The incident response plan includes notification to the ISG and, depending on its nature, escalation to the Board, if appropriate. The Board is also encouraged to engage with the ISG on cybersecurity topics at other times, and material cybersecurity threats and risks are also considered by the Board in relation to other important matters that come before it.

Company Information