Manulife Private Credit Fund 10-K Cybersecurity GRC - 2024-02-28

Page last updated on April 11, 2024

Manulife Private Credit Fund reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-28 17:09:00 EST.

Filings

10-K filed on 2024-02-28

Manulife Private Credit Fund filed an 10-K at 2024-02-28 17:09:00 EST
Accession Number: 0001193125-24-050871

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk Management and Strategy As an integral part of our commitment to safeguarding sensitive information and ensuring the integrity of our operations, the Fund utilizes the expertise and diligence of the Adviser and its parent company, Manulife (together, the Organization ) in upholding robust cybersecurity measures. The Organization maintains a robust and evolving enterprise-wide cybersecurity risk management program (the Program ) that is designed to assess, identify, manage, mitigate and respond to cybersecurity threats and keep pace with technological innovations, while also meeting applicable legal and regulatory requirements. Through the implementation of the Program, we strive to protect critical information assets (e.g., data, systems, infrastructure) and safeguard the Fund from new and emerging threats. The Program incorporates legal and regulatory requirements, aligns to industry best practices and requires the safeguarding and protection of information in relation to established information classifications. In this regard, the controls of the Program are based on the International Organization Standardization 27001/27002 Information Security Management System Requirements ( ISO 27001 ). The Organization does not currently engage a third party to wholly review its information security infrastructure. However, as part of the Program, the Adviser has network-level penetration testing conducted annually by a third-party, along with application and physical penetration testing conducted regularly by both internal and external resources. We are aware of the risks associated with third-party service providers ( vendors ), and the Adviser implements stringent processes to oversee and manage these risks. The Adviser leverages a robust and mature vendor information risk management methodology for evaluating vendors. This review includes, among others, a review of independent assurance (e.g., SOC 2 Type 2 reports, ISO27001 audits), independent penetration tests and policy documentation, as applicable. Moreover, the Adviser consistently includes contractual terms enshrining cybersecurity and availability requirements into the Adviser s legal agreements with vendors. The Adviser also reassesses critical vendors on a regular basis. 66 Table of Contents The Adviser and the Fund face risks from cybersecurity threats that could have a material adverse effect on our business, financial condition, result of operations, cash flow or reputation. Such risks to date have not had any impact on or relation to the Adviser s business or the Fund, including our investment strategy, results of operations or financial condition. However, affiliated business lines have experienced threats to their data and systems periodically, including malware and computer virus attacks. The Organization has a robust Information Security program including but not limited to, an Incident Management Process and utilize IDS/IPS to monitor for suspicious network activity, phishing program for educational purposes internally, endpoint protection tools, encryption and more to protect against threats. However, future incidents could have a material impact on our business strategy, results of operations or financial condition. For more information about the cybersecurity risks we face, see our disclosure entitled The failure in cybersecurity systems, as well as the occurrence of events unanticipated in the Fund s or the Adviser s or its affiliates disaster recovery systems and management continuity planning could impair their ability to conduct business effectively under Item 1A. Risk Factors. Governance The Board is provided regular reports by the Adviser on its processes for identifying and mitigating cybersecurity risks for the Fund. The Board actively participates in discussions with management, including the Fund s Chief Compliance Officer and the Organization s personnel responsible for cybersecurity, and among themselves regarding cybersecurity risks. The Organization s cybersecurity program includes policies designed to detect and respond to cyber attacks, monitoring third-party service providers cyber security policies, and descriptions of the infrastructure, processes and personnel that are devoted to identifying and addressing internal and external threats. The Organization has strategically integrated its cybersecurity program into its broader risk management framework to promote a company-wide culture of cybersecurity risk management and to protect information on a global basis. The Organization draws upon its team of information security and business resilience professionals that work closely with business and information technology colleagues to continuously evaluate and address cybersecurity risks.

Company Information