ProShares Trust II 10-K Cybersecurity GRC - 2024-02-28

Page last updated on April 11, 2024

ProShares Trust II reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-28 17:18:08 EST.

Filings

10-K filed on 2024-02-28

ProShares Trust II filed an 10-K at 2024-02-28 17:18:08 EST
Accession Number: 0001193125-24-050920

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. Risk Management and Strategy Cyber-attacks and threats are considered one of the most significant risks facing the Funds. The Funds cybersecurity is managed through the Sponsor. The Sponsor maintains an enterprise-wide cybersecurity management program designed to assess, identify and manage material risks from cybersecurity threats. The cybersecurity management program is based on the NIST Cybersecurity Framework, an internationally recognized framework, and is integrated into the Sponsor s enterprise risk management system. As part of the Sponsor s cybersecurity strategy, the Sponsor also maintains an enterprise-wide Information Security Policy as well as a Security Incident Response Plan that sets forth an enterprise-wide framework and guidelines to facilitate an effective response to and handling of cybersecurity incidents. The Sponsor s cybersecurity management program includes business continuity plans and systems applicable to the Funds. The cybersecurity management program is led by the Sponsor s Cyber Security Task Force, composed of the Chief Technology Officer; Director, Information Technology; General Counsel; Chief Compliance Officer; Chief Financial Officer; Senior Manager, Risk and Audit; and other key individuals. The Cyber Security Task Force meets regularly to assess the cybersecurity management program, including the enterprise-wide strategy, policies, standards and processes. With the ever-evolving cybersecurity risk environment, the Sponsor engages both internal and external specialists in its cybersecurity efforts. Internal and independent third-party assessors periodically conduct enterprise-wide risk assessments on a wide spectrum of risks facing the Trust, the Sponsor and the Funds, including penetration assessments and phishing attacks. Following these risk assessments, the Cyber Security Task Force re-designs, enhances and implements reasonable controls to mitigate any identified risks. Additionally, the Sponsor engages a third-party consultant and service provider to assist with managed IT services and advise on the Sponsor s IT infrastructure and system as well as cybersecurity awareness, prevention and best practices. As part of the Sponsor s overall enterprise-wide cybersecurity strategy, the Sponsor s employees complete annual cybersecurity awareness training, which includes training on the Sponsor s Information Security Policy and Security Incident Response Plan. The Sponsor s cybersecurity risk management extends to its vendors. Each vendor is subject to a comprehensive cybersecurity risk assessment conducted at the vendor s initial engagement with the Sponsor and ongoing monitoring through the term of its engagement with the Sponsor. Governance The Sponsor has a dedicated team under the supervision of the Chief Technology Officer that is responsible for the day-to-day management of the Sponsor s technology infrastructure. The Chief Technology Officer is responsible for providing strategic direction and, with the support of the Cyber Security Task Force and senior management, is also responsible for the assessment and management of all cybersecurity risks and threats, as well as the prevention, detection, mitigation and remediation of cybersecurity incidents. The Chief Technology Officer has more than 20 years of experience working in information technology-related roles within the financial services industry, a bachelor s degree in electronics and communications and a master s degree in computer science. The Cyber Security Task Force has oversight of the Sponsor s cybersecurity risks, threats and incidents and is informed of such risks, threats and incidents through the Chief Technology Officer. The Cyber Security Task Force escalates any significant cybersecurity developments or incidents, even if not material to the Sponsor, to the Sponsor s Core Business Services committee at its regularly scheduled meetings, the Sponsor s full Management Team, or directly to the Chief Executive Officer, depending on the cybersecurity matter. Although the Funds have experienced cybersecurity incidents in the past, to date, the risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, have not materially affected their operations, financial condition or investment objectives. See Risk Factors in Part I, Item 1A on this Annual Report for a discussion of the risks related to cybersecurity.

Company Information