Bitwise 10 Crypto Index Fund 10-K Cybersecurity GRC - 2024-03-01

Page last updated on April 11, 2024

Bitwise 10 Crypto Index Fund reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-01 13:42:12 EST.

Filings

10-K filed on 2024-03-01

Bitwise 10 Crypto Index Fund filed an 10-K at 2024-03-01 13:42:12 EST
Accession Number: 0000950170-24-023680

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. C YBERSECURITY Cybersecurity Risk Management and Strategy The Trust s cybersecurity risk management is established and governed by the Sponsor. The Sponsor determines and implements appropriate risk management processes and strategies as it relates to cybersecurity for the Trust and the Trust relies on the Sponsor for assessing, identifying and managing material risks to the Trust s business from cybersecurity threats. The Sponsor s cybersecurity policies and practices are set out in the Sponsor s compliance manual and are reviewed on an annual basis. In addition, all officers of the Sponsor and all employees of Bitwise receive annual compliance training and annual cybersecurity training. Attendance at the annual cybersecurity training and the annual compliance training is tracked and recorded. The Sponsor engages a selection of third-party security experts (“Experts”) to assist its internal legal, compliance and engineering personnel in developing, implementing and testing its cybersecurity policies and procedures.The Experts assist in performing assessments, penetration tests and reviewed areas of potential vulnerability. In addition, the Experts work with the Sponsor to conduct cybersecurity training, exercises and quarterly internal phishing tests. The Sponsor uses the findings of such exercises and campaigns to improve its practices, procedures, and technologies. The Sponsor also engages the Experts to support its cybersecurity threat and incident response management and maintains information security risk insurance coverage. The Sponsor conducts due diligence on the Experts and all third-party service providers both at the beginning of any contractual relationship and on an ongoing, periodic basis. The Sponsor reviews a selection of all of its service providers on an annual basis, with specific emphasis on any service providers deemed to be high risk and utilizes external compliance partners to assist with this review. As part of this review, the Sponsor tracks any identified deficiencies and requires that its third-party service providers have in place appropriate technical and organizational security measures and security-control principles based on recognized cybersecurity standards. The Sponsor also obtains contractual assurances from third-party service providers relating to their security responsibilities, controls, reporting, and roles and responsibilities as it pertains to cybersecurity incident response policies and notification requirements. While neither the Sponsor nor the Trust has experienced a material cybersecurity incident, cybersecurity threat risks may materially affect either the Sponsor or the Trust, including the Trust s business strategy, results of operations or financial condition. For further discussion of the risks the Trust faces from cybersecurity threats, see Item 1A. Risk Factors–The Trust is subject to the risk of cybercrime and security breaches and incidents. Governance 83 The Trust does not have any directors, officers or employees. Under the Trust Agreement, all management functions of the Trust have been delegated to and are conducted by the Sponsor, its agents and its affiliates. As a result, Katherine Dowling, the General Counsel, Chief Compliance Officer and Vice President of the Sponsor, is responsible for assessing and overseeing the Sponsor s and the Trust s cybersecurity risks and providing direction and oversight for risk mitigation action, in conjunction with Hong Kim, the Chief Technology Officer of Bitwise. Ms. Dowling has served as a Chief Compliance Officer at various companies since 2015 and has more than ten years of experience as an Assistant U.S. Attorney, most recently in the Economic Crimes Unit of the U.S. Attorney’s Office for the Northern District of California. Ms. Dowling receives periodic reports from the Experts, outside legal representatives and members of the Sponsor s Legal and Compliance team who take part in cybersecurity review, implementation and testing. Mr. Kim graduated from the University of Pennslyvania with a Bachelor of Science in Computer Science, and, prior to Bitwise, worked on Google’s backend infrastructure for Google Drive and worked in software security for the South Korean military. Bitwise, the parent of the Sponsor, has a board of directors that is ultimately responsible for managing and directing the affairs of the Sponsor, including maintaining oversight of risks from cybersecurity threats. Mr. Kim serves on the Bitwise board of directors. Ms. Dowling serves as the General Counsel and Chief Compliance Officer of Bitwise and therefore is able to report directly to Bitwise s board of directors regarding cybersecurity risks to the Trust and the Sponsor.

Company Information