NMF SLF I, Inc. 10-K Cybersecurity GRC - 2024-03-06

Page last updated on April 11, 2024

NMF SLF I, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-06 15:43:29 EST.

Filings

10-K filed on 2024-03-06

NMF SLF I, Inc. filed an 10-K at 2024-03-06 15:43:29 EST
Accession Number: 0001766037-24-000005

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk Management and Strategy We rely on the cybersecurity policies and procedures implemented by New Mountain Capital. New Mountain Capital has processes in place for assessing, identifying, and managing material risks from potential unauthorized occurrences on or 53 Table of Content s through our electronic information systems that could adversely affect the confidentiality, integrity, or availability of our information systems or the information residing on those systems. These include a wide variety of controls, processes, systems, and tools that are designed to prevent, detect, or mitigate data loss, theft, misuse, unauthorized access, or other security incidents or vulnerabilities affecting our data. Pursuant to New Mountain Capital s Information Security Program, the New Mountain Capital Information Technology Steering Committee ( ITSC ) is responsible for the development, evolution, and implementation of policies and technical measures to reasonably prevent security incidents. At times New Mountain Capital may also engage assessors, consultants, auditors, or other third parties to assist with assessing, identifying, and managing cybersecurity risks. New Mountain Capital uses processes to oversee and identify material risks from cybersecurity threats, including those associated with the use of third-party service providers. Additionally, New Mountain Capital uses systems and processes designed to reduce the impact of a security incident at a third-party service provider. As part of its risk management process, New Mountain Capital also maintains an incident response plan that is utilized when cybersecurity incidents impacting us, our Investment Adviser, or our Administrator are detected. New Mountain Capital also requires that all employees, including employees of the Investment Adviser and Administrator, complete interactive security awareness training on an annual basis.employees of the Investment Adviser and Administrator, complete interactive security awareness training on an annual basis. Material Impact of Cybersecurity Risks As of the date of this report, we are not aware of any material risks from cybersecurity threats that have materially affected or are reasonably likely to materially affect the Company, including our business strategy, results of operations, or financial condition. However, future incidents could have a material impact on our business. Additional information about cybersecurity risks we face is discussed in Item 1A of Part I, Risk Factors, under the heading The failure of cybersecurity protection systems, as well as the occurrence of events unanticipated in our disaster recovery systems and management continuity planning, could impair our ability to conduct business effectively, which should be read in conjunction with the information above. Governance Our cybersecurity risks and associated mitigations are evaluated by our management and the ITSC as needed, but no less frequently than annually. Management and representatives of the ITSC periodically report to our board of directors on developments to the information security and cybersecurity risks we face. Reports include, among other things, an overview of New Mountain Capital s controls and procedures related to assessing, identifying, and managing risks related to cybersecurity threats, oversight of third-party service providers and related cybersecurity threats, and management s evaluation of cybersecurity risks material to us.

Company Information