Commonwealth Credit Partners BDC I, Inc. 10-K Cybersecurity GRC - 2024-03-11

Page last updated on April 11, 2024

Commonwealth Credit Partners BDC I, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-11 16:48:07 EDT.

Filings

10-K filed on 2024-03-11

Commonwealth Credit Partners BDC I, Inc. filed an 10-K at 2024-03-11 16:48:07 EDT
Accession Number: 0000950170-24-029358

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Cybersecurity The Company has processes in place designed to assess, identify, and manage material risks from cybersecurity threats. The Company s business is dependent on the communications and information systems of the Investment Adviser and other third-party 41 service providers. The Investment Adviser manages the Company s day-to-day operations and has implemented a cybersecurity program that applies to the Company and its operations. Cybersecurity Program Overview The Investment Adviser has instituted a cybersecurity program designed to identify, assess, and manage cyber risks applicable to the Company. The cyber risk management program involves risk assessments, implementation of security measures, and ongoing monitoring of systems and networks, including networks on which the Company relies. The Investment Adviser, together with external consultants, actively monitors the current threat landscape in an effort to identify material risks arising from new and evolving cybersecurity threats, including material risks faced by the Company. The Company relies on the Investment Adviser s compliance and risk management program and processes, which include periodic review of the Investment Adviser s Cybersecurity Program. The Company depends on and engages various third parties, including service providers, to operate its business. The Company relies on its Chief Compliance Officer ( CCO ) and the expertise of risk management, legal, information technology, and compliance personnel of the Investment Adviser when identifying and overseeing risks from cybersecurity threats associated with its reliance upon such third parties. The potential impact of risks from cybersecurity threats posed to the Company are assessed on an ongoing basis, including how such risks could materially affect the Company s business strategy, operational results, and financial condition are regularly evaluated. During the reporting period, the Company has not identified any risks from cybersecurity threats, including as a result of previous cybersecurity incidents, that the Company believes have materially affected, or are reasonably likely to materially affect, the Company, including its business strategy, operational results, and financial condition. Key third-party information security service providers, subject to the Adviser Committee s and Company CCO s oversight, continuously monitor and support the Adviser and Company information security control environment and breach notification processes. The Adviser s Committee, subject to the Company CCO s oversight, monitor best-practices and developments in data privacy and security, including increased scrutiny of third-party service providers having access to sensitive Company data. Board Oversight of Cybersecurity Risks The Board provides strategic oversight on cybersecurity matters, including risks associated with cybersecurity threats. The Board receives periodic updates from the CCO, which incorporates updates provided by the Investment Adviser regarding the overall state of the Investment Adviser s cybersecurity program, information on the current threat landscape, and risks from cybersecurity threats and cybersecurity incidents impacting the Investment Adviser s operations, including those related to the Company. Management’s Role in Cybersecurity Risk Management The Company s management, including the Company s CCO, and a Technology Risk and Information Security Committee (the Committee ) established by the Investment Adviser manage the Company s cybersecurity program. The CCO of the Company oversees the Company s oversight function generally and relies on the Investment Adviser s Committee to assist with assessing and managing material risks from cybersecurity threats. The Committee is chaired by an outside cybersecurity and information technology expert, and its other members are the Investment Advisors CFO/CCO, its General Counsel, and its Director of Information Technology. The CCO has been responsible for oversight of the Company s overall SEC compliance program, since the Company s inception and has worked in the financial services industry for more than 25 years, during which time the CCO has gained expertise in assessing and overseeing controls regarding risks applicable to the Company. The Company s Senior Management team is regularly informed regarding the prevention, detection, mitigation, and remediation of cybersecurity incidents impacting the Company, and/or other comparable SEC regulated investment funds and their managers, including through the receipt of notifications from service providers and reliance on communications with operations, risk management, legal, information technology, and/or compliance personnel of the Investment Adviser. Assessment of Cybersecurity Risk The potential impact of risks from cybersecurity threats on the Company are assessed on an ongoing basis, and how such risks could materially affect the Company s business strategy, operational results, and financial condition are regularly evaluated. During the reporting period, the Company has not identified any risks from cybersecurity threats, including as a result of previous 42 cybersecurity incidents, that the Company believes have materially affected, or are reasonably likely to materially affect, the Company, including its business strategy, operational results, and financial condition.

Company Information