Portman Ridge Finance Corp 10-K Cybersecurity GRC - 2024-03-13

Page last updated on April 11, 2024

Portman Ridge Finance Corp reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-13 16:18:25 EDT.

Filings

10-K filed on 2024-03-13

Portman Ridge Finance Corp filed an 10-K at 2024-03-13 16:18:25 EDT
Accession Number: 0000950170-24-030788

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity We have processes in place to assess, identify, and manage material risks from cybersecurity threats. The Company s business is dependent on the communications and information systems of the Adviser and other third-party service providers. The Adviser manages the Company s day-to-day operations and has implemented a cybersecurity program that applies to the Company and its operations. 28 Cybersecurity Program Overview The Adviser has instituted a cybersecurity program, overseen by the Adviser s Global Head of Infrastructure & Cybersecurity ( GHIC ), which is designed to assess, identify, and manage material cyber risks applicable to the Company. The cyber risk management program involves risk assessments, implementation of security measures, and ongoing monitoring of systems and networks, including networks on which the Company relies. The Adviser actively monitors the current threat landscape in an effort to identify material risks arising from new and evolving cybersecurity threats, including material risks faced by the Company. The Company relies on the Adviser to engage external experts, including cybersecurity assessors, consultants, and other specialists as appropriate to evaluate cybersecurity measures and risk management processes, including those applicable to the Company. The Company relies on the Adviser s risk management program and processes, which include cyber risk assessments. The Company depends on and engages various third parties, including suppliers, vendors, and service providers, to operate its business. The Company takes steps to identify and oversee risks from cybersecurity threats associated with our use of such entities and the Chief Compliance Officer ( CCO ) of the Company reviews cybersecurity-related reports provided by key service providers. Board Oversight of Cybersecurity Risks The Board would be made aware of any material risks associated with cybersecurity threats. The Board currently receives periodic updates from the Company s CCO regarding the overall state of the Adviser s cybersecurity program, information on the current threat landscape, and risks from cybersecurity threats and cybersecurity incidents impacting the Company. Management s Role in Cybersecurity Risk Management The Company s management, including the Company s CCO, is responsible for assessing and managing material risks from cybersecurity threats. The CCO, in managing such risks relating to cybersecurity threats, relies on the assistance provided by the Adviser s GHIC. The Adviser s GHIC has extensive experience in managing cybersecurity and information security programs for financial services companies with complex information systems. The CCO has been responsible for this oversight function as CCO to the Company since 2021 and has worked in the financial services industry for more than 15 years, during which the CCO has gained expertise in assessing and managing such risks applicable to the Company. Management of the Company is informed about and monitors the prevention, detection, mitigation, and remediation of material cybersecurity incidents impacting the Company, including through the receipt of notifications from service providers and reliance on communications with legal, information technology, and/or compliance personnel of the Adviser. Assessment of Cybersecurity Risk The potential impact of risks from cybersecurity threats on the Company are assessed on an ongoing basis, and how such risks could materially affect the Company s business strategy, results of operation, and financial condition are regularly evaluated. During the reporting period, the Company has not identified any material risks from cybersecurity threats, including as a result of previous cybersecurity incidents, that the Company believes have materially affected, or are reasonably likely to materially affect, the Company, including its business strategy, results of operation, and financial condition.

Company Information