Oxford Square Capital Corp. 10-K Cybersecurity GRC - 2024-03-18

Page last updated on April 11, 2024

Oxford Square Capital Corp. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-18 21:17:28 EDT.

Filings

10-K filed on 2024-03-18

Oxford Square Capital Corp. filed an 10-K at 2024-03-18 21:17:28 EDT
Accession Number: 0001213900-24-023660

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity The Company has processes in place to assess, identify, and manage material risks from cybersecurity threats. The Company s business is dependent on the communications and information systems of Oxford Funds and other third -party service providers. Oxford Funds manages the day -to-day operations of the Company and has implemented a cybersecurity program that applies to the Company and its operations. 57 Cybersecurity Program Overview Oxford Funds has instituted a cybersecurity program designed to identify, assess, and manage cyber risks applicable to the Company and assists with the oversight of other third party service providers and their cybersecurity programs. The cyber risk management program involves risk assessments, implementation of security measures, and ongoing monitoring of systems and networks, including networks on which the Company relies. Oxford Funds actively monitors the current threat landscape in an effort to identify material risks arising from new and evolving cybersecurity threats, including material risks faced by the Company. The Company relies on Oxford Funds to engage external experts, including cybersecurity assessors and consultants to evaluate cybersecurity measures and risk management processes, including those applicable to the Company. The Company relies on Oxford Funds risk management program and processes, which include cyber risk assessments. The Company depends on and engages various third parties, including suppliers, vendors, and service providers, to operate its business. The Company relies on its Officers and the expertise of risk management and information technology personnel of Oxford Funds when identifying and overseeing risks from cybersecurity threats, including risks from third parties. Board Oversight of Cybersecurity Risks The Board provides strategic oversight on cybersecurity matters, including risks associated with cybersecurity threats. The Board receives periodic updates from its Chief Compliance Officer ( CCO ), which incorporates updates provided by the Head of Information Technology of Oxford Funds, regarding the overall state of Oxford Funds cybersecurity program, information on the current threat landscape, and risks from cybersecurity threats and cybersecurity incidents impacting the Company. Management s Role in Cybersecurity Risk Management The Company s management, including the Company s CCO and the Head of Information Technology of Oxford Funds, manages the Company s cybersecurity program. The President and CCO of the Company oversee the Company s oversight function generally and rely on Oxford Funds Head of Information Technology to manage the assessment and management of material risks from cybersecurity threats. The Head of Information Technology has more than 8 years of experience in actively managing cybersecurity and information security programs for financial services companies with complex information systems. The CCO has been responsible for his oversight function as CCO to the Company for 8 years and has worked in the financial services industry for more than 35 years, during which time the CCO has gained expertise in assessing and managing risk applicable to the Company. Management of the Company is informed about and monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents impacting the Company, including through the receipt of notifications from service providers and reliance on communications with risk management, legal, information technology, and/or compliance personnel of Oxford Funds. Assessment of Cybersecurity Risk The potential impact of risks from cybersecurity threats on the Company are assessed on an ongoing basis, and how such risks could materially affect the Company s business strategy, operational results, and financial condition are regularly evaluated. During the reporting period, the Company has not identified any risks from cybersecurity threats, including as a result of previous cybersecurity incidents, that the Company believes have materially affected, or are reasonably likely to materially affect, the Company, including its business strategy, operational results, and financial condition. 58

Company Information