ATEL 17, LLC 10-K Cybersecurity GRC - 2024-03-20

Page last updated on April 11, 2024

ATEL 17, LLC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-20 18:28:19 EDT.

Filings

10-K filed on 2024-03-20

ATEL 17, LLC filed an 10-K at 2024-03-20 18:28:19 EDT
Accession Number: 0001558370-24-003651

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. CYBERSECURITY The Company’s information security program is designed with the goal of maintaining the safety and security of its systems and data. The risk management program is designed to identify, assess, and mitigate risks across various aspects of the company, including financial, operational, regulatory, and legal. Cybersecurity is a critical component of this program, given the increasing reliance on technology and potential cyber threats. With the departure of the Company s Chief Information Officer during the first half of 2023, the Company has engaged a third-party cybersecurity expert to assess the security of the Company s systems and networks. In addition, the Company engaged a third-party vendor, along with an in-house system administrator, together the IT Management , to service the Company s information systems. 4 The objective in managing cybersecurity risk is to avoid or minimize the impact of efforts to penetrate, disrupt or misuse Company systems or information. Cybersecurity helps to maintain an environment that encourages efficiency, innovation, and economic prosperity while promoting safety, security, business confidentiality, and privacy. IT Management is charged with cybersecurity and uses a layered approach to protect systems with ESET and Cylance. IT Management uses a risk-based framework core consisting of cybersecurity activities, outcomes, and references that provide guidance for developing individual organizational profiles. IT Management is tasked with and shall: Prioritize and scope. Identify organization objectives and priorities and determine the scope of systems and assets that support the selected business line or process. Orient. Identify Information Systems and assets, regulatory requirements, and overall risk approach, identify threats to, and vulnerabilities of, those systems and assets. Risk assessment. Identify the likelihood of a cybersecurity event and the impact on the organization. Consider emerging risks. Target Profile. Create a Target Profile focusing on categories, subcategories, and desired cybersecurity outcomes. Determine, Analyze, and Prioritize Gaps. Compare the Current Profile and the Target Profile to determine gaps and create a prioritized action plan to address those gaps. Implement Action Plan. Determine actions to take and monitor against the Target Profile. IT Management must also consider how the cybersecurity program might incorporate privacy principles such as: Individual consent to the use of personal information Collecting the minimum amount of personal information Controls over the use and disclosure of personal information Use and retention of personal information related to a cybersecurity incident Transparency for certain cybersecurity activities Accountability and auditing IT Management ensures that the Company s risks are properly monitored, managed and mitigated to the extent possible and oversees the implementation and maintenance of formal strategies that govern information resources. In addition, the Company has established processes and systems designed to mitigate cyber risk, including regular and on-going education and training for employees, preparedness simulations and tabletop exercises, and recovery and resilience tests. We engage in regular assessments of our infrastructure, software systems, and network architecture, using internal cybersecurity experts and third-party specialists. The Company also leverages internal and external auditors and independent external partners to periodically review its processes, systems, and controls, including with respect to our information security program, to assess their design and operating effectiveness and make recommendations to strengthen our risk management program. The Chief Operating Officer manages the Company s IT and cybersecurity environment, which is reviewed at least semi-annually.

Company Information