Silver Point Specialty Lending Fund 10-K Cybersecurity GRC - 2024-03-20

Page last updated on April 11, 2024

Silver Point Specialty Lending Fund reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-20 21:40:47 EDT.

Filings

10-K filed on 2024-03-20

Silver Point Specialty Lending Fund filed an 10-K at 2024-03-20 21:40:47 EDT
Accession Number: 0000950170-24-034390

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. Risk Management, Strategy and Governance The Fund is externally managed by the Adviser and has no employees or internal information systems. Thus, the Fund relies on the Adviser as well as its administrator, custodian and other service providers to protect the Fund s information from cybersecurity threats. The Fund s Chief Compliance Officer (the CCO ), in coordination with the Adviser s Compliance Department and Information Security Working Group (the ISWG ), which includes the Adviser s Chief Technology Officer Infrastructure and Cybersecurity (the CTO ), Chief Compliance Officer, General Counsel and Chief Financial Officer or their respective designees and teams, oversees the Fund s risk management policies and procedures related to cybersecurity risks, subject to the oversight of the Board of Trustees. The ISWG uses various security tools that help the Adviser identify, escalate, investigate, resolve and recover from cybersecurity incidents in a timely manner. The Adviser also reviews the Fund service providers compliance and risk management policies and procedures related to cybersecurity matters, monitors such service providers use of information systems which have the potential to subject the Fund to information technology vulnerabilities and receives regular reports from the Fund s service providers regarding cybersecurity threats and incidents. The CCO provides quarterly reports to the Board of Trustees regarding significant risks to the Fund, including, among others, those relating to cybersecurity. In addition, the CCO informs the Board of Trustees regarding material cybersecurity risks as they arise. The Adviser takes a risk-based approach to cybersecurity and has implemented cybersecurity policies and procedures throughout its operations that are designed to address cybersecurity threats and incidents. In particular, the Adviser deploys specialized security technologies and operational controls including, but not limited to, firewalls, anti-virus systems, passwords, restricted access, and electronic surveillance/monitoring. The Adviser also conducts regular internal penetration testing to assess information technology vulnerabilities, utilizes third-party technology solutions for real-time vulnerability management and engages a third-party consultant to conduct a cybersecurity assessment and preparedness analysis annually. In addition, the ISWG meets quarterly and on an as-needed basis. The ISWG: (i) reviews any material information security incidents and documents the results of any such reviews and any responsive or remedial actions taken in connection therewith (ii) escalates any significant incidents involving threats to, or breaches of, the cybersecurity protections set forth in the Adviser s Information Security Program and Policies and Procedures (the Information Security Program ) to the Adviser s Compliance Committee or Operating Committee and (iii) updates the Information Security Program as needed, based on, among other things: (a) results of testing and monitoring pursuant to the Information Security Program (b) changes to applicable laws, rules, or regulations (c) new or prospective cyber threats and (d) material changes to the business and operation of the Adviser and the Fund. In addition, the ISWG is informed by the CTO of: (i) any risks to personal information and the Adviser s information systems (ii) ways to manage and control such risks (iii) any 57 concerns regarding third party vendor arrangements that could impact information security (iv) the results of testing done in connection with the Information Security Program and (v) any other matters that the CTO believes should be reviewed by the ISWG. The Information Security Program: (i) implements and maintains administrative, technical, and physical safeguards for the protection of personal information (ii) protects against any anticipated threats or hazards to the security of such information, other Adviser information, and the Adviser s information systems and (iii) prevents unauthorized access to or use of the Adviser s systems or personal information. In addition, the ISWG maintains an Incident Response Plan designed to define, in advance, the actions to be taken in the event that the Adviser suffers a digital attack or a potential cybersecurity breach. The Adviser partners with third parties to assess the effectiveness of our cybersecurity prevention and response policies and procedures. The Adviser utilizes a third party to perform penetration testing once a year. Penetration testing involves scanning the Adviser s internet points of entry and attempting to detect potential vulnerabilities. Remediation is performed, if needed, and a second scan is conducted. Internal penetration testing is performed by a combination of regularly scheduled vulnerability scans and using a third party service for real-time vulnerability management. To assess the capability to maintain operation of its business in the event of serious failure or disruption of essential services located in its primary data center, the Adviser also performs business continuity testing twice a year. See Item 1A. Risk Factors Cybersecurity risks and cyber incidents may adversely affect our business by causing a disruption to our operations, a compromise or corruption of our confidential information and/or damage to our business relationships, all of which could negatively impact our business, financial condition and operating results.

Company Information