Brookfield Oaktree Holdings, LLC 10-K Cybersecurity GRC - 2024-03-21

Page last updated on April 11, 2024

Brookfield Oaktree Holdings, LLC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-21 17:02:57 EDT.

Filings

10-K filed on 2024-03-21

Brookfield Oaktree Holdings, LLC filed an 10-K at 2024-03-21 17:02:57 EDT
Accession Number: 0001403528-24-000019

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Oaktree maintains a cyber risk management program designed to identify, assess, manage, mitigate, and respond to cybersecurity threats. This program is integrated into Oaktree s overall risk management processes and focuses on the corporate information technology environment. The underlying controls of the cyber risk management program are designed to meet Oaktree s business requirements, security risks and organization profile, and leverages many elements of the National Institute of Standards and Technology ( NIST ) Cybersecurity Framework ( CSF ) and the International Organization Standardization ( ISO ) 27001 Information Security Management System Requirements. The Internal Audit team conducts an annual internal audit of the Company s cyber risk management program utilizing the services of a third-party provider. Additionally, Oaktree hires a third party provider to conduct an annual penetration test of Oaktree’s systems. Oaktree has developed and implemented controls and processes to oversee and manage its engagements with third-party vendors. These procedures encompass pre-engagement due diligence efforts and the ongoing monitoring of the third-party vendors that are considered to be high-risk. Although these controls and processes are designed to mitigate risks associated with third-party engagements, they do not guarantee the elimination of all potential risks. The effectiveness of these controls and processes is dependent on a variety of factors, some of which are outside our control. A third party Managed Security Service Provider (MSSP) manages Oaktree s Security Operations Center to provide 24/7 monitoring of its global systems and to coordinate the investigation of alerts of potential security incidents. Alerts are then escalated to the Oaktree Cybersecurity team for investigation and remediation, if necessary. Cyber partners are a key part of Oaktree s cybersecurity infrastructure. Oaktree partners with leading cybersecurity companies and organizations, leveraging third-party technology and expertise. Oaktree engages with these partners to monitor and maintain the performance and effectiveness of products and services that are deployed in Oaktree s environment. A Managing Director in Oaktree s information technology department heads Oaktree s cybersecurity team. This individual reports to Oaktree s Chief Information Officer. and is responsible for assessing and managing Oaktree s cyber risk management program, informs senior management regarding the prevention, detection, mitigation, and remediation of cybersecurity incidents and supervises such efforts. The cybersecurity team has decades of collective experience selecting, deploying and operating cybersecurity technologies, initiatives and processes and relies on threat intelligence as well as other information obtained from governmental, public and private sources, including external consultants engaged by Oaktree. The head of Oaktree s cybersecurity team has substantial information technology and cybersecurity experience, with a career spanning over 30 years in managing global IT operations in a wide range of areas, including, but not limited to, cybersecurity, IT governance, controls, compliance, data center operations, network engineering and cloud computing. The audit committee of the board of directors oversees Oaktree s cybersecurity program. The cybersecurity team briefs the audit committee on the effectiveness of Oaktree s cyber risk management program. The Internal Audit team also shares the results of its annual cybersecurity audits with the audit committee. Oaktree faces risks from cybersecurity threats that could have a material adverse effect on its business, financial condition, results of operations, cash flows or reputation. Oaktree has experienced, and will continue to experience, cyber incidents in the normal course of its business. However, we are not currently aware of any current or past cyberattacks or other incidents that, individually or in the aggregate, have materially affected, or are reasonably likely to materially affect, Oaktree s business, business strategy, financial condition, results of operations, or cash flows. See Risk Factors Risks Relating to Our Business Oaktree s failure to maintain the security of its information and technology networks, including personal data and client information, intellectual property and proprietary business information could have a material adverse effect on us. 45

Company Information