HPS Corporate Lending Fund 10-K Cybersecurity GRC - 2024-03-21

Page last updated on July 16, 2024

HPS Corporate Lending Fund reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-21 17:27:34 EDT.


10-K filed on 2024-03-21

HPS Corporate Lending Fund filed a 10-K at 2024-03-21 17:27:34 EDT
Accession Number: 0001838126-24-000022

Item 1C. Cybersecurity.

Assessment, Identification and Management of Material Risks from Cybersecurity

The Company has processes in place to assess, identify, and manage material risks from cybersecurity threats. We rely on the cybersecurity strategy and policies implemented by the Adviser and HPS, the providers of our technology services. The Adviser manages the Company’s day-to-day operations and has implemented, together with HPS, a firm-wide cybersecurity program that applies to the Company and its operations. References in this Item 1C to (i) any programs or processes of the Adviser shall be deemed to refer to any firm-wide programs and/or processes that have been implemented by HPS, and (ii) any actions of the Adviser shall be deemed to refer to actions of HPS and/or the Adviser, as the context may require.

The Adviser’s cybersecurity program prioritizes detection and analysis of and response to cybersecurity threats, management of security risks and resilience against cyber incidents, including those that may impact the Company. The Adviser’s cybersecurity program is aligned to the Center for Internet Security critical controls framework. The Adviser’s cybersecurity risk management processes applicable to the Company include technical security controls, policy enforcement mechanisms, monitoring systems, and other tools. Third-party providers are leveraged to assist in assessing, identifying and managing risks from cybersecurity threats applicable to the Company. The assessment of cybersecurity risks, including those which may be applicable to the Company, is integrated into the Adviser’s overall risk management program. The Adviser has implemented and continues to implement risk-based controls designed to prevent, detect, and respond to information security threats and the Company relies on such controls.

The Adviser’s cybersecurity program includes physical, administrative, and technical safeguards, as well as plans and procedures designed to help the Company prevent and respond to cybersecurity threats and incidents, including threats or incidents that may impact the Company. The Adviser’s cybersecurity risk management processes seek to monitor cybersecurity vulnerabilities and potential attack vectors, evaluate the potential operational and financial effects of any threat, and mitigate such threats. The Company relies on the Adviser to engage with third-party consultants and key vendors to assist it in assessing, enhancing, implementing, and monitoring its cybersecurity program and risk management processes and responding to incidents.

The Adviser’s ’s cybersecurity risk management and awareness programs, which apply to the Company, include identification and testing of vulnerabilities, phishing simulations and cybersecurity awareness training. The Adviser undertakes internal security reviews of its information systems and related controls, including those applicable to the Company. The Adviser also completes external reviews of the cybersecurity program and practices applicable to the Company, which may include assessments of relevant data protection practices and targeted attack simulations.

The Adviser has developed an incident response plan that provides guidelines for responding to cybersecurity incidents. The incident response plan includes notification to the applicable members of cybersecurity leadership, including the Adviser’s Chief Information Security Officer (“CISO”), and, as appropriate, escalation to other relevant individuals. Incidents may also be reported to the audit committee or full board of directors of the Adviser, as well as to the Audit Committee, if appropriate.

Management of the Company is informed about and monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents impacting the Company, including through the receipt of notifications from service providers and reliance on communications with the Adviser’s CISO, as well as other risk management, legal, information technology, and/or compliance personnel of the Adviser.

The Company depends on and engages various third parties, including suppliers, vendors, and service providers, to operate its business. The Company relies on the expertise of risk management, legal, information technology, and compliance personnel of the Adviser when identifying and overseeing risks from cybersecurity threats associated with our use of such entities.

Material Impact of Cybersecurity Risks

During the reporting period, we have not identified any risks from cybersecurity threats, including as a result of previous cybersecurity incidents, that the Company believes have materially affected, or that are reasonably likely to materially affect the Company, including our business strategy, operational results and financial conditions. However, future incidents could have a material impact on our business strategy, results of operations or financial condition.

Management’s Role in Cybersecurity Risk Oversight

The Adviser’s CISO and dedicated internal cybersecurity team are responsible for the cybersecurity program applicable to the Company (including enterprise-wide cybersecurity strategy, policies, standards, engineering, architecture, and processes). The Company’s Chief Compliance Officer (“CCO”) is responsible for monitoring and reporting to the board about the Adviser’s compliance with its responsibilities for the Adviser’s and the Company’s cybersecurity program. The Adviser’s CISO has 10 years of experience advising on and managing risks from cybersecurity threats as well as developing and implementing cybersecurity policies and procedures. The Adviser’s CISO works closely with Company management to administrator, assess, discuss, and prioritize the Company’s cybersecurity efforts. The Company’s CCO has been responsible for this monitoring and reporting as CCO to the Company for 3 years and has worked in the financial services industry for more than 30 years, during which time the CCO has gained expertise in assessing and managing risks applicable to the Company.

Board Oversight of Cybersecurity Risks

The Audit Committee provides strategic oversight of risk assessment and risk management matters, including risks associated with cybersecurity threats. Certain members of the Company update the Audit Committee as well as our full Board, as appropriate, on cybersecurity matters, primarily through presentations by the Company’s CCO and the Adviser’s CISO. Such reporting includes updates on the cybersecurity program applicable to the Company, the external threat environment, and the Adviser’s programs to address and mitigate the risks associated with the evolving cybersecurity threat environment. These reports also include updates on the Company’s preparedness, prevention, detection, responsiveness, and recovery with respect to cyber incidents.

Company Information

NameHPS Corporate Lending Fund
SIC Description
CategoryNon-accelerated filer
Fiscal Year EndDecember 30