Fidelity Private Credit Fund 10-K Cybersecurity GRC - 2024-03-22

Page last updated on April 11, 2024

Fidelity Private Credit Fund reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-22 16:11:06 EDT.

Filings

10-K filed on 2024-03-22

Fidelity Private Credit Fund filed an 10-K at 2024-03-22 16:11:06 EDT
Accession Number: 0000950170-24-035353

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. Fidelity and its Enterprise Cybersecurity organization, on behalf of the Fund, have established a comprehensive risk management program, which includes processes to identify, assess, and manage cybersecurity risks, including material risks from cybersecurity threats, and to put in place appropriate controls to mitigate these risks and reduce the potential impact to the Fund and its shareholders. The Fund does not currently have any employees and relies upon Fidelity and its Enterprise Cybersecurity organization for the Fund s day-to-day operations and to establish strategies, policies, and standards for the security of, and operations in, cyberspace. The Fund depends on and engages various third parties, including suppliers, vendors, and service providers, to operate its business. Through its vendor management program, and on behalf of the Fund, Fidelity oversees and identifies risks from cybersecurity threats associated with the use of third-party service providers. This vendor oversight program includes periodic reviews of the cybersecurity controls of third-party service providers, The frequency of such reviews is generally based on the nature of the Fund s information processed by the vendor and the vendor s criticality to business operations. On behalf of the Fund, Fidelity engages third-party consultants to assess, identify, and/or manage material risks from cybersecurity threats. For example, Fidelity engages third-party consultants to perform audits of its cybersecurity measures and risk management processes, including those applicable to the Fund. Fidelity has also hired qualified independent assessors to review applicable security controls in accordance with the AICPA s System and Organization Controls assurance programs. Additionally, Fidelity utilizes third-party consultants with specific areas of cybersecurity expertise to review and report on various aspects of its cybersecurity program, including those applicable to the Fund. The results of these consulting engagements are shared with the Fund s Board of Trustees as part of periodic reports. Fidelity s Enterprise Cybersecurity organization has a threat intelligence program which monitors for emerging cyber threats. Taking information gathered from public and private sources, including industry groups such as the U.S. Cybersecurity and Infrastructure Security Agency and the Financial Services Information Sharing and Analysis Center, the organization analyzes such information and incorporates tactics, techniques, and procedures into the program s security monitoring and detection tools and processes. The potential impact of risks from cybersecurity threats on the Fund are assessed on an ongoing basis, and how such risks could materially affect the Fund s business strategy, operational results, and financial condition are regularly evaluated. During the reporting period, the Fund did not identify any risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, that have materially affected or are reasonably likely to materially affect the Fund, including its day-to-day operations, financial condition, and business strategies. In conjunction with Fidelity s Enterprise Cybersecurity, the Fund participates in regular testing of applicable incident response processes to ensure appropriate escalation, mitigation, communication and reporting processes are in place. 73 The Board provides strategic oversight regarding cybersecurity risks and threats. The Board receives and reviews periodic reports from senior executives in Fidelity s enterprise cybersecurity organization and the Fund s management, including Fidelity s Chief Information Security Officer ( CISO ), members of the CISO s staff and the Fund s CCO. These reports contain information about risks from cybersecurity threats, including the results of recent independent reviews of the cybersecurity program, summaries of recent cybersecurity threat intelligence assessments, progress on key initiatives and strategies, and updates on recent regulatory activities, including new regulations and examinations. The Fund s management, including the CCO of the Fund, is responsible for assessing and managing material risks from cybersecurity threats. In connection with the Fund s reliance on Fidelity and its Enterprise Cybersecurity organization, the CCO relies on the cybersecurity expertise of Fidelity s CISO and members of the CISO s staff to assist in assessing and managing the Fund s material risks from cybersecurity threats. The CISO has over twenty years of experience in technology and information security and has served as Fidelity s CISO since May 2021. The CCO has been responsible for this oversight function as CCO to the Fund since the Fund s inception and has worked in the financial services industry for sixteen years, during which the CCO has gained expertise in assessing and managing risks applicable to the company. Management of the Fund is informed about and monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents impacting the Fund, including through the receipt of notifications from service providers and reliance on communications with risk management, legal, information technology, and/or compliance personnel of Fidelity. The Board is also made aware of material cybersecurity incidents which impacted the Fund.

Company Information