GUGGENHEIM CREDIT INCOME FUND 2019 10-K Cybersecurity GRC - 2024-03-22

Page last updated on July 16, 2024

GUGGENHEIM CREDIT INCOME FUND 2019 reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-22 17:27:58 EDT.


10-K filed on 2024-03-22

GUGGENHEIM CREDIT INCOME FUND 2019 filed a 10-K at 2024-03-22 17:27:58 EDT
Accession Number: 0001398344-24-006304

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. The Advisor and its Information Security Team, on behalf of the Fund, have established a comprehensive risk management program, which includes processes to identify, assess, and manage cybersecurity risks, including material risks from cybersecurity threats, and to put in place appropriate controls to mitigate these risks and reduce the potential impact to the Fund and its shareholders. The Fund does not currently have any employees and relies upon the Advisor and its Information Security team for the Fund’s day-to-day operations and to establish strategies, policies, and standards for the security of, and operations in, cyberspace. The Fund depends on and engages various third parties, including suppliers, vendors, and service providers, to operate its business. Through its vendor management program, and on behalf of the Fund, the Advisor oversees and identifies risks from cybersecurity threats associated with the use of third-party service providers. This vendor oversight program includes periodic reviews of the cybersecurity controls of third-party service providers, the frequency of such reviews is generally based on the nature of the the Advisor’s information processed by the vendor and the vendor’s criticality to business operations. On behalf of the Fund, the Advisor engages third-party consultants to assess, identify, and/or manage material risks from cybersecurity threats. For example, the Advisor engages third-party consultants to perform audits of its cybersecurity measures and risk management processes, including those applicable to the Fund. The Advisor has also hired qualified independent assessors to review applicable security controls in accordance with the AICPA’s System and Organization Controls assurance programs. Additionally, the Advisor utilizes third-party consultants with specific areas of cybersecurity expertise to review and report on various aspects of its cybersecurity program, including those applicable to the Fund. The results of these consulting engagements are shared with the Fund’s Board of Trustees as part of periodic reports. The Advisor’s Information Security team has a threat intelligence program which monitors for emerging cyber threats. Taking information gathered from public and private sources, including industry groups such as the U.S. Cybersecurity and Infrastructure Security Agency and the Financial Services Information Sharing and Analysis Center, the organization analyzes such information and incorporates tactics, techniques, and procedures into the program’s security monitoring and detection tools and processes. 30 The potential impact of risks from cybersecurity threats on the Fund are assessed on an ongoing basis, and how such risks could materially affect the Fund’s business strategy, operational results, and financial condition are regularly evaluated. During the reporting period, the Fund did not identify any risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, that have materially affected or are reasonably likely to materially affect the Fund, including its day-to-day operations, financial condition, and business strategies. The Advisor’s Enterprise Information Security Team participates in regular testing of applicable incident response processes to ensure appropriate escalation, mitigation, communication and reporting processes are in place. These processes are led by the crisis management team as outlined within the crisis management plan. The Board provides strategic oversight regarding cybersecurity risks and threats. The Board receives and reviews periodic reports from senior executives in the Advisor’s Information Security Team and the Fund’s management, including the Advisor’s Chief Information Security Officer (“CISO”) and members of the CISO’s staff. These reports contain information about risks from cybersecurity threats, including the results of recent independent reviews of the cybersecurity program, summaries of recent cybersecurity threat intelligence assessments, progress on key initiatives and strategies, and updates on recent regulatory activities, including new regulations and examinations. The Fund’s management, including the CCO of the Fund, is responsible for assessing and managing material risks from cybersecurity threats. In connection with the Fund’s reliance on the Advisor and the Firms information security team, the CCO relies on the cybersecurity expertise of the Advisor’s CISO and members of the CISO’s staff to assist in assessing and managing the Fund’s material risks from cybersecurity threats. The CISO has over 8 years of experience as a technology and information security leader. The CISO has served as the Advisor’s CISO since 2023. Prior to this role, the CISO was the Deputy CISO for 3 years. The CCO has been responsible for this oversight function as CCO to the Fund for 6 years, and has worked in the financial services industry for over 30 years, during which the CCO has gained expertise in assessing and managing risks applicable to the company. Management of the Fund is informed about and monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents impacting the Fund, including through the receipt of notifications from service providers and reliance on communications with risk management, legal, information technology, and/or compliance personnel of the Advisor. The Board is also made aware of material cybersecurity incidents which impacted the Fund.

Company Information

SIC Description
CategoryNon-accelerated filer
Fiscal Year EndDecember 30