MAN AHL DIVERSIFIED I LP 10-K Cybersecurity GRC - 2024-03-22

Page last updated on April 11, 2024

MAN AHL DIVERSIFIED I LP reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-22 17:23:07 EDT.

Filings

10-K filed on 2024-03-22

MAN AHL DIVERSIFIED I LP filed an 10-K at 2024-03-22 17:23:07 EDT
Accession Number: 0000950170-24-035494

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. Risk Management and Strategy. The General Partner has written plans, procedures and policies that govern the Partnership s general information security program. The General Partner has a Risk and Control Self-Assessment ( RCSA ) framework to help identify, measure, monitor and report important operational risks faced by the General Partner. Man Group has a Cyber Incident Response Plan ( CIRP ) which dictates how the Partnership reviews and responds to security alerts, events and incidents. Pursuant to the written incident response plan, in the event of a cybersecurity incident, the security team first identifies the incident, triages, and responds. The General Partner s compliance team is also notified of the cybersecurity incident and, in conjunction with the legal team, assists in incident remediation and determining the materiality. As applicable, RCSAs are filed with the General Partner s operational risk team in order to keep the General Partner informed on cyber risks. Ultimately, an aggregate response to a cyber incident is reported to Man Group s risk committees, creating awareness and consideration of the top risks and overall levels of risk exposure. The operational risk team also has service provider monitoring in place in order to oversee and identify cybersecurity threats associated with the Partnership s use of third-party service providers. Prior to onboarding, the Partnership conducts due diligence for key new third-party services providers. This involves a diligence questionnaire sent by a cybersecurity training company that is then reviewed by the Partnership. The training company also assess the Partnership s security status during onboarding for services providers and, for critical suppliers, at regular intervals throughout the life of the supplier s contract. The Audit and Risk Committee ( ARCom ) of the board of directors of the General Partner s parent entity, (the Board ) is responsible for risk governance and management frameworks, determining risk strategy and ensuring that risk is monitored and controlled effectively. The risk management framework requires that the Partnership operates within acceptable risk tolerances, while risk governance provides a foundation for potential oversight in an evolving cyber environment. The ARCom meets quarterly to discuss cybersecurity risks and events and reports its findings to the Board. The chief information security officer presents to the ARCom quarterly, including providing incident reports for potentially material security incidents, and all Board members have the opportunity to ask questions. The full Board also discusses cybersecurity risks and events quarterly. The General Partner uses both internal and external auditors for cybersecurity services. The General Partner maintains an Information Security Steering Committee chaired by Man Group s chief information security officer ( CISO ) and which contains, among other members, Man Group s chief technology officer ( CTO ). The CISO is a Certified Information Systems Security Professional ( CISSP ) and has over a decade of experience in the fields of technology and security. The General Partner utilizes a Security Operations Center ( SOC ) model and annual reports to prevent, detect, and respond to cybersecurity incidents. The General Partner has regular cybersecurity audits conducted by KPMG. Further, the General Partner contracts third parties to perform quarterly phishing testing, annual penetration tests, and a bi-annual red team exercise. These exercises consist of virtual simulations of cybersecurity incidents in order to test the effectiveness of the General Partner s cybersecurity protection program. The exercises also help prepare the General Partner and Partnership to sufficiently respond in the instance of cybersecurity incidents. The General Partner also has a dedicated 8 compliance function that focuses on the General Partner s international operations in order to comply with international cybersecurity laws. The General Partner uses these processes as well as the RCSA and CIRP to stay informed about and monitor the prevention, detection, mitigation, and remediation of cybersecurity incidents. Employees are required to complete annual cybersecurity training. The training is updated periodically in order to stay up to date with current laws and was last updated in the fourth quarter of 2023. The General Partner models risks, including security risks, and allocates risk capital accordingly, and does not carry cyber insurance. In the past, the Partnership has experienced actual and attempted cybersecurity events and incidents. While prior incidents have not materially affected the General Partner s or the Partnership s business strategy, results of operations or financial condition, and although the General Partner s processes are designed to help prevent, detect, respond to, and mitigate the impact of such incidents, there is no guarantee that a future cyber incident would not materially affect the General Partner s or the Partnership s business strategy, results of operations or financial condition. To date, the General Partner has not identified any risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, that have materially affected the General Partner, the Partnership, the General Partner s business strategy, the Partnership s results of operation or the Partnership s financial conditions. Breaches in Information Technology Security. The General Partner and the Trading Advisor maintain information technology systems, consisting of infrastructure, applications and communications networks to support the Partnership as well as its own business activities. These systems could be subject to security breaches such as cyber-crime resulting in theft, a disruption in the Trading Advisor s ability to close out positions and the disclosure or corruption of sensitive and confidential information. Security breaches may also result in misappropriation of assets and could create significant financial and/or legal exposure for the Partnership. The General Partner and the Trading Advisor seek to mitigate attacks on their own systems but will not be able to control directly the risks to third-party systems to which it may connect. Any breach in security of the General Partner s or the Trading Advisor s systems could have a material adverse effect on the General Partner or the Trading Advisor and may cause the Partnership to suffer, among other things, financial loss, the disruption of its business, liability to third parties, regulatory intervention or reputational damage.

Company Information