Varagon Capital Corp 10-K Cybersecurity GRC - 2024-03-25

Page last updated on April 11, 2024

Varagon Capital Corp reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-25 14:52:17 EDT.

Filings

10-K filed on 2024-03-25

Varagon Capital Corp filed an 10-K at 2024-03-25 14:52:17 EDT
Accession Number: 0000950170-24-035857

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk Management and Strategy The Company s cybersecurity program is designed to identify, assess, and manage material risks from cybersecurity threats. The Company also relies on the cybersecurity policies and procedures implemented by Varagon and its affiliates. Varagon has processes in place for assessing, identifying, and managing material risks from potential unauthorized occurrences on or through our electronic information systems that could adversely affect the confidentiality, integrity, or availability of our information systems or the information residing on those systems. These include a wide variety of controls, processes, systems, and tools that are designed to prevent, detect, or mitigate data loss, theft, misuse, unauthorized access, or other security incidents or vulnerabilities affecting our data. Pursuant to Varagon s Information Security (Safeguards) Policy (the Information Security Policy ), the Chief Financial Officer of Varagon serves as the Information Security Policy Coordinator and is responsible for the ongoing and regular monitoring of the Information Security Policy to ensure that it is operating in a manner reasonably calculated to prevent unauthorized access to, or unauthorized use of, non-public information. Varagon has engaged and may engage, from time to time, assessors, consultants, auditors, or other third parties to assist with assessing, identifying, and managing cybersecurity risks, subject to the continued oversight of Varagon. The Chief Financial Officer of Varagon is responsible for identifying and assessing reasonably foreseeable internal and external risks to the security, confidentiality, and/or integrity of any electronic, paper, or other records containing non-public information, and evaluating and improving, where necessary, the effectiveness of the current safeguards for limiting such risks, including those pertaining to the Company. Additionally, Varagon uses systems and processes designed to reduce the impact of a security incident at a third-party service provider. As part of its risk management process, Varagon also maintains an incident response plan that is utilized when cybersecurity incidents impacting the Company or the Adviser are detected. Varagon also requires that all employees, including employees of the Adviser, complete periodic information security training, including new hire training, regular compliance training, and periodic informal training pertaining on specific areas of concern. Material Impact of Cybersecurity Risks As of the date of this Annual Report on Form 10-K, the Company is not aware of any material risks from cybersecurity threats that have materially affected or are reasonably likely to materially affect the Company, including its business strategy, results of operations, or financial condition. However, future incidents could have a material impact on its business. Additional information about cybersecurity risks the Company faces is described in Item 1A of Part I, Risk Factors, under the heading Cybersecurity Risks, which should be read in conjunction with the information above. Governance The Company s cybersecurity risks and associated mitigations are evaluated by the Company s management and Varagon periodically, but no less frequently than annually. Management and representatives of Varagon periodically report to the Board on information security and cybersecurity matters. Reports include, among other things, the overall state of the Company s cybersecurity program, information on the current threat landscape, oversight of third-party service providers and related cybersecurity threats, and management s evaluation of material cybersecurity risks to the Company. 58 TABLE OF CONTENTS

Company Information