Apollo Asset Backed Credit Co LLC 10-K Cybersecurity GRC - 2024-03-28

Page last updated on April 11, 2024

Apollo Asset Backed Credit Co LLC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-28 15:23:53 EDT.

Filings

10-K filed on 2024-03-28

Apollo Asset Backed Credit Co LLC filed an 10-K at 2024-03-28 15:23:53 EDT
Accession Number: 0001193125-24-080477

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Cybersecurity Risk Management and Strategy As an externally managed company, our risk management function, including cybersecurity, is governed by the cybersecurity policies and procedures of the Operating Manager, an indirect subsidiary of Apollo. Apollo determines and implements appropriate risk management processes and strategies as it relates to cybersecurity for us and other affiliated entities managed by Apollo, and we rely on Apollo for assessing, identifying and managing material risks to our business from cybersecurity threats. The Apollo Global Management, Inc. ( AGM ) Board of Directors is involved in overseeing Apollo s risk management program, including with respect to cybersecurity, which is a critical component of Apollo s overall approach to enterprise risk management ( ERM ). Apollo s cybersecurity policies and practices are fully integrated into its ERM framework through its reporting, risk management and oversight channels and are based, in part, on recognized frameworks established by the National Institute of Standards and Technology, the International Organization for Standardization and other applicable industry standards. As one of the critical elements of Apollo s overall ERM approach, Apollo s cybersecurity program is focused on the following key areas: Governance. As discussed further under the heading Cybersecurity Governance, the AGM Board of Directors has an oversight role, as a whole and also at the committee level, in overseeing management of Apollo s risks, including its cybersecurity risks. AGM s Chief Information Security Officer ( CISO ) and the CISO of Athene, a subsidiary of AGM, with support from the broader Apollo Technology team, are responsible for information security strategy, policies and practices, and also receive support, as appropriate, from our executive officers and other representatives of the Operating Manager and its affiliates. Collaborative Approach. Apollo utilizes a cross-functional approach involving stakeholders across multiple departments, including Apollo Compliance, Legal, Technology, Operations, Risk and others, aimed at identifying, preventing and mitigating cybersecurity threats and incidents, while also implementing controls and procedures that provide for the prompt escalation of potentially material cybersecurity incidents so that decisions regarding the public disclosure and reporting of such incidents can be made by Apollo management, in consultation with our management and our Board, as applicable, in a timely manner. Technical Safeguards. Apollo deploys technical safeguards that are designed to protect its information systems from cybersecurity threats, including firewalls, intrusion prevention and detection systems, anti-malware functionality and access controls, which are evaluated and improved on an ongoing basis using vulnerability assessments and cybersecurity threat intelligence. Incident Response and Recovery Planning. Apollo has established and maintains incident response and recovery plans that address its response to a cybersecurity incident, and such plans are tested and evaluated on a regular basis. Third-Party Risk Management. Apollo maintains a risk-based approach to identifying and overseeing cybersecurity risks presented by third parties, including vendors, service providers and other external users of its systems, as well as the systems of third parties that could adversely impact its business and the business of its externally managed entities such as our Company, in the event of a cybersecurity incident affecting those third-party systems. 103 Table of Contents Education and Awareness. Apollo provides regular, mandatory training for personnel regarding cybersecurity threats to equip its personnel with effective tools to help mitigate cybersecurity threats, and to communicate its evolving information security policies, standards, processes and practices. Apollo engages in the periodic assessment and testing of its policies and practices that are designed to address cybersecurity threats and incidents. These efforts include a wide range of activities, including audits, assessments, tabletop exercises, threat modeling, vulnerability testing and other exercises focused on evaluating the effectiveness of its cybersecurity measures. Apollo regularly engages third parties, including auditors and consultants, to perform assessments on its cybersecurity measures, including information security maturity assessments, audits and independent reviews of its information security control environment and operating effectiveness. The results of such assessments, audits and reviews are reported to Apollo s risk management function, and Apollo adjusts its cybersecurity policies and practices as necessary based on the information provided by these assessments, audits and reviews. Cybersecurity threat risks have not materially affected our Company, including our business strategy, results of operations or financial condition. Cybersecurity Governance The AGM Board of Directors oversight of Apollo s cybersecurity risk management is supported by the audit committee of the AGM Board of Directors (the AGM audit committee ), the AAM Global Risk Committee ( AGRC ), the Operational Risk Forum (the ORF ), the Cybersecurity Working Group and management. The AGM Board of Directors, the AGM audit committee, the AGRC, the ORF and the Cyber Security Working Group receive regular updates on Apollo s information technology, cybersecurity risk profile and strategy, and risk mitigation plans from Apollo s risk management professionals, AGM s Chief Security Officer ( CSO ), its CISO, and other members of Apollo s management and relevant management committees and working groups. The Cyber Security Working Group is chaired by the CISO and has representation from Apollo s Technology, Legal, Compliance, and ERM teams. The group meets at least once a quarter to discuss cybersecurity and risk mitigation activities, among other topics. The CISO regularly reports to the ORF regarding cyber risk, and the ORF in turn reports to the AGRC on a quarterly basis, noting any cyber updates when necessary or appropriate. In turn, AGM s board of directors and/or the AGM audit committee receive quarterly risk updates from risk management professionals, as well as at least annual updates on cyber risk specifically. The full AGM Board of Directors or the AGM audit committee receives presentations and reports on cybersecurity risks from AGM s CSO or CISO, as well as from Athene s CISO, at least annually. AGM s CSO holds an undergraduate degree in Management Information Systems and Business Administration, which he received magna cum laude. He has over 25 years of cyber-related experience, having served in various roles in technology and cybersecurity, including as Head of IT Risk Management, Executive Director of IT & Risk Compliance, and Global IT Risk Evaluation Lead at large financial institutions and consulting firms. He was also previously AGM s CISO for nearly eight years. AGM s CISO holds a master s degree in Business Information Systems and has served in various roles in information technology and information security for over 25 years across a number of large financial institutions, including as Director, Cybersecurity and Risk. The AGM CISO, in coordination with the Apollo Technology and ERM teams, works collaboratively across Apollo to implement a program designed to protect its information systems from cybersecurity threats and to promptly respond to any cybersecurity incidents in accordance with its incident response and recovery plans. To facilitate the success of Apollo s cybersecurity risk management program, multidisciplinary teams throughout Apollo are deployed to address cybersecurity threats and to respond to cybersecurity incidents. Through ongoing communications with these teams, the CISO monitors the prevention, detection, mitigation and remediation of cybersecurity threats and incidents in real time and reports such threats and incidents to the AGM audit committee or AGM Board of Directors, as appropriate. As part of the risk management oversight (including oversight of cyber risks) of the Company s Board, the Board will regularly interact with, and receive reports from, management of the Company, the Operating Manager, Apollo, and other service providers. The Company s Board is expected to receive presentations and reports on cybersecurity risks from AGM s CSO or CISO, at least annually, addressing a wide range of topics including recent developments, vulnerability assessments, third-party and independent reviews, the threat environment, technological trends and information security considerations arising with respect to Apollo s peers and third parties. Additionally, Apollo and other service providers are expected to periodically report to management as it relates to the Company s cybersecurity practices. Apollo s cybersecurity incident response plan provides for proper escalation of identified cybersecurity threats and incidents, including, as appropriate, to the Company s management. These discussions provide a mechanism for the identification of cybersecurity threats and incidents, assessment of cybersecurity risk profile or certain newly identified risks relevant to the Company, the Operating Manager, and evaluation of the adequacy of the Company s cybersecurity program (as coordinated through the Operating Manager and Apollo), including risk mitigation, compliance and controls.

Company Information