First Eagle Private Credit Fund 10-K Cybersecurity GRC - 2024-03-28

Page last updated on April 11, 2024

First Eagle Private Credit Fund reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-28 19:12:57 EDT.

Filings

10-K filed on 2024-03-28

First Eagle Private Credit Fund filed an 10-K at 2024-03-28 19:12:57 EDT
Accession Number: 0000950170-24-038276

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity The Company is externally managed by the Adviser and has no employees or internal information systems. As such, the Company relies on the Adviser s risk management program and process, which include cyber risk assessments, as well as other third-party service providers to protect the Company s information from cybersecurity threats. Cybersecurity Risk Management and Strategy The Adviser has implemented policies and associated controls and procedures to safeguard both firm and client data and assets (the Cybersecurity Program ), and the Cybersecurity Program continues to evolve in an effort to keep pace with industry best practices and ever-changing cyber threat environment. The Cybersecurity Program is designed to protect the confidentiality, integrity, and availability of client and consumer information systems, and the Adviser s proprietary information in compliance with SEC Guidance 2015-02 regarding Cybersecurity, and FINRA s guidance regarding Customer Information Protection, and interagency guidance on safeguarding information. Periodic updates on the Cybersecurity Program are provided to the Adviser s Head of Risk, along with the Adviser s Risk Committee, and the Board. The Cybersecurity Program is based on the National Institute of Standards and Technology ( NIST ) Cybersecurity Framework, as amended. These NIST functions are used as high-level categories to organize and report on the status of the Cybersecurity Program and are tailored to the Adviser s business objectives. There are areas within the NIST framework that the Adviser might not find applicable to its business and not necessary to fulfill the objectives of the Cybersecurity Program. The Adviser utilizes an aggregated approach to cybersecurity and considers the acceptance, avoidance, transfer, and mitigation of risks in attaining long term business objectives and minimizing financial loss. In terms of security incident and event management, the Adviser implements multiple technologies (including, but not limited to, enterprise grade next generation firewalls, well-known anti-malware protection, application 47 whitelisting, and end detection and response software) in different layers of the Adviser s network, including utilizing a third-party vendor that provides monitoring of the Adviser s systems on a 24 hour/day, seven days/week basis. In addition, the Adviser has developed customized firm-wide cybersecurity training sessions for employees with the assistance of an outside vendor. Cybersecurity training is provided to all new employees upon hire and annually for all employees. In addition, the Adviser conducts phishing training on a monthly basis and sends out periodic newsletters on pertinent cybersecurity-related topics and events. In 2022, the Adviser engaged a consultant to conduct an independent cybersecurity risk assessment, and the Adviser has since then implemented all priority recommendations from this engagement. Other non-priority recommendations have been considered for implementation over time. Cybersecurity Governance Management s Role in Cybersecurity Risk Management The Company s chief compliance officer (the CCO ), in partnership with the Adviser s Chief Information Security Officer (the CISO ), oversees the Company s risk management policies and procedures related to cybersecurity risks, subject to the oversight of the Board. Management of the Company is informed about and monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents impacting the Company. Additionally, as part of the Adviser s vendor management program, members of the Adviser s information security teams will conduct periodic due diligence on the cybersecurity/data security programs of the Company s third-party service providers (this review is conducted annually with respect to the Company s custodian, sub-administrator and transfer agent). As part of their oversight of third-party service providers to the Company, the Company s CCO and the Adviser s CISO review key Company service providers compliance and risk management policies and procedures related to cybersecurity matters and evaluate the service providers use of information systems which may give rise to information technology vulnerabilities. Potential cybersecurity risks are identified and implications of such risks, if any, to the Company are assessed and monitored. In addition, the CCO receives regular reports from the third-party service providers regarding any cybersecurity threats and incidents at such service provider. The Adviser’s CISO has over 9 years of experience managing risks from cybersecurity threats and developing and implementing cybersecurity policies and procedures. The responsibility of the CISO is to maintain confidentiality, availability, and integrity of the Adviser s data and that of its clients and shareholders. The CISO also reports to the Adviser s Enterprise Operations Committee on a semiannual basis. The committee is charged with determining the security posture of the Adviser. It is responsible for accepting, deferring, or mitigating the risks presented by the CISO. The CISO is also responsible for maintaining all policies and controls pertaining to cybersecurity and conducting annual risk assessments. The Company’s CCO has over 15 years of experience advising on and managing compliance risks, including those related to cybersecurity, and developing and implementing policies and procedures to address such risks. The CCO reports to the general counsel of the Sub-Adviser and Administrator of the Company and to the Board on all compliance risk related matters, including those related to cybersecurity. Board Oversight The Board provides strategic oversight on cybersecurity matters, including risks associated with cybersecurity threats. The Board receives periodic updates from the CCO and CISO regarding the overall state of the Cybersecurity Program, information on the current threat landscape, and risks from cybersecurity threats and cybersecurity incidents impacting the Company. Additionally, the CCO provides updates to the Board on any reported incidences of the Company s service providers. The CCO informs the Board of material cybersecurity matters as they arise. Assessment of Cybersecurity Risk The Company assesses the potential impact of risks from cybersecurity threats on an ongoing basis, and how such risks could materially affect the Company s investment strategy, operations and financial condition. As of the date of this Annual Report, the Company has not identified any risks from cybersecurity threats, including as a result of previous cybersecurity incidents, that the Company believes have materially affected, or are reasonably likely to materially affect, the Company. However, future incidents could have a material impact on our business strategy, results of investment activities and operations, or financial condition. For additional information about these risks, see Item 1A. Risk Factors .

Company Information