GRAHAM ALTERNATIVE INVESTMENT FUND II LLC 10-K Cybersecurity GRC - 2024-03-28

Page last updated on April 11, 2024

GRAHAM ALTERNATIVE INVESTMENT FUND II LLC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-28 15:15:44 EDT.

Filings

10-K filed on 2024-03-28

GRAHAM ALTERNATIVE INVESTMENT FUND II LLC filed an 10-K at 2024-03-28 15:15:44 EDT
Accession Number: 0001140361-24-016056

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C: Cybersecurity The Fund depends on the Manager to develop, implement and operate the appropriate systems and procedures to monitor and manage operational risks, including cybersecurity risks. The Manager maintains policies and procedures to manage cybersecurity risks as part of its overall risk management program. Its cybersecurity risk management program is operationally led by its Chief Technology Officer (CTO) and its Chief Information Security Officer (CISO), in consultation with other members of the Manager s senior management. The Manager maintains a written information security governance policy setting forth the Manager s information security policy objectives and guidelines on managing technology/cyber-related vulnerabilities, controlling physical security and network access rights, restricting data transfers, managing third-party vendors, managing technology incidents, training employees and retaining related books and records. The Manager maintains separate incident response procedures designed to assist senior management and technology personnel in responding to various technology/cyber incidents. The Manager publishes for employees various policies addressing user access rights, acceptable use of the firm s technology, roles and responsibilities in respect of incident response and disciplinary guidelines. The aforementioned policies are reviewed and approved by senior management on an annual basis. The CTO and CISO also lead the Manager s Cybersecurity Awareness Committee, which is focused on managing and responding to cybersecurity risks. The CISO and CTO meet quarterly with members of the Cybersecurity Awareness Committee to provide updates on projects, threats, governance and the overall cybersecurity landscape. Members of this committee represent senior management of the Manager, including the Manager s Chief Executive Officer, Chief Financial Officer, Managing Director of Quantitative Strategies, Chief Compliance Officer, and Chief Risk Officer. The Manager s cybersecurity risk management program is informed by frameworks established by the National Institute of Standards and Technology (NIST), its regulators, and other recognized standard-setting bodies. The Manager engages third party expert consultants to assist in the design, development, and operation of its cybersecurity risk management program, and to perform assessments with a view to identifying any vulnerabilities. The Fund s and the Manager s operations are dependent upon systems operated by third parties, including the Fund s administrator, prime brokers, market counterparties, electronic exchanges, other execution platforms, data providers and their various service providers. Accordingly, the Manager s risk management program endeavors to monitor such third parties for potential cybersecurity risks by utilizing a vendor management framework that includes a cybersecurity Due Diligence Questionnaire. Although the Manager has no control over the risk management policies of third parties, where and to the extent possible it seeks to obtain representations by such third parties related to their cybersecurity risk management policies and procedures. No identified risks from known cybersecurity threats, including as a result of any prior known cybersecurity incidents, have materially affected or are reasonably likely to materially affect the operations, business strategy, results of operations, or financial condition of the Fund or the Manager.

Company Information