EQUUS TOTAL RETURN, INC. 10-K Cybersecurity GRC - 2024-04-01

Page last updated on April 11, 2024

EQUUS TOTAL RETURN, INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-04-01 17:31:25 EDT.

Filings

10-K filed on 2024-04-01

EQUUS TOTAL RETURN, INC. filed an 10-K at 2024-04-01 17:31:25 EDT
Accession Number: 0001712543-24-000005

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Our operations and other aspects of our business rely heavily on various information technology systems which are largely managed by third parties. We face significant cybersecurity threats, which are continuously increasing in sophistication, including computer viruses, internal and external security breaches, and other cyber-attacks. These threats could disrupt our operations, lead to the loss of confidential information, and hinder our ability to accurately report our financial results in a timely manner. We have adopted a Cybersecurity Policy to create effective administrative, technical, electronic, and physical protections to safeguard the personal information of Company personnel, confidential information concerning our portfolio investments and the integrity of the Company s information systems. We have created an Information Security Team, consisting of our Chief Financial Officer and our Chief Compliance Officer, to implement and administer our Cybersecurity Policy. Among the duties and responsibility of our Information Security Team are the following: Ensuring that all Equus personnel are aware of the Cybersecurity Policy and agree to adhere to its requirements Establishing that information concerning the Fund is stored on encrypted cloud-based servers accessible only by authorized Equus personnel Providing that all of the Company s information systems are backed up daily, with offline copies available in the event that a major security issue arises Testing and evaluating cybersecurity safeguards via the use of third-party information technology service providers Reviewing the security measures in the Company s Cybersecurity Policy annually or when there is a change in applicable laws or regulations or in business activities of Equus and Conducting training as necessary for all Equus personnel and Reporting cybersecurity matters to our Board of Directors who provide oversight of our Information Security Team. We utilize third-party services and tools for identifying, protecting against, and detecting cyber incidents, and also partner with external vendors to augment our internal security capabilities. Additionally, we engage third-parties to conduct independent assessments of our cybersecurity infrastructure to evaluate the efficiency and effectiveness of our detection capabilities, along with our response mechanisms, and overall risk management. Our approach to managing cybersecurity risks is part of a continuous improvement process, both in the context of cybersecurity and broader operational risk management. This ongoing process, which includes personnel training, is aimed at routinely reviewing and, as necessary, improving, our oversight processes and tools to ensure they remain effective and resilient in their management of cybersecurity risk. Material Impact of Cybersecurity Threats While we have yet to experience a material cybersecurity event, we acknowledge the persistent and evolving nature of these threats, which have the potential to materially impact our business strategy, operations, and financial results adversely. We maintain robust policies and procedures focused on cybersecurity incident management, ensuring timely communication and escalation to all relevant stakeholders. This enables faster response and effective communication, including public disclosure if a material cybersecurity event were to occur. Board of Directors Oversight Our Board of Directors oversees risks related to cybersecurity, including the security of our corporate, financial, and portfolio investment information and the steps management is taking to monitor and control these risks. Our Chief Compliance Officer conducts regular meetings with our independent directors to discuss various compliance matters, including any cybersecurity issues, and also delivers a comprehensive Annual Compliance Report to the Board, which report also addresses cybersecurity matters. 24 Table of Contents

Company Information