GRANT PARK FUTURES FUND LIMITED PARTNERSHIP 10-K Cybersecurity GRC - 2024-04-01

Page last updated on April 11, 2024

GRANT PARK FUTURES FUND LIMITED PARTNERSHIP reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-04-01 10:46:39 EDT.

Filings

10-K filed on 2024-04-01

GRANT PARK FUTURES FUND LIMITED PARTNERSHIP filed an 10-K at 2024-04-01 10:46:39 EDT
Accession Number: 0001558370-24-004466

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Governance The general partner s role in assessing and managing material risks from cybersecurity threats A cybersecurity threat as defined by the SEC means any potential unauthorized occurrence on or conducted through a registrant s information systems that may result in adverse effects on the confidentiality, integrity or availability of a registrant s information systems or any information residing therein. The general partner s management team is responsible for implementing supervisory policies related to the general partner s cybersecurity risks and practices. These policies have been designed to diligently supervise the risks of unauthorized access to, or attack of, the general partner s information technology systems, and to respond appropriately should unauthorized access or an attack occur. Cybersecurity risk assessment is ingrained in the intelligent design, planning and implementation of the general partner s infrastructure and operating procedures. The general partner s cybersecurity practices utilize compliant software and technologies which allow for strict management and review of systems, software and user activity and access. The general partner s management team periodically reviews, assesses and prioritizes the risks associated with the use of its information technology systems and establishes the operating processes required to complete the named activity and the technical implementation that is required to enable the safe and successful execution of the business processes. The Risk Manager provides updates and summary reports concerning any cyber-related incidents or changes to the policies and practices concerning the prevention, detection, mitigation and remediation of cybersecurity incidents on a monthly basis to the general partner s senior management and its Investment Committee. The general partner s cybersecurity program operates continuously and is reviewed monthly, or more frequently, if needed. Employee training on the program is conducted quarterly. The program is updated as required and is formally reviewed annually. Employees attest to their understanding of the program annually. Risk management and strategy Oversight of Third-Party Risk The general partner has a program in place that assesses, identifies, monitors and mitigates risks from cybersecurity threats. The general partner maintains regularly tested business continuity and disaster recovery plans. At least annually, the general partner completes an external audit of its Information Systems Security Program (ISSP) manuals and procedures to evaluate the company s cybersecurity risks. The general partner conducts periodic external network vulnerability tests to identify and remediate weaknesses in its network design. The general partner has a 20 year partnership with an external Managed Services Provider (MSP), enlisting network engineers and security partners for regular review of system infrastructure, management and monitoring of all critical information systems and long-range planning to evaluate and implement latest technologies and practices. The general partner s senior management meets internally and with its MSP s experts to review and evaluate cybersecurity trends, relevant global incidents and strategic implementation of tools and technologies to seek to mitigate physical, system and operational cybersecurity risks. The general partner employs industry standard best practices, including regular cybersecurity awareness training with its employees, operating current network security protocols and cybersecurity defense software, and providing only as-needed access to systems and operating workflows. 28 Table of Contents Material Cybersecurity Incidents A cybersecurity incident as defined by the SEC means an unauthorized occurrence, or a series of related unauthorized occurrences, on or conducted through a registrant s information systems that jeopardizes the confidentiality, integrity or availability of a registrant s information systems or any information residing therein. As described above, the general partner has processes in place to seek to promptly identify cybersecurity incidents, assess materiality of an incident, escalate any incidents to senior management and if necessary, to report the incident within the time frame required by the rules and regulations of the SEC. The general partner has not experienced any cybersecurity incidents as defined above.

Company Information