SARATOGA INVESTMENT CORP. 10-K Cybersecurity GRC - 2024-05-06

Page last updated on May 6, 2024

SARATOGA INVESTMENT CORP. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-05-06 16:01:32 EDT.

Filings

10-K filed on 2024-05-06

SARATOGA INVESTMENT CORP. filed an 10-K at 2024-05-06 16:01:32 EDT
Accession Number: 0001213900-24-040080

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY The Company s cybersecurity program is designed to identify, assess, and manage material risks from cybersecurity threats. The Company relies on Saratoga Investment Advisors to implement the cybersecurity program. The cyber risk management program involves risk assessments relating to the information systems of Saratoga Investment Advisors, incident response training and testing, implementation of security measures, identification of sensitive information assets ( Critical Information ) and ongoing monitoring of systems and networks and assessment of the associated risks on an annual basis, including networks on which the Company relies on. The Chief Compliance Officer, along with the Company s external information technology consultant (the IT Consultant ), actively monitors the current threat landscape in an effort to identify material risks arising from new and evolving cybersecurity threats. The Company and Saratoga Investment Advisors have engaged external experts, including consultants, such as the IT Consultant, to evaluate cybersecurity measures and risk management processes, and depends on and engages various third parties, including suppliers, vendors, and service providers. The compliance team of the Company and Saratoga Investment Advisors will conduct ongoing due diligence of its significant service providers to determine whether the cybersecurity programs of service providers include, among other things, procedures and safeguards designed to ensure the protection of Critical Information and the information of the Company s stockholders and portfolio companies, as well as adequate responses in the case of a cybersecurity incident. Board Oversight of Cybersecurity Risks The Board has the primary responsibility for overseeing and reviewing the guidelines and policies with respect to the Company s risk management, including risks associated with cybersecurity threats. The Chief Compliance Officer will periodically report to the Board on cybersecurity matters, such as the overall state of the Company s cybersecurity program, information on the current threat landscape, and risks from cybersecurity threats and material cybersecurity incidents. Management’s Role in Cybersecurity Risk Management The Company s management is responsible for assessing and managing material risks from cybersecurity threats, in consultations with cybersecurity consultants. The compliance team of the Company will maintain effective disclosure controls and procedures to ensure timely identification, consideration, and disclosure of material cybersecurity incidents, including through timely reporting to management and the Board. The Chief Compliance Officer, in consultation with the IT Consultant, will periodically determine whether the Company requires additional information technology or cybersecurity support. Assessment of Cybersecurity Risk The potential impact of risks from cybersecurity threats are assessed on an ongoing basis, and how such risks could materially affect the Company s business strategy, operational results, and financial condition are regularly evaluated. During the reporting period, the Company has not identified any risks from cybersecurity threats, including as a result of previous cybersecurity incidents, that the Company believes has materially affected, or are reasonably likely to materially affect, the Company, including the Company s business strategy, operational results, and financial condition.

Company Information