Warburg Pincus Access Fund, L.P. 10-K Cybersecurity GRC - 2026-01-29

Page last updated on February 4, 2026

Warburg Pincus Access Fund, L.P. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2026-01-29 17:26:13 EST.

Filings

10-K filed on 2026-01-29

Warburg Pincus Access Fund, L.P. filed a 10-K at 2026-01-29 17:26:13 EST
Accession Number: 0001193125-26-029707

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity The Fund's day-to-day operations are managed by the General Partner, subject to certain oversight rights held by the Board of Directors. The General Partner will delegate the Fund's portfolio management function to the Manager, Warburg Pincus LLC. The executive officers are senior Warburg Pincus professionals, and our General Partner and Manager are both subsidiaries of Warburg Pincus. As such, we are reliant on Warburg Pincus for assessing, identifying and managing material risks to our business from cybersecurity threats. Below are details Warburg Pincus has provided to us regarding its cybersecurity program that are relevant to the General Partner and the Fund. Warburg Pincus maintains a comprehensive written information security program that contains administrative, technical, and physical safeguards that it believes are reasonably designed to (i) ensure the security and confidentiality of investor information; (ii) protect against any anticipated threats or hazards to the security or integrity of investor information; (iii) protect against unauthorized access to or use of investor information that could result in substantial harm or inconvenience to any investor; and (iv) seek to resolve and mitigate the impact of cybersecurity incidents to the extent they might occur. Warburg Pincus utilizes a variety of protective measures as a part of its cybersecurity program. To minimize the risk of unauthorized disclosure, misuse, alteration, destruction or other compromise of sensitive information, the Chief Information Officer (" CIO ") ensures that Warburg Pincus (i) takes reasonable steps in selecting, implementing, maintaining, upgrading and periodically testing reasonable technical, administrative, and physical information safeguards (including physical protection, network firewalls, relevant security software, information processing, storage, transmission, and disposal services); (ii) employs appropriate password protection and encryption of electronic information where necessary or as required by law; (iii) periodically assesses potential cybersecurity threats and vulnerabilities; and (iv) has established designated systems and applications intended to store and process investor personal information. Warburg Pincus also arranges appropriate privacy training for relevant employees, and new employees are required to acknowledge that they will adhere to Warburg Pincus' confidentiality and security standards and must be familiar with its privacy and information security program before handling such information. Warburg Pincus tests its cybersecurity defenses regularly through automated and manual vulnerability scanning, to identify and remediate critical vulnerabilities. In addition, it conducts annual "white hat" penetration tests to validate its security posture. Warburg Pincus examines its cybersecurity program periodically with third parties, evaluating its effectiveness in part by considering industry standards and established frameworks, such as those established by the National Institute of Standards and Technology and Center for Internet Security, as guidelines. Further, Warburg Pincus conducts attack and penetration testing that simulates real world circumstances. The testing assessed Warburg Pincus' exposures to identify where underlying process enhancements may be needed relative to infrastructure, applications and people. Warburg Pincus' CIO and other senior staff participate in these exercises. Learnings from these tabletop exercises and any cybersecurity events Warburg Pincus experiences are reviewed, discussed, and incorporated into its incident response processes, as appropriate. In addition to Warburg Pincus' internal exercises to test aspects of its cybersecurity program, Warburg Pincus periodically conducts attack and penetration assessments that focus on current state infrastructure components of external, internal and wireless networks, including assessment of firewalls. Warburg Pincus maintains a Cyber and Data Security Incident Response Plan (the " IRP "), designed to respond to information security incidents to protect its investors, employees and portfolio companies, and to comply with regulatory requirements. As appropriate, an incident response team composed of individuals from several internal technical and managerial functions may be formed to investigate and remediate the event and determine the extent of external advisor support required, including from external counsel, forensic investigators, and/or law enforcement. The IRP sets out ongoing escalation, monitoring and remediating actions to be taken during and after the resolution of an incident. Warburg Pincus maintains a formal cybersecurity risk management process, designed to identify and assess cybersecurity and data protection risks at the firm, and integrates these processes into the firm's overall risk management practices described above. Warburg Pincus' CIO periodically discusses and reviews cybersecurity risks and related mitigants with its Information Protection and Cybersecurity Committee (the " Cybersecurity Committee ") and incorporates relevant cybersecurity risk updates and metrics in the periodic enterprise-wide risk management report. Warburg Pincus also has a process designed to assess the cybersecurity risks associated with the engagement of third-party vendors, including those of companies sponsored by Warburg Pincus such as the Fund. The Compliance Officer, the CIO or a designee will review all prospective arrangements with respect to third parties who, through their service to the Firm, will receive, maintain, process, or otherwise be permitted to access sensitive information to confirm that (i) the service provider is capable of maintaining appropriate security measures to protect such sensitive information, consistent with all applicable laws and regulations; and (ii) Warburg Pincus has entered into an agreement with the service provider that requires the service provider to implement and maintain appropriate safeguards to ensure such protection for sensitive information, including provisions to protect the sensitive information from unauthorized access, use, alteration, disclosure, acquisition, destruction or other compromise. For a discussion of how risks from cybersecurity threats affect our business, and our reliance on Warburg Pincus in managing these risks, see " Item 1A. Risk Factors-Risks Related to our Business and Structure " in this Report. Cybersecurity Governance Warburg Pincus has formed the Cybersecurity Committee to assist Warburg Pincus in evaluating, on an ongoing basis, the adequacy of its information technology infrastructure and policies and procedures with respect to (i) securing third party information in Warburg Pincus' possession, as well as its proprietary assets, and (ii) safeguarding its systems and critical infrastructure from cyber intrusions. The Cybersecurity Committee is intended to be comprised of representatives from a cross-section of Warburg Pincus to approach cybersecurity as an organization-wide risk management issue. In fulfilling these responsibilities, the Cybersecurity Committee assesses cybersecurity risks and obligations of Warburg Pincus from a commercial, reputational, legal and regulatory perspective. The Cybersecurity Committee seeks to assess these matters with a view to determining which cybersecurity risks to (i) avoid, (ii) mitigate, (iii) accept or (iv) transfer through insurance products, as appropriate. In addition, the Cybersecurity Committee evaluates the effectiveness of the implementation of Warburg Pincus' policies and procedures and the governance structure that supports them. The Cybersecurity Committee has also developed and maintains the Firm's Incident Response Plan. Warburg Pincus' CIO has extensive experience in cybersecurity and technology. Warburg Pincus' CIO is responsible for all aspects of cyber and physical security across Warburg Pincus. He has over 20 years of global experience helping organizations shape and execute information technology strategies to complement their business strategy, driving information technology investment to business outcomes and building world-class IT organizations, including having previously served as the Chief Information Officer for HR at Accenture. As discussed above, Warburg Pincus conducts periodic cybersecurity risk assessments, including assessments or audits of third-party vendors, and assists with the management and mitigation of identified cybersecurity risks. The CIO is responsible for the review of Warburg Pincus' cybersecurity framework annually as well as on an event-driven basis as necessary. The CIO also reviews the scope of Warburg Pincus' cybersecurity measures periodically, including in the event of a change in business practices that may implicate the security or integrity of Warburg Pincus' information and systems. The Board of Directors and the Audit Committee are responsible for understanding the primary cybersecurity risks to our business. The Audit Committee is responsible for reviewing Warburg Pincus' IT security controls with management and evaluating the adequacy of Warburg Pincus' security program, compliance and controls with management. Warburg Pincus' CIO will report to the Board of Directors and/or the Audit Committee periodically on cybersecurity matters, including risks facing the Fund or Warburg Pincus and, as applicable.

Company Information