Crescent Private Credit Income Corp 10-K Cybersecurity GRC - 2024-02-26

Page last updated on October 1, 2024

Crescent Private Credit Income Corp reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-26 16:05:56 EST.

Filings

10-K filed on 2024-02-26

Crescent Private Credit Income Corp filed a 10-K at 2024-02-26 16:05:56 EST
Accession Number: 0000950170-24-020134

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. CYBERSECURITY Risk Management, Strategy and Governance The Company is externally managed by the Adviser and has no employees or internal information systems. Thus, the Company relies on the Adviser and the Administrator, their parent company, Crescent, as well as the custodian and other service providers to protect the Company’s information from cybersecurity threats. The Company’s chief compliance officer (the “CCO”), together with Crescent’s Head of Information Technology, oversee the Company’s risk management policies and procedures related to cybersecurity risks, subject to the oversight of the Board. Crescent uses various security tools and procedures that help the Company identify, escalate, investigate, resolve and recover from cybersecurity incidents in a timely manner. The CCO and Crescent also review key Company service providers’ compliance and risk management policies and procedures related to cybersecurity matters, evaluate such service providers’ use of information systems which have the potential to subject the Company to information technology vulnerabilities and receives reports from the Company’s service providers regarding any cybersecurity threats and incidents. As part of the oversight of the Company’s key service providers, Crescent engages a third-party consultant to conduct a cybersecurity assessment and preparedness analysis on such service providers on an annual basis. The CCO and the Head of Information Technology provide regular reports to the Board regarding significant risks to the Company, including, among others, those relating to cybersecurity. In addition, the CCO informs the Board regarding material cybersecurity matters as they arise. The Company has also adopted policies and procedures designed to ensure the timely disclosure of any material cybersecurity incidents. Crescent follows National Institute of Standards and Technology standards for cybersecurity risk management and has put policies, controls and multiple layers of security in place to safeguard its systems and data, including those of the Company. In particular, Crescent deploys specialized security technology and operational controls including, but not limited to firewalls, anti-virus systems, multi-factor authentication, restricted access, and electronic surveillance/monitoring. Crescent conducts regular testing to assess information technology vulnerabilities and employee cybersecurity awareness, utilizes third-party technology solutions for real-time vulnerability management, and engages third-party consultants to conduct cybersecurity assessments and preparedness analyses periodically. Crescent also requires all employees, including those of the Adviser and the Administrator, to complete comprehensive cybersecurity training at least annually. Crescent’s Head of Information Technology has over 30 years of business experience managing risks from cybersecurity threats and developing and implementing cybersecurity policies and procedures. Our CCO has over 15 years of experience advising on and managing compliance risks, including those related to cybersecurity, and developing and implementing policies and procedures to address such risks. Team members who support our information security and compliance programs also have relevant educational and industry experience. Since our commencement of operations, we have not experienced a material information security breach incident and we are not aware of any cybersecurity risks that are reasonably likely to materially affect our business. However, future incidents could have a material impact on our business strategy, results of operations, or financial condition. See “Item 1A. Risk Factors- Cybersecurity risks and cyber incidents may adversely affect our business by causing a disruption to our operations, a compromise or corruption of its confidential information and/or damage to its business relationships.” See “Item 1A. Risk Factors- Cybersecurity risks and cyber incidents may adversely affect our business by causing a disruption to our operations, a compromise or corruption of its confidential information and/or damage to its business relationships”


Company Information

NameCrescent Private Credit Income Corp
CIK0001954360
SIC Description
Ticker
Website
Category
Emerging growth company
Fiscal Year EndDecember 30