United States Oil Fund, LP 10-K Cybersecurity GRC - 2024-02-29

Page last updated on July 16, 2024

United States Oil Fund, LP reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-29 17:22:18 EST.

Filings

10-K filed on 2024-02-29

United States Oil Fund, LP filed a 10-K at 2024-02-29 17:22:18 EST
Accession Number: 0001410578-24-000108

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. In general, cybersecurity incidents can result from deliberate attacks or unintentional events such as a cyber-attack against USCF, a natural catastrophe, an industrial accident, failure of USO’s disaster recovery systems, or consequential employee error. Cyber-attacks include, but are not limited to, gaining unauthorized access to digital systems for purposes of misappropriating assets or sensitive information, corrupting data, or causing operational disruption. Cyber-attacks may also be carried out in a manner that does not require gaining unauthorized access, such as causing denial-of-service attacks on websites. Cyber security failures or breaches of a fund’s clearing broker or third party service provider (including, but not limited to, index providers, the administrator and transfer agent, the custodian), have the ability to cause disruptions and impact business operations, potentially resulting in financial losses, the inability of fund shareholders to transact business, violations of applicable privacy and other laws, regulatory fines, penalties, reputational damage, reimbursement or other compensation costs, and/or additional compliance costs. Risk Management USO does not have computer systems or networks. Pursuant to the terms of the LP Agreement, USO’s affairs are managed by USCF. USCF has implemented an information security program that is focused on ensuring the security and protection of computer systems and oversight of third-party service providers. This program includes specific provisions pertaining to data security and the security of information that, if disclosed, could have detrimental effects on USO. Such provisions relate to the handling of information and computers, as well as the protection of computer systems and software from unauthorized persons. As needed, but no less frequently than annually, USCF evaluates its cybersecurity risk profile in accordance with its compliance policies and procedures. The risk assessment aims to confirm that USCF’s policies are being followed and enforced, and to identify risks that may have otherwise been unknown. To mitigate the risks from cybersecurity threats posed by third parties, USCF conducts due diligence on its critical third-party service providers with respect to (1) the cybersecurity programs and policies that they have in place as well as how they safeguard sensitive information, and (2) how those programs and policies apply to customers, including USCF and USO. USCF’s procedures include guidance for determining the materiality of cybersecurity incidents, including with respect to cybersecurity incidents experienced by third-party service providers. Such determinations are made by USCF’s senior management, including its Chief Executive Officer, which uses both qualitative and quantitative factors in assessing the material impact of an incident. The factors include the functional impact, the information impact, costs, the observed activity, the location of observed activity, actor characterization, and recoverability of information. As of the date of this report, USCF is not aware of any material risks from cybersecurity threats that have materially affected or are reasonably likely to materially affect USO, including its business strategy, results of operations, or financial condition. Governance The Director of Compliance, as identified below, provides regular reports to USCF’s Board of Directors on developments to the information security and cybersecurity risks facing USO. Reports may include, among other things, an overview of the controls and procedures related to to assessing, identifying, and managing risks related to cybersecurity threats, oversight of third-party service providers and related cybersecurity threats, and management’s evaluation of cybersecurity risks material to USO.


Company Information

NameUnited States Oil Fund, LP
CIK0001327068
SIC DescriptionCommodity Contracts Brokers & Dealers
TickerUSO - NYSE
Website
CategoryLarge accelerated filer
Fiscal Year EndDecember 30