Page last updated on July 16, 2024
OFS Capital Corp reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-05 07:57:07 EST.
Filings
10-K filed on 2024-03-05
OFS Capital Corp filed a 10-K at 2024-03-05 07:57:07 EST
Accession Number: 0001487918-24-000006
Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!
Item 1C. Cybersecurity.
Item 1C. Cybersecurity Our Cybersecurity Risk Management Approach OFS Advisor utilizes the IT department (“IT Department”) of CIM Group, LLC (“CIM Group”), an affiliate, as its IT administrator. The IT Department is responsible for the design and implementation of OFS Advisor’s IT environment and controls, including policies and procedures to identify, assess and manage material risks from cybersecurity threats, which are integrated into OFS Advisor’s internal controls and IT systems. In collaboration with the IT Department, OFS Advisor’s cybersecurity strategy prioritizes detection, analysis and response to known, anticipated or unexpected threats, effective management of security risks and resiliency against incidents. The IT Department’s cybersecurity risk management policies and procedures include, among other things: enterprise-wide hardware and software management and security controls; employee training; security assessments; penetration testing; security audits and ongoing risk assessments; due diligence on, and monitoring and oversight of, key third-party providers; vulnerability management; and management oversight to assess, identify and manage material risks from cybersecurity threats. The IT Department’s controls leverage the National Institute of Standards and Technology Cyber Security Framework. The IT Department also utilizes industry and government associations, the results from regular internal and third-party audits and other similar resources to inform its cybersecurity processes and to allocate resources, including resources allocated to OFS Advisor. In addition, OFS Advisor’s employees receive mandatory training on cybersecurity matters at such employee’s new hire and annually thereafter, periodic training and information updates that address new cybersecurity threats and trends, and quarterly “phishing” and social engineering testing to evaluate the effectiveness of the cybersecurity training program and raise employee awareness of cybersecurity threats. In 2023, we did not identify any cybersecurity threats that have materially affected or are reasonably likely to materially affect our business strategy, results of operations, or financial condition. However, despite our efforts, we cannot eliminate all risks from cybersecurity threats, or provide assurances that we have not experienced undetected cybersecurity incidents. While we do not believe that our business strategy, result of operations or financial condition have been materially adversely affected by any cybersecurity incidents, for further discussion of cybersecurity risks, see “Item 1A. Risk Factors-Risk Related to Our Securities and an Investment in our Common Stock-Cybersecurity risks and cyber incidents may adversely affect our business or the business of our portfolio companies by causing a disruption to our operations or the operations of our portfolio companies, a compromise or corruption of our confidential information or the confidential information of our portfolio companies and/or damage to our business relationships or the business relationships of our portfolio companies, all of which could negatively impact the business, financial condition and operating results of us or our portfolio companies.” Management Oversight of Cybersecurity Risk Management Management’s role in assessing and managing material cybersecurity risks includes various management positions, committees and subcommittees responsible for assessing such risks. The IT Department’s internal processes require escalation of material cybersecurity risks to its management and its Cybersecurity Committee (the “Committee”) for evaluation and, where appropriate, for escalation to the Board. The Committee consists of CIM Group’s Chief Technology Officer (the “CTO”), CIM Group’s Chief Compliance Officer (the “CCO”), and OFS Advisor’s General Counsel (the “GC”), who has received a CERT 62 Certificate in Cyber Oversight through the Cyber Oversight Program of the National Association of Corporate Directors, as well as representatives from CIM Group’s operations, compliance and accounting departments. The Committee is also responsible for implementing our cybersecurity strategy and overseeing and managing our cybersecurity risk. In addition to the Committee’s responsibilities, OFS Advisor has established a Cybersecurity Subcomittee (the “Subcommittee”). The Subcommittee consists of the CCO, the CTO, the GC, and the chief financial officer of each of OFS Advisor’s public clients, including our Chief Financial Officer. The Subcommittee is responsible for overseeing our cybersecurity-related public disclosure obligations and ensuring our management and the Board is informed of material cybersecurity incidents affecting us and OFS Advisor. The Committee is chaired by CIM Group’s CTO, and the Subcommittee is co-chaired by CIM Group’s CTO and the CCO. The Committee and Subcommittee each conduct both regular quarterly and as-needed meetings throughout the year during which members of the IT Department provide updates and report on meaningful cybersecurity risks, threats, incidents and vulnerabilities in accordance with the Committee’s and the Subcommittee’s respective reporting frameworks, as well as related priorities, mitigation and remediation activities, financial and employee resource levels, regulatory compliance, technology trends and third-party provider risks. To help inform this reporting framework, the IT Department and OFS Advisor maintain incident response plans and other policies and procedures designed to respond to, mitigate and remediate cybersecurity incidents based on the potential impact to our business, IT systems, network or data, including data held by third parties, or to the IT or other critical services provided by third-party vendors and service providers. The IT Department’s management responsible for developing and executing both OFS Advisor’s and our cybersecurity policies, and is comprised of individuals with either formal education and degrees in IT or cybersecurity, or with experience working in IT and cybersecurity, including relevant industry experience in security related industries. We believe that the processes, policies and procedures established by the Committee and the Subcommittee provide guidance for consistent and effective incident handling and response and set standards for internal notifications and escalations, as well as external notification considerations with respect to a cybersecurity event or incident requiring disclosure or notification in accordance with applicable laws. Board of Directors Oversight of Cybersecurity Risk Management Our Board has ultimate oversight of cybersecurity risks as part of our enterprise risk management program, including oversight of the processes implemented by OFS Advisor and the IT Department to identify, assess, manage and mitigate cybersecurity risks. The Board receives quarterly updates from senior management of OFS Advisor and the IT Department with respect to the effectiveness of the cyber readiness and cybersecurity program that the IT Department administers on our behalf. This oversight includes briefing and a report by the CTO or CIM Group’s Head of Operations, as well as a discussion of any cybersecurity breaches detected by the IT Department and a summary of, among other things, the current cybersecurity threat landscape, defensibility measures implemented by the IT Department, the health of our information security system, effectiveness of our cybersecurity controls and recoverability and business continuity testing.
Company Information
Name | OFS Capital Corp |
CIK | 0001487918 |
SIC Description | |
Ticker | OFS - NasdaqOFSSH - Nasdaq |
Website | |
Category | Non-accelerated filer |
Fiscal Year End | December 30 |