Page last updated on July 16, 2024
MSC INCOME FUND, INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-08 11:33:40 EST.
Filings
10-K filed on 2024-03-08
MSC INCOME FUND, INC. filed a 10-K at 2024-03-08 11:33:40 EST
Accession Number: 0001535778-24-000020
Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!
Item 1C. Cybersecurity.
Item 1C. Cybersecurity Main Street and our Adviser maintain, and routinely review and evaluate their and the Company’s information technology (“IT”) and cybersecurity policies, practices and procedures (the “Cybersecurity Program”). The Cybersecurity Program has various policies and procedures including a Cyber Incident Response Plan as part of Main Street’s Crisis Management Plan. The Cybersecurity Program is administered by Main Street’s IT Manager, who is managed on a day to 41 Table of contents day basis by Main Street’s General Counsel and Chief Compliance Officer and overseen by Main Street’s IT Steering Committee consisting of Main Street’s Chief Executive Officer, Main Street’s Chief Financial Officer and Chief Operating Officer and Main Street’s General Counsel and Chief Compliance Officer. Main Street’s General Counsel and Chief Compliance Officer also serves as the crisis response team leader in connection with any material cybersecurity incident under the Cyber Incident Response Plan. Main Street and our Adviser also utilize the services of IT and cybersecurity advisers, consultants and experts in the evaluation and periodic testing of IT and cybersecurity systems, to recommend improvements to the Cybersecurity Program and in connection with any cybersecurity incident. We believe that the individuals involved in the Cybersecurity Program possess the necessary skills, experience and backgrounds that, when combined with the resources of the external IT and cybersecurity advisers, consultants and experts, are sufficient to manage the Cybersecurity Program. As part of our overall risk management process, our management engages at least annually in an enterprise risk management review and evaluation, during which management reviews the principal risks relating to our business and operations. Included in this process is a review and evaluation of our risks relating to the Cybersecurity Program. Additionally, as part of our Rule 38a-1 compliance program, we review at least annually the compliance policies and procedures of our key service providers, including our Adviser and Main Street, including documentation discussing each service providers’ information security and privacy controls. Any failure in our or our key service providers’ cybersecurity systems could have a material impact on our operating results. See Item 1A. Risk Factors - General Risk Factors - The failure in cybersecurity systems, as well as the occurrence of events unanticipated in our and our Adviser’s disaster recovery systems and management continuity planning could impair our ability to conduct business effectively. Our Board as a whole has responsibility for the Company’s risk oversight, with reviews of certain areas being conducted by the relevant Board committees that report on their deliberations to the full Board. The oversight responsibility of the Board and its committees is enabled by management reporting processes that are designed to provide visibility to the Board about the identification, assessment and management of critical risks and management’s risk mitigation strategies. Areas of focus include competitive, economic, operational, financial (accounting, credit, liquidity and tax), legal, regulatory, compliance and other risks. Oversight of risks relating to IT and cybersecurity has been delegated by our Board to its Audit Committee. The Audit Committee includes members of the Board who, in addition to each being designated as an “audit committee financial expert,” possess backgrounds and experience which we believe enable them to provide effective oversight of our IT and cybersecurity risks. Our management routinely reports to the Audit Committee on the status of the Cybersecurity Program at the Audit Committee’s quarterly meetings. Routine reports generally detail any testing, observations or developments concerning the Cybersecurity Program that occurred during the prior quarter. The results of periodic testing related to the Cybersecurity Program are also described in the Chief Compliance Officer’s annual report to the Board, provided pursuant to Rule 38a-1 under the 1940 Act. The crisis response team leader also collaborates with the Audit Committee chair to ensure that the Board is apprised of any material cybersecurity incident and consults with the Audit Committee chair in connection with any material decisions or actions related thereto.
Company Information
Name | MSC INCOME FUND, INC. |
CIK | 0001535778 |
SIC Description | |
Ticker | MSCF - OTC |
Website | |
Category | Non-accelerated filer |
Fiscal Year End | December 30 |