TPG Twin Brook Capital Income Fund 10-K Cybersecurity GRC - 2024-03-20

Page last updated on October 1, 2024

TPG Twin Brook Capital Income Fund reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-20 21:47:33 EDT.

Filings

10-K filed on 2024-03-20

TPG Twin Brook Capital Income Fund filed a 10-K at 2024-03-20 21:47:33 EDT
Accession Number: 0001913724-24-000009

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk Management and Strategy The Company’s business is highly dependent on the communications and information systems of the Adviser, its affiliates and third-party service providers. The Adviser is an affiliate of TPG Inc. (“TPG”), a leading global alternative asset management firm. We, in conjunction with the Adviser and its affiliates, have adopted processes designed to identify, assess and manage material risks from cybersecurity threats. These processes include responses to and assessments of internal and external threats to the security, confidentiality, integrity and availability of the Company’s data and systems along with other material risks to its operations, at least annually or whenever there are material changes to our systems or operations. As part of the risk management process, TPG engages outside providers to conduct periodic internal and external penetration testing. TPG has informed us that it uses the National Institute of Standards and Technology (or “NIST”) Cybersecurity Framework and the Center for Internet Security (or “CIS”) Critical Security Controls as a guide to help us identify, assess, and manage cybersecurity relevant to our business. This does not imply that TPG, its affiliates or we meet any particular technical standards, specifications, or requirements. TPG stores data, including the Company’s data, in cloud environments with security that we believe is appropriate for the data involved and has adopted controls around, among other things, vendor risk assessment, access and acceptable use and backup and recovery. The Company utilizes certain third-party service providers to perform a variety of functions in the operation of its business. TPG has processes to oversee and identify material risks associated with the use of third-party service providers, taking into account the nature of the services provided, the sensitivity and quantity of information processed, and the identity of the service provider. As of the date of this report, we are not aware of any risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, which have materially affected or are reasonably likely to materially affect our Company, including our business strategy, results of operations, or financial condition. Refer to “Item 1A. Risk Factors” in this Annual Report on Form 10-K, including “Risks Related to our Business and Structure- We may face a breach of our cyber security, which could result in adverse consequences to our operations and exposure of confidential information. “, for additional discussion about cybersecurity-related risks. Governance Our Board of Trustees holds oversight responsibility over the Company’s strategy and risk management processes employed by the Adviser, including material risks related to cybersecurity threats. This oversight is executed directly by the Board of Trustees and through its committees. The Board of Trustees regularly engages in discussions with management regarding the Adviser’s risk assessment and risk management policies. In addition, the Audit Committee of our Board of Trustees (the “Audit Committee”) oversees the management of systemic risks, including cybersecurity. The Audit Committee is briefed on the Adviser’s information security program and cybersecurity risks at least once each year and as needed in connection with any potentially material cybersecurity incidents. The Chief Information Security Officer reports periodically to the Audit Committee, and such report may address overall assessment of the Company’s compliance with this and other cybersecurity policies, including topics such as risk assessment, risk management and control decisions, service provider arrangements, test results, security incidents and responses, and recommendations for changes and updates to policies and procedures. As an externally managed company, we rely on the Adviser and its affiliates’ information systems in connection with our day-to-day operations. Consequently, we also rely on the processes for assessing, identifying, and managing material risks from cybersecurity threats undertaken by TPG. TPG has established an Enterprise Risk Committee (“ERC”) to manage overall risk across the organization including cybersecurity risks identified by TPG’s cybersecurity team; the ERC includes representatives from relevant functions and is led by TPG’s Chief Executive Officer. TPG has also established an Operational Risk Committee (“ORC”) responsible for applying the policy decisions of the ERC. Operational responsibility for ensuring the adequacy and effectiveness of the Adviser’s risk management, control and governance processes is assigned to TPG’s Chief Information Security Officer, who periodically reports, among others, potentially material cybersecurity incidents to the ORC and, in coordination with the Chief Information Officer and Head of Operations, reports to the ERC at least annually. The Chief Information Security Officer leads TPG’s cybersecurity team, which includes individuals dedicated to incident detection and response. This team is responsible for identifying threats that can impact the organization, including the Company, and designing controls to mitigate vulnerabilities before they are exploited and to detect and neutralize any threats that do materialize. The Chief Information Security Officer and Chief Information Officer each have more than 20 years of experience in their fields. The Chief Information Security Officer and senior members of the cybersecurity team hold industry standard certifications.


Company Information

NameTPG Twin Brook Capital Income Fund
CIK0001913724
SIC Description
Ticker
Website
Category
Emerging growth company
Fiscal Year EndDecember 30