Franklin Templeton Holdings Trust 10-K Cybersecurity GRC - 2024-07-01

Page last updated on July 16, 2024

Franklin Templeton Holdings Trust reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-07-01 11:56:16 EDT.

Filings

10-K filed on 2024-07-01

Franklin Templeton Holdings Trust filed a 10-K at 2024-07-01 11:56:16 EDT
Accession Number: 0001193125-24-173038

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Cybersecurity Risk Management Strategy and Governance Overview The Trust and the Fund do not have any officers, directors or employees. The Sponsor is responsible for the oversight and overall management of the Trust and the Fund. The Sponsor is a wholly owned subsidiary of Franklin Resources, Inc. (“FRI”). FRI maintains global, firm-wide policies and procedures governing matters relating to crisis management, corporate continuity, business continuity planning and disaster recovery, enterprise business resilience, and corresponding risk mitigation processes and systems in these areas (collectively referred to as the “Global Corporate Continuity Program”). The Global Corporate Continuity Program is generally overseen by the Business Recovery Governance Committee (“BRGC”). BRGC has developed certain policies and principles in implementing the program. The executive officers of the Sponsor perform certain functions with respect to the Trust and the Fund that, if the Trust or the Fund had directors or executive officers, would typically be performed by them, including receiving reports regarding the Global Corporate Continuity Program. In line with the Global Corporate Continuity Program, the Sponsor or its delegate: (1) regularly conducts a business impact analysis; (2) develops, exercises and maintains a viable and actionable Business Continuity Plan specifically tailored to the Sponsor in light of the nature and scope of its business; and (3) completes annual testing of the Business Continuity Plan. Material exceptions to this policy and risk events and related mitigation/corrective measures are reported to the Sponsor’s Governance Oversight Committee. As appropriate, the Sponsor or its delegate will coordinate with FRI’s relevant risk management and disaster recovery-related committees to review risk monitoring and mitigation strategies as contemplated under the Global Corporate Continuity Program at least annually, and more often if there are significant internal or external changes affecting these risks as pertains to the Sponsor’s business and its Business Continuity Plan. FRI has adopted the National Institute of Standards and Technology’s (“NIST”) cybersecurity framework as its security outline. The program is reviewed annually. Using the NIST framework as a guide, FRI’s cybersecurity program is organized around the following program domains: - Identify critical assets, data, systems and capabilities, cybersecurity strategy and governing elements, threats and cybersecurity risks - Protect assets (data, systems, networks, personnel, etc.) from external or internal malicious actors and failed practices - Detect anomalies and security events through environments monitoring, analysis, remediation, and reporting. Engage outside vendors to periodically test the network infrastructure and software applications against known vulnerabilities and to ensure the use of a best practice security program - Respond to incidents regardless of source or causality - Recover through planning, improvements and communications (external and internal) - Conduct after-action evaluation to identify what went well, what did not go well and improve FRI’s systems after an issue FRI employs third-party firms to assess its cybersecurity posture, conduct penetration testing, and forensic analysis. FRI maintains a risk-based approach to identifying and overseeing cybersecurity risks presented by third parties, including vendors, service providers, counterparties and clients, as well as the systems of third parties that could significantly and adversely impact FRI’s business in the event of a cybersecurity incident affecting those third-party systems. Third-party risks are included within FRI’s NIST framework, and risk identification and mitigation are supported by FRI’s Global Corporate Continuity Program. FRI also performs diligence on certain third parties and monitors cybersecurity threats and risks identified through such diligence. Assessment of Cybersecurity Risks As of March 31, 2024, cybersecurity risks have not materially affected the Trust or the Fund’s ability to achieve its investment objective, results of operations or financial condition. However, future incidents could have a material impact on our ability to achieve the investment objective, results of operations, or financial condition.

Company Information