Prospect Floating Rate & Alternative Income Fund, Inc. 10-K Cybersecurity GRC - 2024-09-12

Page last updated on September 12, 2024

Prospect Floating Rate & Alternative Income Fund, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-09-12 16:53:37 EDT.

Filings

10-K filed on 2024-09-12

Prospect Floating Rate & Alternative Income Fund, Inc. filed a 10-K at 2024-09-12 16:53:37 EDT
Accession Number: 0001521945-24-000131

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Cybersecurity Risk Management and Strategy As an externally managed, closed-end management investment company that has elected to be regulated as a BDC under the 1940 Act, our day-to-day operations are managed by the Adviser, Administrator and our executive officers under the oversight of our Board of Directors. As such, we rely on the cybersecurity policies and procedures implemented by Prospect Capital Management for assessing, identifying and managing material risks to our business from cybersecurity threats. Below are details of Prospect Capital Management’s cybersecurity program that are relevant to us. Prospect Capital Management has processes in place for assessing, identifying, and managing material risks from potential unauthorized occurrences on, or through, our electronic information systems that could adversely affect the confidentiality, integrity, or availability of our information systems or the information residing on those systems. In accordance with the Prospect Capital Management Information Technology Operations and Procedures, the cross-functional Change Advisory Board (“CAB”) governs and oversees the advancement and implementation of policies and procedures to reasonably prevent security incidents. Prospect Capital Management’s cybersecurity program also includes review and assessment by third parties of the cybersecurity processes and systems. These third parties assess and report on Prospect Capital Management’s compliance with applicable laws and regulations and its internal incident response preparedness, including benchmarking to best practices and industry frameworks and helping to identify areas for continued focus and improvement. Prospect Capital Management uses processes to oversee and identify material risks from cybersecurity threats, including those associated with the use of third-party service providers. Additionally, Prospect Capital Management uses systems and processes designed to reduce the impact of a security incident at a third-party service provider. As part of its risk management process. Prospect Capital Management, also maintains an incident response plan that is utilized when cybersecurity incidents impacting us, our Adviser, or our Administrator are detected. Prospect Capital Management conducts regular phishing tests in which educational materials are provided in each test for those who fail. Prospect Capital Management is implementing security awareness training which will be conducted annually for staff with a high failure rate on the phishing tests. In the last three fiscal years, we are not aware of any material risks from cybersecurity threats that have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations, or financial condition. However, future incidents could have a material impact on our business strategy, results of operations or financial condition. 51 For additional discussion on risks posed by cybersecurity threats, see “Item 1A. Risk Factors - Risks Relating to Our Business and Structure.” Board of Directors Oversight of Cybersecurity Risks Our Board of Directors provides strategic oversight on cybersecurity matters, including risks associated with cybersecurity threats. Our Board of Directors receives periodic updates from the CCO, which incorporates updates provided by the Adviser regarding the overall state of the Adviser’s cybersecurity program, information on the current threat landscape, and risks from cybersecurity threats and cybersecurity incidents impacting us. Management’s Role in Cybersecurity Risk Management Our management, including our CCO, manage our cybersecurity program. The CCO supervises our oversight function generally and relies on the Adviser’s technology team to assist with assessing and managing material risks from cybersecurity threats. The CCO has been responsible for this oversight function as our CCO for more than five years and has worked in the financial services industry for more than 20 years, during which time the CCO has gained expertise in assessing and managing risks applicable to us. Our management is informed about and monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents impacting us, including through the receipt of notifications from service providers and reliance on communications with risk management, legal, information technology, and/or compliance personnel of the Adviser.

Company Information