Oaktree Specialty Lending Corp 10-K Cybersecurity GRC - 2024-11-18

Page last updated on November 19, 2024

Oaktree Specialty Lending Corp reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-11-18 17:46:01 EST.

Filings

10-K filed on 2024-11-18

Oaktree Specialty Lending Corp filed a 10-K at 2024-11-18 17:46:01 EST
Accession Number: 0001414932-24-000016

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity We rely on the cybersecurity strategy and policies implemented by Oaktree. Oaktree maintains a cyber risk management program designed to identify, assess, manage, mitigate, and respond to cybersecurity threats. This program is integrated into Oaktree’s overall risk management processes and focuses on the corporate information technology environment. The audit committee of the board of directors of Brookfield Oaktree Holdings, LLC oversees Oaktree’s cybersecurity program. The cybersecurity team briefs the audit committee of Brookfield Oaktree Holdings, LLC on the effectiveness of Oaktree’s cyber risk management program. The Internal Audit team also shares the results of its annual cybersecurity audits with the audit committee of Brookfield Oaktree Holdings, LLC. The underlying controls of the cyber risk management program are designed to meet Oaktree’s business requirements, security risks and organization profile, and leverages many elements of the National Institute of Standards and Technology Cybersecurity Framework and the International Organization Standardization 27001 Information Security Management System Requirements. The Internal Audit team conducts an annual internal audit of the Company’s cyber risk management program utilizing the services of a third-party provider. Additionally, Oaktree hires a third party provider to conduct an annual penetration test of Oaktree’s systems. Oaktree has developed and implemented controls and processes to oversee and manage its engagements with third-party vendors. These procedures encompass pre-engagement due diligence efforts and the ongoing monitoring of the third-party vendors that are considered to be high-risk. Although these controls and processes are designed to mitigate risks associated with third-party engagements, they do not guarantee the elimination of all potential risks. The effectiveness of these controls and processes is dependent on a variety of factors, some of which are outside Oaktree’s and our control. A third party Managed Security Service Provider manages Oaktree’s Security Operations Center to provide 24/7 monitoring of its global systems and to coordinate the investigation of alerts of potential security incidents. Alerts are then escalated to the Oaktree Cybersecurity team for investigation and remediation, if necessary. Cyber partners are a key part of Oaktree’s cybersecurity infrastructure. Oaktree partners with leading cybersecurity companies and organizations, leveraging third-party technology and expertise. Oaktree engages with these partners to monitor and maintain the performance and effectiveness of products and services that are deployed in Oaktree’s environment. A Managing Director in Oaktree’s information technology department heads Oaktree’s cybersecurity team. This individual reports to Oaktree’s Chief Information Officer. and is responsible for assessing and managing Oaktree’s cyber risk management program, informs senior management regarding the prevention, detection, mitigation, and remediation of cybersecurity incidents and supervises such efforts. The cybersecurity team has decades of collective experience selecting, deploying and operating cybersecurity technologies, initiatives and processes and relies on threat intelligence as well as other information obtained from governmental, public and private sources, including external consultants engaged by Oaktree. The head of Oaktree’s cybersecurity team has substantial information technology and cybersecurity experience, with a career spanning over 30 years in managing global IT operations in a wide range of areas, including cybersecurity, IT governance, controls, compliance, data center operations, network engineering and cloud computing. Our board of directors oversees our cybersecurity program and receives quarterly updates from the cybersecurity team on matters including Oaktree’s cyber risk management program (and risks to us related to cybersecurity) and updates to the cybersecurity program, including active and recently completed initiatives. We and Oaktree face risks from cybersecurity threats that could have a material adverse effect on our business, financial condition or results of operations. We and Oaktree have experienced, and will continue to experience, cyber incidents in the normal course of its business. However, we are not currently aware of any current or past cyberattacks or other incidents that, individually or in the aggregate, have materially affected, or are reasonably likely to materially affect, our business, financial condition or results of operations. See " Risk Factors - Risks Relating to Our Business and Structure - We may face a breach of our cyber security, which could result in adverse consequences to our operations and exposure of confidential information ."

Company Information