SPDR GOLD TRUST 10-K Cybersecurity GRC - 2024-11-25

Page last updated on November 26, 2024

SPDR GOLD TRUST reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-11-25 15:52:13 EST.

Filings

10-K filed on 2024-11-25

SPDR GOLD TRUST filed a 10-K at 2024-11-25 15:52:13 EST
Accession Number: 0001437749-24-036161

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity The Trust does not have any officers, directors or employees. The Sponsor is responsible for the oversight and overall management of the Trust. The Sponsor is an indirect wholly owned subsidiary of the World Gold Council and relies on the World Gold Council’s cybersecurity program for its own risk management. The Trust also relies on the cybersecurity programs of its service providers. The Board of Directors of the Sponsor (the “Board of Directors”) receives reports from the Sponsor detailing cybersecurity review processes, any potential risks and any incidents which could impact the Trust. The Board of Directors also periodically receives, and reviews reports from the World Gold Council and the Trust’s service providers regarding their cybersecurity programs. As of the date of this report, the Sponsor has not identified any risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents, that have materially affected, or that the Sponsor believes or are reasonably likely to materially affect, the Trust, including its operations, results of operations, or financial condition. Cybersecurity Program Overview The World Gold Council has a comprehensive cybersecurity program built around the National Institute of Standards and Technology’s Cybersecurity Framework which is overseen by the World Gold Council’s Global Head of IT. The program incorporates a variety of strategies and measures aimed at identifying, protecting, detecting, responding to and recovering from cyber incidents. The program’s key components include risk assessment and management, where the Operational Risk Committee of the World Gold Council, of which the Principal Financial and Accounting Officer of the Sponsor is a member, identifies potential threats and vulnerabilities and implements appropriate controls to mitigate those vulnerabilities. As part of the program, the World Gold Council (i) develops and enforces security policies and procedures, providing guidelines for safe and secure operations, (ii) prioritizes employee training and awareness, as human error is often a significant factor in security breaches, (iii) conducts regular security audits and assessments to ensure that the program remains effective and up to date with evolving threats, and (iv) incorporates advanced technologies such as identify management, encryption, firewalls, anti-malware and intrusion detection systems to provide multiple layers of defense against cyber-attacks. The World Gold Council has an incident response plan (“IRP”) which (i) identifies the incident response team and the roles and responsibilities of the team members, (ii) details the incident response lifecycle, including preparation, detection, response and recovery, and (iii) outlines the internal and external communications plan. The IRP requires any cybersecurity incidents which could impact the Trust to be reported to the Principal Financial and Accounting Officer of the Sponsor. The Trust also relies on its other service providers, including the Trustee and the Custodians, to implement cybersecurity programs and engage external experts, including cybersecurity assessors, risk management and information technology professionals, attorneys, consultants and auditors to evaluate their cybersecurity measures and risk management processes. Management ’ s Role in Cybersecurity Risk Management The Sponsor conducts annual due diligence on the Trust’s service providers, including the Trustee and Custodians, which includes a review of the relevant service provider’s operational and cybersecurity controls. The Sponsor reviews and reports to the Board of Directors, the results of this annual review and any incidents or perceived risks. Board Oversight of Cybersecurity Risks The Board of Directors receives a report from the Sponsor detailing the Sponsor’s annual due diligence on the Trust’s service providers, including a summary of any potential operational risks and any incidents which could impact the Trust. The Board of Directors also periodically receives reports from the World Gold Council and the Trust’s service providers regarding their cybersecurity programs.

Company Information