TPG Inc. 10-K Cybersecurity GRC - 2025-02-18

Page last updated on February 18, 2025

TPG Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-02-18 16:10:33 EST.

Filings

10-K filed on 2025-02-18

TPG Inc. filed a 10-K at 2025-02-18 16:10:33 EST
Accession Number: 0001880661-25-000014

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk Management and Strategy We have adopted processes designed to identify, assess and manage material risks from cybersecurity threats. Those processes include risk assessments of internal and external threats to confidentiality, integrity and availability of the Company’s data and systems along with other material risks to firm operations. These risk assessments inform our cybersecurity program and the continued development of a layered set of controls aimed at preventing, detecting and responding to threats. Our administrative, organizational, technical and physical security controls include, but are not limited to, policies and procedures, system hardening vulnerability scanning and patching, employee training and awareness, third-party risk management processes, backup and recovery processes, access controls, data encryption in transit and at rest, network perimeter controls and identity verification. We also have policies and controls in place designed to detect and respond to cybersecurity events, including an incident response plan, an incident response team with dedicated roles and responsibilities for assessing and responding to a cybersecurity event, system logging and ongoing monitoring, and periodic training exercises simulating cybersecurity events that are designed to raise awareness and test our team’s response readiness capabilities. The nature, scope and effectiveness of these controls are regularly reviewed through a series of internal and external processes. The Cybersecurity team performs both automated monitoring on a continuous basis and manual reviews of key controls. We also conduct annual assessments of our cybersecurity program using industry standard cybersecurity frameworks, such as the NIST Cybersecurity Framework, as benchmarks to perform our evaluation. This does not imply that we fully meet any particular industry standards, specifications or requirements. In addition, independent reviews of our cybersecurity control effectiveness are conducted by TPG’s Internal Audit team on a periodic basis. We also engage external providers to conduct periodic external assessments, including penetration testing. Governance We have established an Enterprise Risk Committee (“ERC”) to manage overall risk across the Company including cybersecurity risks identified by the Cybersecurity team; the ERC includes representatives from relevant functions and is led by our CEO. We have also established an Operational Risk Committee (“ORC”) which is responsible for applying the policy decisions of the ERC. Operational responsibility for ensuring the adequacy and effectiveness of our risk management, control and governance processes is assigned to our Chief Information Security Officer (“CISO”), who periodically reports, among other things, potentially material cybersecurity incidents to the ORC and reports to the ERC at least annually. The Cybersecurity team also regularly coordinates with other key stakeholders within the Firm, including Compliance, Human Resources, Internal Audit and Legal. The Chief Information Security Officer leads the Company’s Cybersecurity team, which is responsible for implementing, maintaining and enforcing our cybersecurity program. Our CISO previously held various leadership roles within the Technology Risk department of one of the world’s largest banking institutions over a 17-year period. He holds a Bachelor of Science in Electrical Engineering and Mathematics from the University of Texas at Arlington and is a Certified Information Systems Security Professional (CISSP). Our Cybersecurity team possesses a variety of cybersecurity skill sets and extensive expertise obtained through decades of experience, numerous industry certifications, and advanced degrees. The Cybersecurity team continues to take steps to maintain up-to-date knowledge of evolving cybersecurity threats and countermeasures. The Audit Committee of our Board of Directors has primary oversight over the Cybersecurity program. The Chief Information Security Officer reports at least annually to the Audit Committee and such report may address overall assessment of the Company’s compliance with our cybersecurity policies, including risk assessment, risk management and control decisions, service provider arrangements, test results, security incidents and responses, and recommendations for changes and updates to policies and procedures. As of the date of this report, we are not aware of any risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, that have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations or financial condition. Cyber criminals do, however, target TPG and our employees and vendors. Ongoing or future attacks such as these could have impacts on TPG’s operations. For additional information on these ongoing risks please refer to “Part 1. Item 1A. Risk Factors - Failure to maintain the security of our information and technology networks or data security breaches could harm our reputation and have a material adverse effect on our results of operations, financial condition, and cash flow”.

Company Information