Page last updated on March 20, 2025
HPS Corporate Lending Fund reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-19 21:43:55 EDT.
Filings
10-K filed on 2025-03-19
HPS Corporate Lending Fund filed a 10-K at 2025-03-19 21:43:55 EDT
Accession Number: 0001838126-25-000017
Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!
Item 1C. Cybersecurity.
Item 1C. Cybersecurity Assessment, Identification and Management of Material Risks from Cybersecurity We have processes in place to assess, identify, and manage material risks from cybersecurity threats. We rely on the cybersecurity strategy and policies implemented by the Adviser and HPS, the providers of our technology services. The Adviser manages our day-to-day operations and has implemented, together with HPS, a firm-wide cybersecurity program that applies to us and our operations. References in this Item 1C to (i) any programs or processes of the Adviser shall be deemed to refer to any firm-wide programs and/or processes that have been implemented by HPS, and (ii) any actions of the Adviser shall be deemed to refer to actions of HPS and/or the Adviser, as the context may require. The Adviser’s cybersecurity program prioritizes detection and analysis of and response to cybersecurity threats, management of security risks and resilience against cyber incidents, including those that may impact us. The Adviser’s cybersecurity program is aligned to the Center for Internet Security critical controls framework. The Adviser’s cybersecurity risk management processes applicable to us include technical security controls, policy enforcement mechanisms, monitoring systems, and other tools. Third-party providers are leveraged to assist in assessing, identifying and managing risks from cybersecurity threats applicable to us. The assessment of cybersecurity risks, including those which may be applicable to us, is integrated into the Adviser’s overall risk management program. The Adviser has implemented and continues to implement risk-based controls designed to prevent, detect, and respond to information security threats and we rely on such controls. The Adviser’s cybersecurity program includes physical, administrative, and technical safeguards, as well as plans and procedures designed to help us prevent and respond to cybersecurity threats and incidents, including threats or incidents that may impact us. The Adviser’s cybersecurity risk management processes seek to monitor cybersecurity vulnerabilities and potential attack vectors, evaluate the potential operational and financial effects of any threat, and mitigate such threats. We rely on the Adviser to engage with third-party consultants and key vendors to assist it in assessing, enhancing, implementing, and monitoring its cybersecurity program and risk management processes and responding to incidents. The Adviser’s cybersecurity risk management and awareness programs, which apply to us, include identification and testing of vulnerabilities, phishing simulations and cybersecurity awareness training. The Adviser undertakes internal security reviews of its information systems and related controls, including those applicable to us. The Adviser also completes external reviews of the cybersecurity program and practices applicable to us, which may include assessments of relevant data protection practices and targeted attack simulations. The Adviser has developed an incident response plan that provides guidelines for responding to cybersecurity incidents. The incident response plan includes notification to the applicable members of cybersecurity leadership, including the Adviser’s Chief Information Security Officer (“CISO”), and, as appropriate, escalation to other relevant individuals. Incidents may also be reported to the audit committee or full board of directors of the Adviser, as well as to the Audit Committee, if appropriate. Our management is informed about and monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents impacting us, including through the receipt of notifications from service providers and reliance on communications with the Adviser’s CISO, as well as other risk management, legal, information technology, and/or compliance personnel of the Adviser. We depend on and engage various third parties, including suppliers, vendors, and service providers, to operate our business. We rely on the expertise of risk management, legal, information technology, and compliance personnel of the Adviser when identifying and overseeing risks from cybersecurity threats associated with our use of such entities. Material Impact of Cybersecurity Risks During the reporting period, we have not identified any risks from cybersecurity threats, including as a result of previous cybersecurity incidents, that we believe have materially affected, or that are reasonably likely to materially affect us, including our business strategy, operational results and financial conditions. However, future incidents could have a material impact on our business strategy, results of operations or financial condition. Management’s Role in Cybersecurity Risk Oversight The Adviser’s CISO and dedicated internal cybersecurity team are responsible for the cybersecurity program applicable to us (including enterprise-wide cybersecurity strategy, policies, standards, engineering, architecture, and processes). Our Chief Compliance Officer (“CCO”) is responsible for monitoring and reporting to the board about the Adviser’s compliance with its responsibilities for the Adviser’s and our cybersecurity program. The Adviser’s CISO has over 15 years of experience advising on and managing risks from cybersecurity threats as well as developing and implementing cybersecurity policies and procedures in both US Government Intelligence agencies and Financial Services firms. The Adviser’s CISO reports to the Chief Financial Officer of the Adviser and works closely with our management to administer, assess, discuss, and prioritize our cybersecurity efforts. Our CCO has been responsible for this monitoring and reporting as CCO to us for 3 years and has worked in the financial services industry for more than 30 years, during which time the CCO has gained expertise in assessing and managing risks applicable to us. Board Oversight of Cybersecurity Risks The Audit Committee provides strategic oversight of risk assessment and risk management matters, including risks associated with cybersecurity threats. Certain of our members update the Audit Committee as well as our full Board, as appropriate, on cybersecurity matters, primarily through presentations by our CCO and the Adviser’s CISO. Such reporting includes updates on the cybersecurity program applicable to us, the external threat environment, and the Adviser’s programs to address and mitigate the risks associated with the evolving cybersecurity threat environment. These reports also include updates on our preparedness, prevention, detection, responsiveness, and recovery with respect to cyber incidents.
Item 1C to (i) any programs or processes of the Adviser shall be deemed to refer to any firm-wide programs and/or processes that have been implemented by HPS, and (ii) any actions of the Adviser shall be deemed to refer to actions of HPS and/or the Adviser, as the context may require. The Adviser’s cybersecurity program prioritizes detection and analysis of and response to cybersecurity threats, management of security risks and resilience against cyber incidents, including those that may impact us. The Adviser’s cybersecurity program is aligned to the Center for Internet Security critical controls framework. The Adviser’s cybersecurity risk management processes applicable to us include technical security controls, policy enforcement mechanisms, monitoring systems, and other tools. Third-party providers are leveraged to assist in assessing, identifying and managing risks from cybersecurity threats applicable to us. The assessment of cybersecurity risks, including those which may be applicable to us, is integrated into the Adviser’s overall risk management program. The Adviser has implemented and continues to implement risk-based controls designed to prevent, detect, and respond to information security threats and we rely on such controls. The Adviser’s cybersecurity program includes physical, administrative, and technical safeguards, as well as plans and procedures designed to help us prevent and respond to cybersecurity threats and incidents, including threats or incidents that may impact us. The Adviser’s cybersecurity risk management processes seek to monitor cybersecurity vulnerabilities and potential attack vectors, evaluate the potential operational and financial effects of any threat, and mitigate such threats. We rely on the Adviser to engage with third-party consultants and key vendors to assist it in assessing, enhancing, implementing, and monitoring its cybersecurity program and risk management processes and responding to incidents. The Adviser’s cybersecurity risk management and awareness programs, which apply to us, include identification and testing of vulnerabilities, phishing simulations and cybersecurity awareness training. The Adviser undertakes internal security reviews of its information systems and related controls, including those applicable to us. The Adviser also completes external reviews of the cybersecurity program and practices applicable to us, which may include assessments of relevant data protection practices and targeted attack simulations. The Adviser has developed an incident response plan that provides guidelines for responding to cybersecurity incidents. The incident response plan includes notification to the applicable members of cybersecurity leadership, including the Adviser’s Chief Information Security Officer (“CISO”), and, as appropriate, escalation to other relevant individuals. Incidents may also be reported to the audit committee or full board of directors of the Adviser, as well as to the Audit Committee, if appropriate. Our management is informed about and monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents impacting us, including through the receipt of notifications from service providers and reliance on communications with the Adviser’s CISO, as well as other risk management, legal, information technology, and/or compliance personnel of the Adviser. We depend on and engage various third parties, including suppliers, vendors, and service providers, to operate our business. We rely on the expertise of risk management, legal, information technology, and compliance personnel of the Adviser when identifying and overseeing risks from cybersecurity threats associated with our use of such entities. Material Impact of Cybersecurity Risks During the reporting period, we have not identified any risks from cybersecurity threats, including as a result of previous cybersecurity incidents, that we believe have materially affected, or that are reasonably likely to materially affect us, including our business strategy, operational results and financial conditions. However, future incidents could have a material impact on our business strategy, results of operations or financial condition. Management’s Role in Cybersecurity Risk Oversight The Adviser’s CISO and dedicated internal cybersecurity team are responsible for the cybersecurity program applicable to us (including enterprise-wide cybersecurity strategy, policies, standards, engineering, architecture, and processes). Our Chief Compliance Officer (“CCO”) is responsible for monitoring and reporting to the board about the Adviser’s compliance with its responsibilities for the Adviser’s and our cybersecurity program. The Adviser’s CISO has over 15 years of experience advising on and managing risks from cybersecurity threats as well as developing and implementing cybersecurity policies and procedures in both US Government Intelligence agencies and Financial Services firms. The Adviser’s CISO reports to the Chief Financial Officer of the Adviser and works closely with our management to administer, assess, discuss, and prioritize our cybersecurity efforts. Our CCO has been responsible for this monitoring and reporting as CCO to us for 3 years and has worked in the financial services industry for more than 30 years, during which time the CCO has gained expertise in assessing and managing risks applicable to us. Board Oversight of Cybersecurity Risks The Audit Committee provides strategic oversight of risk assessment and risk management matters, including risks associated with cybersecurity threats. Certain of our members update the Audit Committee as well as our full Board, as appropriate, on cybersecurity matters, primarily through presentations by our CCO and the Adviser’s CISO. Such reporting includes updates on the cybersecurity program applicable to us, the external threat environment, and the Adviser’s programs to address and mitigate the risks associated with the evolving cybersecurity threat environment. These reports also include updates on our preparedness, prevention, detection, responsiveness, and recovery with respect to cyber incidents.
Company Information
| Name | HPS Corporate Lending Fund |
| CIK | 0001838126 |
| SIC Description | |
| Ticker | |
| Website | |
| Category | Emerging growth company |
| Fiscal Year End | December 30 |