CAMPBELL FUND TRUST 10-K Cybersecurity GRC - 2025-03-21

Page last updated on March 21, 2025

CAMPBELL FUND TRUST reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-21 13:45:50 EDT.

Filings

10-K filed on 2025-03-21

CAMPBELL FUND TRUST filed a 10-K at 2025-03-21 13:45:50 EDT
Accession Number: 0001140361-25-009859

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. Risk Management and Strategy We rely on technology to conduct our business operations and engage with our clients, business partners and employees. The technology that we, our clients, business partners and employees rely upon becomes more complex over time as do threats to our business operations from cyber intrusions, denial of service attacks, manipulation and other cyber misconduct. Risks from cybersecurity threats include potential interference with critical computer network systems, third party hosted services, communication systems, hardware and software, critical data, including confidential information that is proprietary, strategic, and competitive in nature, as well as any personally identifiable information relating to Campbell’s clients and employees. For additional information about these risks, see “Item 1A. Risk Factors.” At this time, we have not identified risks from known cybersecurity threats, including as a result of any previous cybersecurity incidents, that have materially affected our business strategy, results of operations or financial condition, but we cannot provide assurance that such risks or future material incidents will not materially affect us in the future. For more information regarding the risks we face from cybersecurity threats, please see Item 1A. Risk Factors. Information Security is an ongoing process of exercising the due care necessary to protect corporate, client and employee information and systems from unauthorized access, destruction, disclosure, disruption and modification of use. Through a combination of security, risk and compliance resources, Campbell & Company implements Information Security through a dedicated Information Security Program (“ISP”) that is intended to identify, assess and manage material risks from cybersecurity threats and which includes a focus on safeguarding information and assets from cyber threats, engaging in cyber threat monitoring and responding to actual or potential cyber incidents. The ISP employs a defense-in-depth strategy: an information assurance concept in which multiple layers of security controls are distributed throughout an operating environment. The concept manages risk with diverse defensive strategies, so that if one layer of defense fails, another layer of defense will attempt to compensate. Our ISP features cybersecurity policies, standards and guidelines, committee governance, training, access controls and data controls. We periodically engage third-party cybersecurity experts to provide independent assessments of our cybersecurity readiness and control effectiveness. Our goal in collaborating with external cybersecurity firms is to gain insights and knowledge into emerging threats and vulnerabilities, industry trends and best practices to inform our risk remediation efforts. We also perform a risk assessment of new third-parties, inclusive of new third-party contracts, which provides an additional layer of oversight in identifying material risks associated with the use of particular external service providers. Governance Our Information Security Committee (“ISC”), with assistance from internal and external resources, is responsible for implementing and providing oversight of our ISP. Our ISC includes our Chief Compliance Officer (“CCO”), Chief Technology Officer (“CTO”), Director, Technology & Information Security (“DTIS”) Principal IT Security Analyst, (“PITSA”) and Principal Legal & Compliance Analyst. Our ISC members have expertise in information technology and information security. Our CTO has over 20 years’ experience in information technology. Our DTIS has 4 years’ experience in information security. Our PITSA has over 20 years’ experience in information technology, with 12 years in an official security capacity. Our CCO is a member of the Campbell & Company Board and reports to the Board on Cybersecurity and other compliance and business risk matters.

Company Information