GPB Automotive Portfolio, LP 10-K Cybersecurity GRC - 2025-03-27

Page last updated on March 27, 2025

GPB Automotive Portfolio, LP reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-27 14:38:36 EDT.

Filings

10-K filed on 2025-03-27

GPB Automotive Portfolio, LP filed a 10-K at 2025-03-27 14:38:36 EDT
Accession Number: 0001410578-25-000505

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity As previously discussed in “Item 1. Business” the Partnership is managed by GPB, through its affiliation with Highline under supervision and direction of the Receiver. Among the services provided to the Partnership under the MSA is a cybersecurity risk management program designed to identify, assess, manage, mitigate, and respond to cybersecurity threats. This program was integrated within the Partnership’s enterprise risk management system as administered and overseen by Highline under supervision and direction of the Receiver and addresses the corporate information technology environment. The underlying controls of the cyber risk management program that the Partnership currently has in place are based on recognized best practices and standards for cybersecurity and information technology, including the International Organization Standardization (“ISO”) 27001 Information Security Management System Requirements. Highline partners with cybersecurity companies and organizations, leveraging third-party technology and expertise, including secure cloud storage solutions, firewalls and monitoring software. Highline engages with these partners and their technology to monitor and maintain the performance and effectiveness of its corporate information environment. Highline has a dedicated specialist who oversees Highline’s cybersecurity efforts on behalf of all of its clients. This specialist is responsible for assessing and managing Highline’s cyber risk management program, informs senior management regarding the prevention, detection, mitigation, and remediation of cybersecurity incidents and supervises such efforts. The cybersecurity specialist has experience selecting, deploying, and operating cybersecurity technologies, initiatives, and processes around the world, and relies on threat intelligence as well as other information obtained from governmental, public or private sources, including external consultants engaged by Highline. The Receiver currently oversees the Partnership’s cybersecurity risk exposures and the steps taken by management to monitor and mitigate cybersecurity risks. Highline’s cybersecurity specialist briefs the Chief Executive Officer, who presents to the Receiver as necessary on the effectiveness of the Partnership’s cyber risk management program and any potential cybersecurity threats. The Partnership faces risks from cybersecurity threats that could have an adverse effect on its implementation of the Receivership Order, including liquidation and winding down, as well as its financial reporting. The Partnership has experienced, and may continue to experience cyber incidents in the normal course of its business. However, prior cybersecurity incidents have not been determined to have been material to the Partnership’s business, financial condition, results of operations, or cash flows. See “Item 1A. Risk Factors - Risks Related to the Partnership and Receivership Order”. Breaches in our data security systems or in systems used by our vendor partners, including cyber-attacks or unauthorized data distribution by employees or affiliated vendors, or disruptions to access and connectivity of our information systems could impact our operations or result in the loss or misuse of customers’ proprietary information" for more information about the cybersecurity risks the Partnership faces.

Company Information