GLOBAL MACRO TRUST 10-K Cybersecurity GRC - 2025-03-31

Page last updated on March 31, 2025

GLOBAL MACRO TRUST reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-31 16:06:01 EDT.

Filings

10-K filed on 2025-03-31

GLOBAL MACRO TRUST filed a 10-K at 2025-03-31 16:06:01 EDT
Accession Number: 0001562762-25-000068

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity The Managing Owner has written procedures and policies that govern the Trust’s general cybersecurity program. These policies and procedures include, among other things, the identification of risks, locations of information, management of third party risk and incident response, among other factors, and are designed to address real world concerns. The Cybersecurity Committee (the “Committee”) of the Managing Owner is responsible for overseeing cyber and information security. The Committee meets at least quarterly to discuss cybersecurity risks and frequently holds more informal discussions in the interim. The Committee is subject to oversight by the board of directors of the Managing Owner (the “Board”). The Committee is co-chaired by the Managing Owner’s President/Chief Operating Officer, Chief Technology Officer/Co-Head of Trading, and General Counsel/Chief Compliance Officer who oversee day-to-day implementation of cyber and information security by employees with specialized expertise and experience in such matters. The Board is kept apprised of the cybersecurity policies and procedures on a formal basis at least annually, and is kept informed on a less formal basis through participation in training and policy updates. The Committee meets at least quarterly to discuss and review testing, cybersecurity risks/events and all other relevant matters. Committee members are given the opportunity at these meetings to ask questions of all relevant personnel. The Managing Owner utilizes a combination of statistics, data and testing by third party service providers and software in order to monitor and identify cybersecurity threats. To the extent those threats require immediate attention, they are dealt with and reported to the Committee thereafter in accordance with the procedures outlined in the Managing Owner’s incident response plan. Other threats, as well as follow ups once threats are properly dealt with, are then discussed and analyzed by the Committee. Reports on these activities are discussed with the Board on at least an annual basis, with any material issues raised promptly to the Board as well. To assess the effectiveness of the Managing Owner’s cybersecurity programs and to mitigate exposure, the Managing Owner has consulted with strategic partners, such as outside counsel specializing in this subject matter as well as the Managing Owner’s cyber insurance provider. The Managing Owner also undertook a table top exercise designed to identify and mitigate issues and train personnel . The Managing Owner’s head of risk management (who is also mentioned above as one of the co-chairmen of the Committee) participates in all Committee meetings and, as part of the risk management function, the Committee applies principles of risk management to its information security program. As with all risks identified by the Managing Owner, risks are identified and evaluated, with higher risk items receiving priority attention. The Managing Owner has undertaken efforts to mitigate cyber risks and their impact, including, but not limited to, certain implementation of firewalls, anti-virus/anti-malware, controls around remote network access, multi-factor authentication, system event monitoring and notifications and electronic surveillance, frequent backups, encryption and password protection, education and testing, supervision of third parties, limitations on access, vulnerability scanning, patch installation, physical safeguards, virus scanning, and penetration testing. Employees are required to complete initial cybersecurity training upon commencement of employment and, thereafter, on an annual basis. The training is designed by a third party service provider. The Managing Owner carries cyber insurance. The Managing Owner maintains formal cybersecurity procedures that are considered during contract review with respect to third party vendors handling and having access to information.

Company Information