Cybersecurity Risk Management and Strategy Disclosure |
12 Months Ended |
|---|---|
Dec. 31, 2024 | |
| Cybersecurity Risk Management, Strategy, and Governance [Line Items] | |
| Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] |
We have implemented ongoing processes that are designed to continually identify, assess, manage, monitor, and mitigate the dynamic and evolving material risks to us from cybersecurity threats. Our Adviser’s and Administrator’s resource management, information technology (“IT”), and compliance departments work in conjunction with an independent third-party information technology service provider (“ISP”) engaged by our Adviser to manage our information technology strategy. The ISP regularly performs cyber assessments and assists us in maintaining our cyber and information security programs. The ISP proposes recommendations for improvements to our Adviser’s Head of Resource Management, Director of IT, and Chief Compliance Officer (“CCO”), which are then considered by other officers and employees of our Adviser and Administrator
working on our behalf before improvements are implemented to our information technology strategy, cybersecurity, and incident response policies, processes, and procedures.
In addition, regular ongoing cybersecurity threat risk assessments, which also cover third-party business applications, are performed throughout the year and reported to our officers and Board of Directors by our CCO no less than quarterly. Cybersecurity risks are assessed in general as a part of the overall enterprise risk management for us, but also specifically between the ISP and our Adviser and Administrator in monitoring and determining not only the risks but also assessing corresponding processes and procedures to mitigate those risks appropriately. Third-party business applications are also incorporated into these risk assessments.
As an international service provider, our ISP constantly monitors information technology risk and cybersecurity threats globally. When risks are detected, the Director of IT, Head of Resource Management, and CCO consult with the ISP to assess if the risk is a cybersecurity threat to our information technology systems or data. If a risk to our information systems or data is identified, we then, through our Adviser and Administrator, work in conjunction with the ISP to implement recommended processes, improvements, or safeguards to our systems or processes to address the risks as needed. Relevant examples of such efforts include but are not limited to:
▪implementation of industry-leading Cloud solutions and business applications which possess integrated cybersecurity safeguards;
▪anti-malware, antivirus, and threat detection software;
▪ransomware containment and isolation software;
▪enhanced password requirements and multifactor authentication requirements;
▪endpoint encryption;
▪intrusion detection and response system conduct file integrity monitoring;
▪email archiving, firewalls, and quarantine capabilities;
▪mobile device management of business applications;
▪frequent systems backups with recovery capabilities; and
▪regular vulnerability scans and penetration testing.
Contractually, we require the ISP to annually provide us with a third-party report on its systems and on the suitability of the design and operating effectiveness of its controls relevant to information and cyber security. In addition to the ongoing dialogue and technology interaction between the Director of IT, our Adviser and Administrator, and the ISP, any significant findings in these reports are shared with us, including our Board of Directors and other officers, to enhance ongoing monitoring and assessment of our information technology and cybersecurity risk management.
While our ISP works to create a hardened information technology systems environment, our Adviser and Administrator also regularly trains employees working on our behalf on the evolving threats and educates them on cybersecurity risks to provide an additional protection barrier through end-user knowledge. Whether it is communicating information about the latest cybersecurity threats, assessing employees’ awareness through mock fraud exercises, social engineering and phishing campaigns, or providing access to a library of educational material about past and newly-evolving cybersecurity attacks, our Adviser and Administrator work in concert with the ISP on our behalf to keep employees servicing us informed so as to provide an additional protection barrier through end-user knowledge. Notwithstanding our risk management and strategy described above, we may not be successful in preventing or mitigating a cybersecurity incident that could have a material adverse effect on us. We are not currently aware of any known cybersecurity risks that may materially impact our operations, though we may not be able to determine the likelihood of such risks.
|
| Cybersecurity Risk Management Processes Integrated [Flag] | true |
| Cybersecurity Risk Management Processes Integrated [Text Block] | We have implemented ongoing processes that are designed to continually identify, assess, manage, monitor, and mitigate the dynamic and evolving material risks to us from cybersecurity threats. Our Adviser’s and Administrator’s resource management, information technology (“IT”), and compliance departments work in conjunction with an independent third-party information technology service provider (“ISP”) engaged by our Adviser to manage our information technology strategy. |
| Cybersecurity Risk Management Third Party Engaged [Flag] | true |
| Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] | true |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] | false |
| Cybersecurity Risk Board of Directors Oversight [Text Block] |
Our Board of Directors is actively engaged in overseeing our cybersecurity and information security program. Our Board of Directors receives regular reports during board meetings from our CCO on our and our Adviser’s and Administrator’s efforts concerning information security and addressing information technology and cybersecurity risks no less than quarterly and regularly receives updates from third parties on various business risks, which include cybersecurity matters. The reports are distributed to our Board of Directors, and our CCO engages in detailed discussions with the independent board members during the independent members’ session. The reports cover all potentially material cybersecurity threats facing us, as well as key
risks and mitigation efforts undertaken by us and our Adviser and Administrator. As significant threats or events are identified by management or the ISP between regular reporting periods, our CCO will inform our Board of Directors immediately and keep it informed as to the developments of assessing the risks, mitigating efforts, and potential disclosure. Appropriate members of management and third-party providers will be involved as deemed necessary based on the potential impact.
|
| Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] | Our Board of Directors is actively engaged in overseeing our cybersecurity and information security program. |
| Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] | Our Board of Directors receives regular reports during board meetings from our CCO on our and our Adviser’s and Administrator’s efforts concerning information security and addressing information technology and cybersecurity risks no less than quarterly and regularly receives updates from third parties on various business risks, which include cybersecurity matters. The reports are distributed to our Board of Directors, and our CCO engages in detailed discussions with the independent board members during the independent members’ session. |
| Cybersecurity Risk Role of Management [Text Block] |
Management personnel most involved with assessing and managing the cybersecurity risks and program with our ISP include our Head of Resources Management, who is also a member of our Board of Directors, and our CCO. Our Head of Resources Management has more than 30 years of overall experience and more than 20 years directly assessing and managing our cyber information technology and human resources systems and the associated security concerns. Our CCO has more than 30 years of overall experience as a CPA, with more than 15 years managing information technology systems and databases, and 15-plus years supporting our Adviser’s and Administrator’s resource management department. This includes identifying, assessing, mitigating, and monitoring cyber information security risks. Our Director of IT has over 20 years of experience in IT, with a focus in the implementation of information security projects to enhance organizations’ resilience against emerging threats, and has collaborated closely with security vendors and partners to contain and address cybersecurity incidents. These managers, as well as other management personnel, attend various professional continuing education programs that include cybersecurity matters. Certain members of our Board of Directors have, or previously held, positions with other companies, including other public companies, that involved managing risks associated with their cyber and information technology systems. Our Board of Directors regularly receives updates from third parties on various business risks, which include cybersecurity matters.
|
| Cybersecurity Risk Management Positions or Committees Responsible [Flag] | true |
| Cybersecurity Risk Management Positions or Committees Responsible [Text Block] | Management personnel most involved with assessing and managing the cybersecurity risks and program with our ISP include our Head of Resources Management, who is also a member of our Board of Directors, and our CCO. |
| Cybersecurity Risk Management Expertise of Management Responsible [Text Block] | Our Head of Resources Management has more than 30 years of overall experience and more than 20 years directly assessing and managing our cyber information technology and human resources systems and the associated security concerns. Our CCO has more than 30 years of overall experience as a CPA, with more than 15 years managing information technology systems and databases, and 15-plus years supporting our Adviser’s and Administrator’s resource management department. This includes identifying, assessing, mitigating, and monitoring cyber information security risks. Our Director of IT has over 20 years of experience in IT, with a focus in the implementation of information security projects to enhance organizations’ resilience against emerging threats, and has collaborated closely with security vendors and partners to contain and address cybersecurity incidents. These managers, as well as other management personnel, attend various professional continuing education programs that include cybersecurity matters. Certain members of our Board of Directors have, or previously held, positions with other companies, including other public companies, that involved managing risks associated with their cyber and information technology systems. |
| Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] | Our Board of Directors regularly receives updates from third parties on various business risks, which include cybersecurity matters. |
| Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] | true |