|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Jan. 31, 2025
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
The Sponsor’s Chief Information Security Officer (“CISO”) is responsible for overseeing the Trust’s cybersecurity practices. The CISO also manages IT affecting the Trust. The CISO is responsible for overseeing the ongoing adequacy of design and effective implementation of these policies and procedures and to review these procedures at least annually. The CISO is trained as a computer scientist (Master of Science) with extensive programming and system administration experience. The CISO’s background includes study of many of the IT building blocks of a modern office infrastructure, including the study and programming of network protocols, information theory, public key cryptography.
Information Systems Security
The Sponsor’s CISO oversees the maintenance of an inventory of information systems (“Information Systems”) employed by the Sponsor of the Trust either directly or through a vendor. Information Systems include electronic and physical systems used to store, process or transmit information either directly or through a service provider. This includes all methods of data processing, transmission, and retention, both electronic and physical. Electronic Information Systems used by on behalf of the Trust must, at a minimum, adequately address security elements consistent with applicable state and local regulatory requirements and best practices pertaining to:
The adequacy of security measures used by service providers for internal information will be evaluated in connection with the risk assessment process outlined below in the section labeled Risk Assessment. The CISO is responsible for classifying information, identifying risks, and identifying risk mitigation strategies. The CISO is also responsible for evaluating the adequacy of risk mitigation strategies prior to deploying any Information System. Externally hosted applications (those not installed on the Sponsor’s local network and servers) are reviewed by the CISO at least annually thereafter.
Risk Identification
The CISO will identify reasonably foreseeable risks to the security or integrity of each Information System. The risk identification process will consider appropriate internal and external threat scenarios based on people, process or technology vulnerabilities that could cause the Information System to be compromised, damaged, tampered with or otherwise impaired.
Risk Mitigation
The CISO will identify processes or controls to mitigate identified risks to the security or integrity of each Information System. The computer system security requirements set forth below in this policy may adequately mitigate certain identified risks. Other processes or controls may be required to adequately mitigate other risks.
Risk Assessment
As part of the Sponsor’s ISSP for the Trust, the CISO will document in a risk assessment the Information Systems for the Trust, risks identified in Information Systems, and related risk mitigation processes and controls. Included in the risk assessment will be an assessment of each risk’s potential impact on the operations affecting the Trust, on the security of the Trust’s data, and also potential business consequences of each risk. The CISO will review and update the risk assessment at least annually. Additionally, at least annually (for external hosted applications) and following any significant change in operations (for all applications), the CISO is responsible for gathering information about the operation of previously identified risk mitigation strategies and any changes to information classification, identified risks or risk mitigation strategies. The CISO must evaluate the risk mitigation strategies for ongoing adequacy. The evaluation must be documented in a form prescribed by the CISO. If the CISO concludes that risk mitigation strategies are inadequate for an Information System containing confidential or internal information, action will be taken to either correct the inadequacy in a timely manner or discontinue use of the Information System.
Cybersecurity Procedures
The Sponsor has adopted procedures to implement the cybersecurity policy applicable to the Trust, which include the following:
There have been no cybersecurity incidents since the Trust has been founded.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
The CISO will identify reasonably foreseeable risks to the security or integrity of each Information System. The risk identification process will consider appropriate internal and external threat scenarios based on people, process or technology vulnerabilities that could cause the Information System to be compromised, damaged, tampered with or otherwise impaired.
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block]
|
There have been no cybersecurity incidents since the Trust has been founded.
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|The CISO will review and update the risk assessment at least annually. Additionally, at least annually (for external hosted applications) and following any significant change in operations (for all applications), the CISO is responsible for gathering information about the operation of previously identified risk mitigation strategies and any changes to information classification, identified risks or risk mitigation strategies. The CISO must evaluate the risk mitigation strategies for ongoing adequacy.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|The CISO is trained as a computer scientist (Master of Science) with extensive programming and system administration experience.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef