XML 45 R28.htm IDEA: XBRL DOCUMENT v3.25.4
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Dec. 31, 2025
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Risk Management and Strategy

We have processes in place for assessing, identifying, and managing material risks from potential unauthorized occurrences on or through our electronic information systems that could negatively impact the confidentiality, integrity, or availability of our information systems or the information held on such systems. These processes include controls, procedures, systems and tools that are designed to prevent, detect, or mitigate data loss, theft, misuse, unauthorized access, or other security incidents or vulnerabilities affecting the data. Such processes are set forth in our joint Cybersecurity Policy, Written Information Security Policy and Incident Response Plan with Stellus Capital Management (collectively, the “Cybersecurity Policy”). The Cybersecurity Policy also sets forth the role of our Chief Compliance Officer and our Information Security Team in preparing, implementing, and maintaining incident response procedures.

Our Chief Compliance Officer and Information Security Team are responsible for the development and implementation of policies and technical measures to reasonably prevent security incidents. At times we may also engage assessors, consultants, auditors or other third parties to assist with assessing, identifying and managing cybersecurity risk. As part of our risk management process, we conduct assessment and penetration testing, including regular trainings completed by employees of Stellus Capital Management who provide services to us pursuant to the Administration Agreement.

Material Impact of Cybersecurity Risks

As of the date of this Annual Report on Form 10-K, we are not aware of any material risks from cybersecurity threats that have materially affected, or are reasonably likely to materially affect, us, including our business strategy, results of operations, or financial condition. However, future incidents could have a material impact on our business. Additional information about the cybersecurity risks that we face is discussed in Item 1A of Part I, “Risk Factors,” in this Annual Report on Form 10-K under the heading “We, Stellus Capital Management and our portfolio companies are subject to risks associated with “phishing” and other cyber-attacks.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block]

We have processes in place for assessing, identifying, and managing material risks from potential unauthorized occurrences on or through our electronic information systems that could negatively impact the confidentiality, integrity, or availability of our information systems or the information held on such systems. These processes include controls, procedures, systems and tools that are designed to prevent, detect, or mitigate data loss, theft, misuse, unauthorized access, or other security incidents or vulnerabilities affecting the data. Such processes are set forth in our joint Cybersecurity Policy, Written Information Security Policy and Incident Response Plan with Stellus Capital Management (collectively, the “Cybersecurity Policy”). The Cybersecurity Policy also sets forth the role of our Chief Compliance Officer and our Information Security Team in preparing, implementing, and maintaining incident response procedures.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block]

Oversight of Cybersecurity Risks

Our cybersecurity risks and associated mitigation strategies are evaluated by our management and the Information Security Team as needed, but no less frequently than annually. On at least a quarterly basis, the Information Security Team reports to our Board on developments to cybersecurity risks we face. Such reports include, among other things, an overview of the controls and procedures related to assessing, identifying, and managing risks related to cybersecurity

threats, oversight of third-party service providers and related cybersecurity threats, and Information Security Team's evaluation of cybersecurity risks that are material to us.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] Board
Cybersecurity Risk Role of Management [Text Block] Our Chief Compliance Officer and Information Security Team are responsible for the development and implementation of policies and technical measures to reasonably prevent security incidents. At times we may also engage assessors, consultants, auditors or other third parties to assist with assessing, identifying and managing cybersecurity risk. As part of our risk management process, we conduct assessment and penetration testing, including regular trainings completed by employees of Stellus Capital Management who provide services to us pursuant to the Administration Agreement.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] Chief Compliance Officer and Information Security Team
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true