|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Cyber Risk Management and Strategy
As a part of the overall risk management system for the Trust, processes are in place to assess, identify and manage material risks from cybersecurity threats. The Trust does not have any directors, officers, or employees. The Sponsor, an indirect, wholly owned subsidiary of The Goldman Sachs Group, Inc. (“Goldman Sachs) and an affiliate of Goldman Sachs & Co. LLC, generally oversees the performance of the Trustee and the Trust’s principal service providers. The Trustee in turn is generally responsible for the
administration of the Trust. The Sponsor and the Trust rely on Goldman Sachs’ cybersecurity policy, which also applies to the Trust. The Sponsor and the Trust also rely on the systems of GS Group Inc., its third-party service providers, and the Trust’s service providers.
day-to-day
Goldman Sachs’ cybersecurity risk management processes are integrated into its overall risk management processes. Goldman Sachs has established an Information Security and Cybersecurity Program (the “Cybersecurity Program”), administered by Technology Risk within Engineering, and overseen by Goldman Sachs’ chief information officer. This program is designed to identify, assess, document, and mitigate threats, establish, and evaluate compliance with information security mandates, adopt and apply the security control framework, and prevent, detect, and respond to security incidents. The Cybersecurity Program is periodically reviewed and modified to respond to changing threats and conditions. A dedicated Operational Risk team, which reports to the chief risk officer of Goldman Sachs, provides oversight of the Cybersecurity Program, independent of Technology Risk, and assesses the operating effectiveness of the program against industry standard frameworks and risk ap
petite-approved operational risk limits and thresholds.
Goldman Sachs’ process for managing cybersecurity risk includes the critical components of its risk management framework, as well as the following:
In conjunction with third-party vendors and consultants, Goldman Sachs performs risk assessments to gauge the performance of the Cybersecurity Program, to estimate its risk profile and to assess compliance with relevant regulatory requirements. Goldman Sachs performs periodic assessments of control efficacy through its internal risk and control self-assessment process, as well as a variety of external technical assessments, including external penetration tests and “red team” engagements where third parties test its defenses. The results of these risk assessments, together with control performance findings, are used to establish priorities, allocate resources, and identify and improve controls. Goldman Sachs uses third parties, such as outside forensics firms, to augment its cyber incident response capabilities. Goldman Sachs and its third-party service providers have a vendor management program that documents a risk-based framework for managing third-party vendor relationships (including those of the Trust). Information security risk management is built into the vendor management process, which covers vendor selection, onboarding, performance monitoring and risk management.
Cyber Risk Governance
GS Group Inc.’s board of directors (the “GS Board”) provides strategic
oversighton cybersecurity matters generally, including oversight of material risks associated with cybersecurity threats. The GS Board, both directly and through its committees, including its Risk and Audit Committees, receives periodic reports and updates from an officer of Goldman Sachs regarding the overall state of the cybersecurity program, the current cybersecurity threat landscape, material risks from cybersecurity threats, cybersecurity incidents, risk management policies and/or risk assessment initiatives.
The chief risk officer, chief information officer and chief technology officer of Goldman Sachs among others, periodically brief the GS Board on operational and technology risks, including cybersecurity risks. The GS Board also receives regular briefings from the chief information security officer of Goldman Sachs (“CISO”) on a range of cybersecurity-related topics, including the status of the Cybersecurity Program, emerging cybersecurity threats, mitigation strategies and related regulatory engagements. In addition, these are topics on which various directors maintain an ongoing dialogue with the CISO, chief information officer, and chief technology officer.
The CISO is responsible for managing and implementing the Cybersecurity Program and reports directly to the chief information officer. The CISO oversees the Technology Risk team, which assesses and manages material risks from cybersecurity threats, sets firmwide control requirements, assesses adherence to controls, and oversees incident detection and response.
Goldman Sachs has a series of committees that oversee the implementation of the cybersecurity risk management strategy and framework. These committees are informed about cybersecurity incidents and risks by designated members of Technology Risk and Operational Risk teams, who periodically report to these committees about the Cybersecurity Program, including the efforts of the Technology Risk and Operational Risk teams to prevent, detect, mitigate and remediate incidents and threats. These committees enable formal escalation and reporting of risks, and the CISO and other members of Technology Risk provide regular briefings to these committees. The following are the primary committees and steering groups that oversee Goldman Sachs’ Cybersecurity Program:
Assessment of Cybersecurity Risk
The potential impact of risks from cybersecurity threats are assessed on an ongoing basis, and how such risks could materially affect the Trust’s business strategy, operational results, and financial condition are regularly evaluated. During the reporting period, the Trust did not identify any risks from cybersecurity threats, including previous cybersecurity incidents, that the Trust believes materially affected, or are reasonably likely to materially affect, the Trust, including its business strategy, operational results, and finan
cial condition.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
Goldman Sachs’ cybersecurity risk management processes are integrated into its overall risk management processes. Goldman Sachs has established an Information Security and Cybersecurity Program (the “Cybersecurity Program”), administered by Technology Risk within Engineering, and overseen by Goldman Sachs’ chief information officer. This program is designed to identify, assess, document, and mitigate threats, establish, and evaluate compliance with information security mandates, adopt and apply the security control framework, and prevent, detect, and respond to security incidents. The Cybersecurity Program is periodically reviewed and modified to respond to changing threats and conditions. A dedicated Operational Risk team, which reports to the chief risk officer of Goldman Sachs, provides oversight of the Cybersecurity Program, independent of Technology Risk, and assesses the operating effectiveness of the program against industry standard frameworks and risk ap
petite-approved operational risk limits and thresholds.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block]
|The potential impact of risks from cybersecurity threats are assessed on an ongoing basis, and how such risks could materially affect the Trust’s business strategy, operational results, and financial condition are regularly evaluated. During the reporting period, the Trust did not identify any risks from cybersecurity threats, including previous cybersecurity incidents, that the Trust believes materially affected, or are reasonably likely to materially affect, the Trust, including its business strategy, operational results, and finan
cial condition.
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|GS Group Inc.’s board of directors (the “GS Board”) provides strategic
oversighton cybersecurity matters generally, including oversight of material risks associated with cybersecurity threats. The GS Board, both directly and through its committees, including its Risk and Audit Committees, receives periodic reports and updates from an officer of Goldman Sachs regarding the overall state of the cybersecurity program, the current cybersecurity threat landscape, material risks from cybersecurity threats, cybersecurity incidents, risk management policies and/or risk assessment initiatives.
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|The chief risk officer, chief information officer and chief technology officer of Goldman Sachs among others, periodically brief the GS Board on operational and technology risks, including cybersecurity risks. The GS Board also receives regular briefings from the chief information security officer of Goldman Sachs (“CISO”) on a range of cybersecurity-related topics, including the status of the Cybersecurity Program, emerging cybersecurity threats, mitigation strategies and related regulatory engagements. In addition, these are topics on which various directors maintain an ongoing dialogue with the CISO, chief information officer, and chief technology officer.
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef