|
Cybersecurity Risk Management, Strategy, and Governance
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Item 1C. Cybersecurity.
Cybersecurity Risk Management and Strategy
As an externally managed closed-end management investment company that has elected to be regulated as a BDC under the 1940 Act, our day-to-day operations are managed by the Adviser, Administrator and our executive officers under the oversight of our Board of Trustees. Our executive officers are senior professionals of Onex Credit and each of the Adviser and Administrator is a subsidiary of Onex Corp. As such, we are reliant on Onex Corp. for assessing, identifying and managing material risks to our business from cybersecurity threats. Below are details Onex Corp. has provided to us regarding its cybersecurity program that are relevant to us.
Onex Corp. has established a dedicated cybersecurity team which maintains a comprehensive firmwide cybersecurity program to protect its systems, operations and the information stored within. Onex Corp.’s Audit, Nominating and Corporate Governance Committee receives at minimum, quarterly cybersecurity updates from the Managing Director – Enterprise Technology, who leads Onex Corp.’s program and who works closely with senior management to develop and advance Onex’s cybersecurity strategy.
As part of Onex Corp.’s ongoing cybersecurity operations, the cybersecurity team regularly conducts testing to identify vulnerabilities that could be exploited by attackers often using various automated tools as well as a managed service provider. The team examines and validates the cybersecurity program and cyber risk posture annually with third parties, measuring it against industry standards and established frameworks, such as the National Institute of Standards and Technology (“NIST”), Center for Internet Security and the International Organization for Standardization (ISO). Onex maintains a comprehensive Security Incident Response Policy, an Incident Response Plan, and Incident Response Playbooks to ensure that any non-routine events are properly investigated and escalated where necessary. On an annual basis, these plans, policies and processes are validated and practiced with senior executives and representatives from key areas of the firm through a cyber-incident tabletop simulation exercise. Onex Corp. engages with a Managed Security Services Provider (the “MSSP”) who conducts vulnerability scanning and cyber threat intelligence on a weekly basis at minimum. Additionally, third-party cybersecurity consultants are engaged to perform penetration testing on a bi-annual basis. The findings are reviewed, prioritized and remediated in alignment with the recommendations from the external consultant.
In addition to Onex Corp.’s cybersecurity team’s internal exercises to test aspects of its cybersecurity program, Onex Corp. periodically engages independent third parties to assess the risks associated with its information technology resources and information assets. Among other matters, these third parties analyze data on the interactions of users of enterprise information technology resources, including employees, and conduct penetration tests and scanning exercises to assess the performance of the cybersecurity systems and processes.
Onex Corp. maintains a formal cybersecurity risk management process and cybersecurity risk register, designed to track cybersecurity risks at the firm, and integrates these processes into the firm’s overall risk management practices described above. Onex Corp.’s cybersecurity management team periodically discusses and reviews cybersecurity risks and related mitigants at its Cybersecurity Excellence Quarterly Forum.
Onex Corp. employs a process designed to assess, typically prior to onboarding, the cybersecurity risks associated with the engagement of third-party vendors, including those of its externally managed companies such as us. This assessment is conducted on the basis of, among other factors, the types of services provided and the extent and type of data accessed or processed by a third-party vendor. On the basis of its preliminary risk assessment of a third-party vendor, Onex Corp. may conduct further cybersecurity reviews or request remediation of, or contractual protections related to, any actual or potential identified cybersecurity risks. In addition, where appropriate, Onex Corp. seeks to include in its contractual arrangements with certain of its third-party vendors provisions addressing best practices with respect to data and cybersecurity, as well as the right to assess, monitor, audit and test such vendors’ cybersecurity
programs and practices. Onex Corp. also utilizes a number of digital controls, which are reviewed at least annually, to monitor and manage third-party access to its internal systems and data.
For a discussion of how risks from cybersecurity threats affect our business, and our reliance on Onex Corp. and its affiliates in managing these risks, see “Item 1A. Risk Factors— Risks Related to Our Business and Structure—We may face a breach of our cyber security, which could result in adverse consequences to our operations and exposure of confidential information” in this Annual Report on Form 10-K.
Cybersecurity Governance
Onex Corp. has a dedicated cybersecurity team, led by the Managing Director – Enterprise Technology Services, who works closely with senior management, including Onex Corp.’s Chief Financial Officer, to develop and advance the firm’s cybersecurity strategy, which applies to us.
The Managing Director – Enterprise Technology and Manager, Cybersecurity has extensive experience in technology and cybersecurity, respectively. The cybersecurity team of Onex Corp. is responsible for all aspects of cyber security across Onex.
The Managing Director – Enterprise Technology has 18 years of IT experience across financial services, healthcare and manufacturing industries in Canada including as the VP Financial Crimes and Enterprise Risk Technology at CIBC that provided cybersecurity platforms and services to protect the bank. Reporting to the Managing Director – Enterprise Technology, is the Manager, Cybersecurity who has over 15 years of experience in cybersecurity including Incident Readiness and Response, Strategy, GRC, Vulnerability and Threat Management, Business Continuity, Disaster Recovery. The Manager, Cybersecurity holds the CISSP (Certified Information Systems Security Professional) designation, has a BSc in Business Information Systems, and a Cybersecurity Bootcamp Certification from the University of Toronto. Reporting to the Manager, Cybersecurity is an IT Security Analyst who has over 5 years of experience in cybersecurity, including Digital Forensics, Identity and Access Management, Third-Party Risk Management. The IT Security Analyst also has a BSc in Forensic Science, an MSc in Information Security and Digital Forensics, and is currently pursuing a PHD in Information Systems and Design.
Onex Corp. conducts periodic cybersecurity risk assessments, including assessments or audits of third-party vendors, and assists with the management and mitigation of identified cybersecurity risks. The cybersecurity team of Onex Corp. reviews the cybersecurity framework annually as well as on an event-driven basis as necessary. Onex Corp.’s cybersecurity team and Onex Corp.’s MSSP also review the scope of the cybersecurity measures periodically, including in the event of a change in business practices that may implicate the security or integrity of Onex Corp.’s and its affiliates’ information and systems.
Our Board is responsible for understanding the primary risks to our business. The Board is responsible for reviewing periodically our and the Adviser’s information technology security controls and related compliance matters, with management. Onex Corp.’s cybersecurity team reports to the Board at least annually on cybersecurity matters, including risks facing us and the Adviser and, as applicable, certain incidents. In addition to such periodic reports, the Board or a committee thereof may receive updates from management as to our and the Adviser’s cybersecurity risks and Onex Corp.’s cybersecurity program developments.
Impact of Cybersecurity Risks
In 2024, we did not experience a material cybersecurity incident. While we do not believe that our business strategy, results of operations or financial condition have been materially adversely affected by any cybersecurity incidents, we describe whether and how future incidents could have a material impact on our business strategy, results of operations or financial condition in “Risks Related to Our Business and Structure— We may face a breach of our cyber security, which could result in adverse consequences to our operations and exposure of confidential information.”
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
Onex Corp. maintains a formal cybersecurity risk management process and cybersecurity risk register, designed to track cybersecurity risks at the firm, and integrates these processes into the firm’s overall risk management practices described above. Onex Corp.’s cybersecurity management team periodically discusses and reviews cybersecurity risks and related mitigants at its Cybersecurity Excellence Quarterly Forum.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Cybersecurity Governance
Onex Corp. has a dedicated cybersecurity team, led by the Managing Director – Enterprise Technology Services, who works closely with senior management, including Onex Corp.’s Chief Financial Officer, to develop and advance the firm’s cybersecurity strategy, which applies to us.
The Managing Director – Enterprise Technology and Manager, Cybersecurity has extensive experience in technology and cybersecurity, respectively. The cybersecurity team of Onex Corp. is responsible for all aspects of cyber security across Onex.
The Managing Director – Enterprise Technology has 18 years of IT experience across financial services, healthcare and manufacturing industries in Canada including as the VP Financial Crimes and Enterprise Risk Technology at CIBC that provided cybersecurity platforms and services to protect the bank. Reporting to the Managing Director – Enterprise Technology, is the Manager, Cybersecurity who has over 15 years of experience in cybersecurity including Incident Readiness and Response, Strategy, GRC, Vulnerability and Threat Management, Business Continuity, Disaster Recovery. The Manager, Cybersecurity holds the CISSP (Certified Information Systems Security Professional) designation, has a BSc in Business Information Systems, and a Cybersecurity Bootcamp Certification from the University of Toronto. Reporting to the Manager, Cybersecurity is an IT Security Analyst who has over 5 years of experience in cybersecurity, including Digital Forensics, Identity and Access Management, Third-Party Risk Management. The IT Security Analyst also has a BSc in Forensic Science, an MSc in Information Security and Digital Forensics, and is currently pursuing a PHD in Information Systems and Design.
Onex Corp. conducts periodic cybersecurity risk assessments, including assessments or audits of third-party vendors, and assists with the management and mitigation of identified cybersecurity risks. The cybersecurity team of Onex Corp. reviews the cybersecurity framework annually as well as on an event-driven basis as necessary. Onex Corp.’s cybersecurity team and Onex Corp.’s MSSP also review the scope of the cybersecurity measures periodically, including in the event of a change in business practices that may implicate the security or integrity of Onex Corp.’s and its affiliates’ information and systems.
Our Board is responsible for understanding the primary risks to our business. The Board is responsible for reviewing periodically our and the Adviser’s information technology security controls and related compliance matters, with management. Onex Corp.’s cybersecurity team reports to the Board at least annually on cybersecurity matters, including risks facing us and the Adviser and, as applicable, certain incidents. In addition to such periodic reports, the Board or a committee thereof may receive updates from management as to our and the Adviser’s cybersecurity risks and Onex Corp.’s cybersecurity program developments.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Our Board is responsible for understanding the primary risks to our business. The Board is responsible for reviewing periodically our and the Adviser’s information technology security controls and related compliance matters, with management.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Onex Corp.’s cybersecurity team reports to the Board at least annually on cybersecurity matters, including risks facing us and the Adviser and, as applicable, certain incidents. In addition to such periodic reports, the Board or a committee thereof may receive updates from management as to our and the Adviser’s cybersecurity risks and Onex Corp.’s cybersecurity program developments.
|Cybersecurity Risk Role of Management [Text Block]
|
Onex Corp. has a dedicated cybersecurity team, led by the Managing Director – Enterprise Technology Services, who works closely with senior management, including Onex Corp.’s Chief Financial Officer, to develop and advance the firm’s cybersecurity strategy, which applies to us.
The Managing Director – Enterprise Technology and Manager, Cybersecurity has extensive experience in technology and cybersecurity, respectively. The cybersecurity team of Onex Corp. is responsible for all aspects of cyber security across Onex.
The Managing Director – Enterprise Technology has 18 years of IT experience across financial services, healthcare and manufacturing industries in Canada including as the VP Financial Crimes and Enterprise Risk Technology at CIBC that provided cybersecurity platforms and services to protect the bank. Reporting to the Managing Director – Enterprise Technology, is the Manager, Cybersecurity who has over 15 years of experience in cybersecurity including Incident Readiness and Response, Strategy, GRC, Vulnerability and Threat Management, Business Continuity, Disaster Recovery. The Manager, Cybersecurity holds the CISSP (Certified Information Systems Security Professional) designation, has a BSc in Business Information Systems, and a Cybersecurity Bootcamp Certification from the University of Toronto. Reporting to the Manager, Cybersecurity is an IT Security Analyst who has over 5 years of experience in cybersecurity, including Digital Forensics, Identity and Access Management, Third-Party Risk Management. The IT Security Analyst also has a BSc in Forensic Science, an MSc in Information Security and Digital Forensics, and is currently pursuing a PHD in Information Systems and Design.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|
Onex Corp. has a dedicated cybersecurity team, led by the Managing Director – Enterprise Technology Services, who works closely with senior management, including Onex Corp.’s Chief Financial Officer, to develop and advance the firm’s cybersecurity strategy, which applies to us.
The Managing Director – Enterprise Technology and Manager, Cybersecurity has extensive experience in technology and cybersecurity, respectively. The cybersecurity team of Onex Corp. is responsible for all aspects of cyber security across Onex.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|The Managing Director – Enterprise Technology has 18 years of IT experience across financial services, healthcare and manufacturing industries in Canada including as the VP Financial Crimes and Enterprise Risk Technology at CIBC that provided cybersecurity platforms and services to protect the bank. Reporting to the Managing Director – Enterprise Technology, is the Manager, Cybersecurity who has over 15 years of experience in cybersecurity including Incident Readiness and Response, Strategy, GRC, Vulnerability and Threat Management, Business Continuity, Disaster Recovery. The Manager, Cybersecurity holds the CISSP (Certified Information Systems Security Professional) designation, has a BSc in Business Information Systems, and a Cybersecurity Bootcamp Certification from the University of Toronto. Reporting to the Manager, Cybersecurity is an IT Security Analyst who has over 5 years of experience in cybersecurity, including Digital Forensics, Identity and Access Management, Third-Party Risk Management. The IT Security Analyst also has a BSc in Forensic Science, an MSc in Information Security and Digital Forensics, and is currently pursuing a PHD in Information Systems and Design.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|Onex Corp.’s cybersecurity team reports to the Board at least annually on cybersecurity matters, including risks facing us and the Adviser and, as applicable, certain incidents.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef