The Company, the Advisor and StepStone Group are affiliates of StepStone Group Inc., a Delaware corporation listed on the Nasdaq Stock Market LLC and whose securities are registered with the SEC pursuant to Section 12(b) of the Exchange Act. In general, the Company relies upon the information systems and other enterprise services provided by StepStone Group Inc. and its subsidiaries, including StepStone Group and the Advisor (together, “STEP”).

STEP maintains a cybersecurity program that is reasonably designed to protect the Company’s information, and that of the Company’s portfolio companies and investors, against cybersecurity threats that may result in significant adverse effects on the confidentiality, integrity, and availability of the information systems of STEP and its affiliates.

Governance.

Board of Directors

At the Company level, the Company’s Board oversees and monitors enterprise risk management at the Company, including with respect to cybersecurity and information security risk. The Company’s Board and disclosure review team are expected to receive periodic reports and updates from the Head of CISO, as applicable in the context of risks from cybersecurity threats that may impact the Company. STEP has a framework under which certain cybersecurity incidents are escalated within the Company and STEP and, where appropriate, reported to the Company Board, STEP Board or Audit Committee in a timely manner.

Management

Risk Management and Strategy.

In addition to the foregoing, STEP conducts regular employee trainings on cybersecurity, which trainings apply to the Company’s officers and employees of the Advisor, and performs phishing exercises to test employees’ understanding of how to identify social engineering attacks. STEP performs diligence, including in respect of information security, of vendors and third parties with significant access to confidential information and personal data, and periodically monitors such vendors, including such vendors relied upon by the Company and the Advisor. STEP also employs systems and processes designed to oversee, identify, and reduce the potential impact of a security incident at a third-party vendor, service provider or customer or otherwise implicating the third-party technology and systems STEP and its affiliates use. STEP conducts annual penetration testing performed by a rotating group of third-party security firms to test STEP’s technical controls and security response. STEP’s internal audit team has also conducted a cybersecurity assessment to evaluate STEP’s preparedness against potential cyber risks and threats. In addition to its internal cybersecurity capabilities and third-party penetration testing, STEP also, at times, engages consultants or other third parties to assist with assessing, identifying, and managing cybersecurity risks.

STEP takes a multifaceted approach to managing risk from cybersecurity threats. STEP’s cybersecurity program leverages people, processes, and technology to identify and respond to cybersecurity threats in a timely manner. STEP’s information security program, and supporting policies apply to all employees, contractors and vendors servicing the firm, including employees of the Advisor. The program outlines the development, maintenance, and distribution of information security policies and procedures that detail the implementation and maintenance of the information security program and its safeguards, and cover various areas such as information handling, user access management, encryption, data retention and backups, computer and network security and monitoring, physical security, incident reporting and response, service provider oversight, and employee and contractor use of technology. STEP also undergoes annual SOC 1 Type 2 testing of its financial processes and supporting technical controls.

The Board of Directors of StepStone Group Inc. (“STEP Board”) oversees STEP’s processes for assessing and managing risk. The STEP Board’s Audit Committee is responsible for reviewing and discussing STEP’s practices with respect to risk assessment and risk management, and risks related to matters, including information technology and cybersecurity. The STEP Board and Audit Committee regularly review the measures implemented by STEP to identify and mitigate risks from cybersecurity threats. As part of such reviews, the STEP Board and Audit Committee receive reports and presentations from those responsible for overseeing STEP’s cybersecurity risk management, including the Partner, Head of Information Technology & CISO (“Head of CISO”) and STEP’s Legal team, which may address a wide range of topics including recent developments, evolving standards, vulnerability assessments, third-party and independent reviews, the threat environment, technological trends and information security considerations arising with respect to STEP’s peers, industry participants, service providers and other third parties. The Head of CISO also periodically presents to the STEP Board and its Audit Committee, including to describe STEP’s information security infrastructure and improvements made, and to report on any significant developments in respect to STEP. From time to time, external legal advisers provide education to the STEP Board and/or Audit Committee in respect of information security related developments and to provide training in respect of directors’ responsibilities.

At the management level, the STEP Head of CISO, who has extensive cybersecurity knowledge and skills gained from over 20 years of work experience at STEP and elsewhere, heads the team responsible for implementing, monitoring and maintaining cybersecurity and data protection practices and reports directly to the President and Co-Chief Operating Officer of STEP. The Head of CISO receives reports on cybersecurity threats from his team and external service providers on an ongoing basis and, in conjunction with management, reviews risk management measures implemented by STEP to identify and mitigate data protection and cybersecurity risks, including those applicable to the Company and the Advisor. The Head of CISO works closely with the STEP Legal and Compliance departments to oversee compliance with legal, regulatory and contractual security requirements and in developing reports and presentations to the STEP Board and its Audit Committee, as well as to the Company’s Board. The Head of CISO is responsible for providing regular training to STEP employees, including employees of the Advisor, in respect of information security.