Item 1C. Cybersecurity

Risk Management and Strategy

​

We recognize the critical importance of maintaining the safety and security of our systems and data and have a holistic process for overseeing and managing cybersecurity and related risks. We and our subsidiaries depend on the accuracy, capacity, and security of our information technology systems and those used by our third-party service providers. To protect the confidentiality, integrity, and availability of our critical systems and information, we have developed and implemented a cybersecurity risk management program that includes a cybersecurity incident response plan. Our operating subsidiaries operate and manage on a decentralized basis, and their software is not integrated with each other or with us. Our cybersecurity risk management program covers our businesses and is crafted following frameworks established by the National Institute of Standards and Technology (NIST). While using these frameworks guides our approach to identifying, assessing, and managing cybersecurity risks relevant to our business, it does not imply compliance with any specific technical standards, specifications or requirements. The program is integrated into our overall enterprise risk management program, and shares common methodologies, reporting channels and governance processes that apply across the enterprise risk management program to other legal, compliance, strategic, operational, and financial risk areas. In addition, our program emphasizes the maintenance of controls and procedures for the prompt escalation of certain cybersecurity incidents, conducting cybersecurity risk assessments, regularly assessing and deploying technical safeguards, establishing incident response and recovery plans, and mandating annual privacy and cybersecurity training for employees to enhance awareness and response to cybersecurity threats.

​

We maintain that no identified risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents, have materially affected or are reasonably likely to materially affect our operations, business strategy, results of operations, or financial condition.

​

Governance

​

The Board of Directors of the General Partner, along with the Board’s Audit Committee, oversees the management of cybersecurity risks, receiving regular reports from management on the prevention, detection, mitigation, and remediation of cybersecurity incidents, as well as on material security risks and vulnerabilities. The Audit Committee is updated on cybersecurity risks, risk reduction initiatives, external auditor feedback, control maturity assessments, and relevant cybersecurity incidents within our industry. The Audit Committee reports to the full Board of Directors regarding its activities, including those related to cybersecurity. Board members receive presentations on cybersecurity topics from our Chief Information Officer (CIO), internal security staff or external experts as part of the Board of Directors’ continuing education on topics that impact public companies.

Our cybersecurity governance committee led by our management team and our CIO with 15 years of experience in cybersecurity and a CISSP certification, bears the primary responsibility for assessing and managing material cybersecurity risks. Regular meetings are held to review security performance metrics, identify security risks, assess the status of security enhancements, and make recommendations on security policies, procedures, service requirements, and risk mitigation strategies.