Dauch Corp 10-K Cybersecurity GRC - 2026-02-13

Page last updated on February 13, 2026

Dauch Corp reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2026-02-13 12:51:20 EST.

Filings

10-K filed on 2026-02-13

Dauch Corp filed a 10-K at 2026-02-13 12:51:20 EST
Accession Number: 0001062231-26-000020

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Cybersecurity Risk Management and Strategy We rely upon information technology (IT) networks and systems to process, transmit and store electronic information, and to manage or support a variety of critical manufacturing and business processes or activities. Additionally, we and certain of our third-party vendors collect and store personal or confidential information, including personally identifiable information, in connection with human resources operations and other aspects of our business. The secure operation of these information technology networks and systems and the proper processing and maintenance of this information are critical to our manufacturing and business operations. We have developed and implemented our Information Security Management System (ISMS), which includes robust processes for identifying, assessing and managing risks from cybersecurity threats. Cybersecurity risk is included in the Company's "Top Risks Assessment" under our enterprise risk management program as identified and monitored by our Risk Management Working Group. This group is comprised of leadership from the major functions within the Company and the enterprise risk management program includes the identification and continuous evaluation of the risks associated with the systems and information most critical to the Company and the processes and controls in place to protect the systems and information. Our ISMS leverages comprehensive cybersecurity frameworks and standards such as the National Institute of Standards and Technology (NIST) Cybersecurity Framework, the Center for Internet Security (CIS) Critical Security Controls, the Trusted Information Security Assessment Exchange (TISAX) standard, and the International Organization for Standardization (ISO) 27001 standard for information security. Our ISMS is built upon a balance of people, processes and technologies comprised of, among other elements: 1) 24/7 security monitoring using internal and third-party resources; 2) security awareness and phishing testing; 3) periodic table-top and live-fire exercises; 4) high system availability and business continuity; and 5) comprehensive incident response and escalation plans. Further, in support of our ISMS, we utilize certain third-party service providers, primarily in the following capacities: 1) incident response partners that assist with performing incident simulations and who are available to assist in the event of an actual cybersecurity incident; 2) third-party experts to conduct penetration testing on Company systems and certain third-party systems, as necessary; and 3) leveraging third-party expertise to assist with testing IT controls and performing gap analysis over IT processes and procedures. Our Chief Information Security Officer (CISO) manages and monitors these third-party service provider relationships and works closely with the Company's information security, procurement, legal and internal audit departments to ensure proper evaluation and security assessment of critical third-party service providers and data processors. Cybersecurity Governance The Information Security Council (ISC), comprised of leadership representatives from across the organization, meets periodically to discuss current threats and trends and the resulting information security initiatives and priorities. The ISC members provide support for policy changes and insights into how the information security team can most effectively educate, communicate, and support the Company. The ISC is led by our Chief Information Officer (CIO) and CISO, our frontline business leaders with regard to cybersecurity risk management. Our CIO has been an IT professional in various capacities for over 25 years and maintains the following certifications: Certified CISO, Certified Information Systems Security Professional, Certified Cloud Security Professional, and Certified Information Privacy Technologist. 24 Our Board of Directors and its committees play an active role in overseeing our key risks. Our cybersecurity risk management processes and strategy are governed by the Audit Committee of our Board of Directors. Management provides quarterly reports to the Audit Committee that include, among other items: 1) the Company's cybersecurity scorecard, which includes certain key performance indicators (KPIs) and provides quantitative measures of these KPIs; 2) industry security trends and outlook; 3) an update on the Company's security program and roadmap; 4) current quarter IT security accomplishments; and 5) IT security priorities for the following quarter. In addition, on an annual basis, management reports to the Audit Committee the results of our system availability and disaster recovery testing for our enterprise systems, as well as the results of our incident response testing and corresponding action plans. Although no cybersecurity incidents during the year ended December 31, 2025 had a material impact on our strategy, financial condition or results of operations, the scope and impact of any future incident cannot be predicted. See Item 1A. "Risk Factors" for additional discussion regarding our IT and cybersecurity risks. 25

Company Information