Dorman Products, Inc. 10-K Cybersecurity GRC - 2026-02-27

Page last updated on February 27, 2026

Dorman Products, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2026-02-27 16:14:56 EST.

Filings

10-K filed on 2026-02-27

Dorman Products, Inc. filed a 10-K at 2026-02-27 16:14:56 EST
Accession Number: 0000868780-26-000014

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. Cybersecurity Risk Assessment We depend on a variety of information systems and technologies (including the Internet, cloud technologies, and AI) (collectively, "IT Systems") to manage our business. We rely on these IT Systems for substantially all of our business operations, including supply chain, order processing, e-commerce, product development, human resources, legal, compliance, marketing, finance, accounting, and other business activities. Our core IT Systems consist mostly of purchased and licensed software programs that integrate together and with our internally developed solutions. As part of our risk management program, we monitor and assess the risks posed by cybersecurity threats to those internal and external systems and solutions and maintain an information security program designed to mitigate such risks. Our information security program includes the development, implementation, and improvement of policies and procedures to safeguard information and help ensure the availability of critical data and systems. To the extent we utilize third-party vendors to provide information technology services for various areas, such as human resources functions (e.g., payroll), we generally require these vendors to monitor and protect their information technology systems against cyber-attacks and other breaches. Our technology environment is managed by an experienced team of professionals who follow an extensive set of policies and procedures related to data security. Our program further includes review and assessment by external, independent third parties, who assess and report on our internal incident response preparedness and help identify areas for continued focus and improvement. With the assistance of one such reputable third party, we conduct biannual maturity assessments of our IT Systems against the National Institute of Standards of Technology ("NIST") Cybersecurity Framework. We also maintain insurance to mitigate the financial impact of cybersecurity events. To our knowledge, during 2025, there were no material cybersecurity incidents or threats that materially affected or are reasonably likely to materially affect our business strategy, results of operations, or financial condition. Governance Pursuant to its charter, the Audit Committee of our Board of Directors (the "Board") has oversight of the Company's information security program, including, but not limited to, risks regarding cybersecurity threats. In particular, the Audit Committee reviews with management the Company's key IT Systems and evaluates the adequacy of the Company's information security program, compliance, and controls. Our Senior Vice President and Chief Information Officer ("CIO") , who reports to our Chief Executive Officer, is responsible for the operation of our information security program. Our CIO is an IT veteran with over 25 years of experience in building and maturing cyber programs for large public companies. The CIO is supported by an internal team of certified security analysts who work in conjunction with leading security operations managed service providers to manage detection and response. 20 At least annually, we present a cyber risk report that highlights program governance, risks, and opportunities to our Board. We maintain a Security Committee, which is led by the CIO and is comprised of individuals from our IT department, including dedicated security team members with various security certifications. The Security Committee regularly reviews information security program governance and key performance indicators. These reviews typically include the number of events, the number of investigations, the mean response time, and cyber trends. The Security Committee oversees our security roadmap and ensures the monitoring of information security policies and procedures covering areas such as back-up and retention, acceptable use, disaster recovery, incident management, and passwords. The success of our information security program relies not only on ownership by the CIO's organization but also on an active and collaborative relationship within the business. We require all employees to complete cyber training annually. For 2025, the Company maintained a security learning management system with phishing simulations distributed regularly to enhance cyber resiliency. Additionally, we leverage communications, contests, policies, videos, and visuals to continuously raise awareness among employees.

Company Information