SunOpta Inc. 10-K Cybersecurity GRC - 2026-03-04

Page last updated on March 4, 2026

SunOpta Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2026-03-04 10:12:08 EST.

Filings

10-K filed on 2026-03-04

SunOpta Inc. filed a 10-K at 2026-03-04 10:12:08 EST
Accession Number: 0001062993-26-001270

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk Management and Strategy Our cybersecurity program is strategically crafted to achieve the paramount goals of identifying, protecting, detecting, and responding to all potential risks and threats . Employing a defense-in-depth strategy, we proactively identify, investigate, and resolve vulnerabilities and security incidents in a timely manner. Continuous improvement is integral to our cybersecurity approach. Regular assessments conducted against national security standards, together with annual internal and external penetration testing performed by a third-party security firm, allow us to quantify our program's effectiveness. The insights gained from these assessments serve as a foundation for continuous improvement efforts. Outcomes are reported to our Audit Committee for transparency and accountability. We rely on services from a variety of third-party providers to supply things such as cloud storage and networks. On an annual basis, we review these providers to assess their risk profiles. We rely on these third parties to have their own cybersecurity programs commensurate with their risk, and we cannot ensure in all circumstances that their efforts will be successful. Impact of Cybersecurity Risks and Threats Despite facing directed attacks, our systems have withstood such challenges without material interruptions to our business operations. As of the date of this filing, we have not identified any cybersecurity threats or incidents that have materially affected or are reasonably likely to materially affect our business strategy, results of operations, or financial condition. However, there can be no assurance that we, or our third-party business partners or service providers, will not experience a cybersecurity threat or incident in the future that could materially adversely affect our business strategy, results of operations, or financial condition. Recognizing the potential impact of significant disruptions, we remain steadfast in our commitment to fortify our systems against evolving threats. Any significant disruption to our ability to transact business could adversely affect our business performance as well as our reputation. Refer to Item 1A "Risk Factors - Our business operations could be disrupted if our information technology systems fail to perform adequately or are breached." Governance Heading our cybersecurity program is our Chief Information Officer ("CIO"). Our CIO has over 30 years of experience in Software Engineering and Information Technology/Cybersecurity and is supported by skilled professionals from our Information Technology team . This seasoned team provides regular updates to our Enterprise Risk Management Steering Committee (the "ERM"), composed of our Chief Executive Officer, Chief Financial Officer, General Counsel, and other members of our senior leadership. Our Audit Committee and Board of Directors receive regular reports from the ERM, as well as directly from our CIO on a quarterly basis. These reports cover various cybersecurity matters, including risk assessments, mitigation strategies, areas of emerging risks, incidents and industry trends, and other areas of importance. Furthermore, our Board of Directors takes a proactive stance in overseeing our annual enterprise risk assessment. This comprehensive evaluation encompasses key risks, including those associated with security, technology, and cybersecurity threats, demonstrating our commitment to robust governance and risk management. SUNOPTA INC. 21 January 3, 2026 Form 10-K

Company Information