XML 27 R13.htm IDEA: XBRL DOCUMENT v3.25.3
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Sep. 27, 2025
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Item 1C. Cybersecurity.

 

Risk Management and Strategy

 

As a component of and integrated into our overall risk management strategy and system, we maintain a cybersecurity risk management program designed to assess, identify, manage and protect our information systems and data from unauthorized access, use, disclosure, disruption, modification or destruction. Our program is based on applicable industry frameworks and standards, including those provided by the National Institute of Standards and Technology, and is comprised of core functions to identify, protect, detect, respond to and recover from cybersecurity threats and events. We constantly monitor cybersecurity threats and test the performance and effectiveness of our cybersecurity program, with the assistance of third-party experts, on an annual and ongoing basis. We recognize the risks associated with the use of vendors, service providers and other third parties that provide information system services to us, process information on our behalf or have access to our information systems, and the Company has processes in place to oversee and manage these risks. We conduct thorough security assessments of these third-party engagements and maintain ongoing monitoring to ensure compliance with our cybersecurity standards. This monitoring includes both annual and ongoing assessments.

 

As described in “Item 1A. Risk Factors” in this Form 10-K, we are subject to risks from cybersecurity threats that could have a material adverse impact on our business and financial results. As of the date of this report, no risks from cybersecurity threats have materially affected or are reasonably likely to materially affect our business, results of operations, financial condition and cash flows.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block] As a component of and integrated into our overall risk management strategy and system, we maintain a cybersecurity risk management program designed to assess, identify, manage and protect our information systems and data from unauthorized access, use, disclosure, disruption, modification or destruction.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block] As of the date of this report, no risks from cybersecurity threats have materially affected or are reasonably likely to materially affect our business, results of operations, financial condition and cash flows.
Cybersecurity Risk Board of Directors Oversight [Text Block]

Governance

 

Our Information Services Department manages our cybersecurity risk management program which is overseen by the Vice President of Information Services. The Vice President of Information Services has a master’s degree in business administration with a focus on technology and has decades of professional experience in cybersecurity threat assessments and detection, applicable technologies, incident response and employee training. Our Information Services Department includes a team of experienced professionals who have developed an Incident Response Policy that is regularly reviewed and updated. The Incident Response Policy establishes the required steps to assess, respond to and limit the impact of an incident, details tactical and strategic team membership and points of contact related to the response process and provides for escalating notifications to senior executives, including the Chairman of the Board and Chief Executive Officer, depending on the severity of the threat.

 

The Board of Directors, having ultimate oversight of the company’s cybersecurity risk, receives annual and periodic updates on the cybersecurity program, including those related to material risks and incidents, from the Vice President of Information Services and participates in discussions regarding cybersecurity risks. Cybersecurity information provided to the Board comprises a broad range of topics including, but not limited to, emerging cybersecurity threats, ongoing cybersecurity initiatives, incident reports and compliance with regulatory requirements, industry standards and relevant benchmarking. In addition to Board oversight, we provide mandatory quarterly employee training on how to identify, assess and manage risks from cybersecurity threats.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] The Board of Directors, having ultimate oversight of the company’s cybersecurity risk, receives annual and periodic updates on the cybersecurity program, including those related to material risks and incidents, from the Vice President of Information Services and participates in discussions regarding cybersecurity risks
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] The Incident Response Policy establishes the required steps to assess, respond to and limit the impact of an incident, details tactical and strategic team membership and points of contact related to the response process and provides for escalating notifications to senior executives, including the Chairman of the Board and Chief Executive Officer, depending on the severity of the threat.
Cybersecurity Risk Role of Management [Text Block] The Incident Response Policy establishes the required steps to assess, respond to and limit the impact of an incident, details tactical and strategic team membership and points of contact related to the response process and provides for escalating notifications to senior executives, including the Chairman of the Board and Chief Executive Officer, depending on the severity of the threat.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] Our Information Services Department manages our cybersecurity risk management program which is overseen by the Vice President of Information Services
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] The Vice President of Information Services has a master’s degree in business administration with a focus on technology and has decades of professional experience in cybersecurity threat assessments and detection, applicable technologies, incident response and employee training.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] The Incident Response Policy establishes the required steps to assess, respond to and limit the impact of an incident, details tactical and strategic team membership and points of contact related to the response process and provides for escalating notifications to senior executives, including the Chairman of the Board and Chief Executive Officer, depending on the severity of the threat.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true