ITEM 1A. RISK FACTORS

The Company’s business involves a number of risks, some of which are beyond its control. The risk and uncertainties described below are not the only ones the Company faces. The risk and uncertainties described below are not the only ones the Company faces. Set forth below is a discussion of the risks and uncertainties that management believes to be material to the Company. Set forth below is a discussion of the risks and uncertainties that management believes to be material to the Company.

Economic Trends

Adverse global economic conditions, when they occur, may create conditions such as increases in inflation, higher interest rates, a general tightening in the credit markets, lower levels of liquidity, increases in the rates of default and bankruptcy, and volatility in credit, equity and fixed income markets. Any or all of these developments can negatively affect the Company’s business, operating results or financial condition in a number of ways. Any or all of these developments can negatively affect the Company’s business, operating results or financial condition in a number of ways. For example, current or potential customers may be unable to fund capital spending programs, new product launches of other similar endeavors whereby they might procure services from the Company, and therefore delay, decrease or cancel purchases of services or not pay or delay paying for previously purchased services. For example, current or potential customers may be unable to fund capital spending programs, new product launches of other similar endeavors whereby they might procure services from the Company, and therefore delay, decrease or cancel purchases of services or not pay or delay paying for previously purchased services. In addition, these conditions may cause the Company to incur increased expenses or make it more difficult either to utilize existing debt capacity or otherwise obtain financing for operations, investing activities (including the financing of any future acquisitions), or financing activities, all of which could adversely affect the Company’s business, financial condition and results of operations. In addition, these conditions may cause the Company to incur increased expenses or make it more difficult either to utilize existing debt capacity or otherwise obtain financing for operations, investing activities (including the financing of any future acquisitions), or financing activities, all of which could adversely affect the Company’s business, financial condition and results of operations.

Government Regulations

Staffing firms and employment service providers are generally subject to one or more of the following types of government regulation: (1) regulation of the employer/employee relationship between a firm and its employees, including tax withholding or reporting, social security or retirement, benefits, workplace compliance, wage and hour, anti-discrimination, immigration and workers’ compensation; (2) registration, licensing, record keeping and reporting requirements; and (3) federal contractor compliance. Failure to comply with these regulations could result in the Company incurring penalties and other liabilities, monetary and otherwise. Failure to comply with these regulations could result in the Company incurring penalties and other liabilities, monetary and otherwise.

Highly Competitive Business

The staffing services and outsourcing markets are highly competitive and have limited barriers to entry. The Company competes in global, national, regional, and local markets with numerous temporary staffing and permanent placement companies. RCM competes in global, national, regional, and local markets with numerous temporary staffing and permanent placement companies. Price competition in the staffing industry is significant and pricing pressures from competitors and customers are increasing. Price competition in the staffing industry is significant and pricing pressures from competitors and customers are increasing. In addition, there is increasing pressure on companies to outsource certain areas of their business to low cost offshore outsourcing firms. In addition, there is increasing pressure on companies to outsource certain areas of their business to low cost offshore outsourcing firms. The Company expects that the level of competition will remain high in the future, which could limit the Company’s ability to maintain or increase its market share or profitability. RCM expects that the level of competition will remain high in the future, which could limit RCM’s ability to maintain or increase its market share or profitability. Our inability to compete successfully with our competitors could adversely affect the Company’s business, financial condition and results of operations. Our inability to compete successfully with our competitors could adversely affect the Company’s business, financial condition and results of operations.

Seasonality of Business

As described in “Item 1. Business,” our operating results are subject to seasonal fluctuations, with reduced demand often occurring during the first quarter of the year when clients are finalizing their engineering and life sciences, data and solutions budgets, and also during periods in which there are a substantial amount of holidays and season vacations. In particular, one of the largest customers in our Specialty Health Care group, the New York City Department of Education, significantly reduces activity during the third quarter, when schools are closed for summer recess. In particular, one of the largest customers in our Specialty Health Care group, the New York City Department of Education, significantly reduces activity during the third quarter, when schools are closed for summer recess. Our operating results for any given period may fluctuate as a result of the timing of holidays, vacations and other events, and if we were to experience unfavorable performance during periods in which we would otherwise expect to have high seasonal demand, we may have limited ability to make up for such performance during periods of seasonally lower demand. Our operating results for any given period may fluctuate as a result of the timing of holidays, vacations and other events, and if we were to experience unfavorable performance during periods in which we would otherwise expect to have high seasonal demand, we may have limited ability to make up for such performance during periods of seasonally lower demand.

ITEM 1A. RISK FACTORS (CONTINUED)

Events Affecting Significant Customers

As disclosed in “Item 1. Business,” during the fiscal year ended December 28, 2024, the Company had two customers exceed 10% of consolidated revenue, representing 19.5% and 14.1% of consolidated revenue. The Company’s five, ten and twenty largest customers accounted for approximately 48.5%, 60.1% and 70.6%, respectively, of the Company’s revenue for the fiscal year ended December 28, 2024. The Company’s customers may be affected by the current state of the economy or developments in the credit markets or may engage in mergers or similar transactions. In addition, customers may choose to reduce the business they do with the Company for other reasons or no reason. In addition, customers may choose to reduce the business they do with RCM for other reasons or no reason. The Company could also be materially impacted by actions of prime contractors whereby the Company derives revenue through a subcontractor relationship. The Company could also be materially impacted by actions of prime contractors whereby the Company derives revenues through a subcontractor relationship. Should any significant customers experience a downturn in their business that weakens their financial condition or merge with another company or otherwise cease independent operation, or limit their relationship with us, it is possible that the business that the customer does with the Company would be reduced or eliminated, which could adversely affect the Company’s business, financial condition and results of operations. Should any significant customers experience a downturn in their business that weakens their financial condition or merge with another company or otherwise cease independent operation, or limit their relationship with us, it is possible that the business that the customer does with the Company would be reduced or eliminated, which could adversely affect the Company’s business, financial condition and results of operations.

Subcontractors, Transit Accounts Receivable and Transit Accounts Payables Related to Construction Management Contracts

The Company’s Engineering segment has entered into arrangements to provide construction management and engineering services to customers under which arrangements the Company then engages subcontractors to provide the construction services. Ultimately, as a primary contractor, the Company is responsible for the nonperformance or negligence of its subcontractors, whom the Company requires to be adequately insured and to issue performance bonds for their assignment. Ultimately, as a primary contractor, the Company is responsible for the nonperformance or negligence of its subcontractors, whom the Company requires to be adequately insured and to issue performance bonds for their assignment. Should a subcontractor not perform or act negligently and should there be inadequate insurance or performance bonds in place, the Company might not be able to mitigate its primary liability to the customer, and the Company’s business, financial condition and results of operations could be materially adversely affected. Should a subcontractor not perform or act negligently and should there be inadequate insurance or performance bonds in place, the Company might not be able to mitigate its primary liability to the customer, and the Company’s business, financial condition and results of operations could be materially adversely affected. In addition, while payments to subcontractors typically are due from the Company only after the Company receives payment from the ultimate customer, the Company faces the risk that, should a customer not pay the Company, or should a subcontractor demand payment from the Company prior to the Company’s receipt of payment from its customer, the Company’s business, financial condition and results of operations could be materially adversely affected. In addition, while payments to subcontractors typically are due from the Company only after the Company receives payment from the ultimate customer, the Company faces the risk that, should a customer not pay the Company, or should a subcontractor demand payment from the Company prior to the Company’s receipt of payment from its customer, the Company’s business, financial condition and results of operations could be materially adversely affected.

Dependence Upon Personnel

The Company’s operations depend on the continued efforts of its officers and other executive management. The loss of key officers and members of executive management may cause a significant disruption to the Company’s business. The loss of key officers and members of executive management may cause a significant disruption to the Company’s business.

The Company also depends on the performance and productivity of its local managers and field personnel. The Company’s ability to attract and retain new business is significantly affected by local relationships and the quality of service rendered. The loss of key managers and field personnel may also jeopardize existing client relationships with businesses that continue to use the Company’s services based upon past relationships with local managers and field personnel. The loss of key managers and field personnel may also jeopardize existing client relationships with businesses that continue to use the Company’s services based upon past relationships with local managers and field personnel. In order to fulfill the requirements of the Company’s customers, the Company must be able to recruit and retain appropriate personnel for client assignments. In order to fulfill the requirements of the Company’s customers, the Company must be able to recruit and retain appropriate personnel for client assignments.

ITEM 1A. RISK FACTORS (CONTINUED)

Revolving Credit Facility and Liquidity

If the Company were unable to borrow under its Revolving Credit Facility (see “Item 7. Management’s Discussion and Analysis of Financial Condition and Results of Operations – Liquidity and Capital Resources – Financing Activities”), it may adversely affect the Company’s liquidity, results of operations and financial condition. The Company’s liquidity depends on its ability to generate sufficient cash flows from operations and, from time to time, borrowings under the Revolving Credit Facility with the Company’s agent lender Citizens Bank of Pennsylvania. The Company believes that Citizens Bank is liquid and is not aware of any current risk that they will become illiquid. However, should Citizens Bank experience limitations on its liquidity, our access to capital and thus our own liquidity could be adversely affected. At December 28, 2024, the Company had $35.0 million in borrowings under the Revolving Credit Facility outstanding and $7.4 million outstanding under letters of credit, with availability for additional borrowings under the Revolving Credit Facility of $22.6 million. At January 1, 2022, the Company had $14.2 million in borrowings under the Revolving Credit Facility outstanding and $1.9 million outstanding under letters of credit, with availability for additional borrowings under the Revolving Credit Facility of $28.9 million.

Borrowings under the Revolving Credit Facility bear interest at one of two alternative rates, as selected by the Company at each incremental borrowing. These alternatives are: (i) SOFR (Secured Overnight Financing Rate), plus applicable margin or (ii) the agent bank’s prime rate generally borrowed over shorter durations. The Company also pays unused line fees based on the amount of the Revolving Credit Facility that is not drawn. Unused line fees are recorded as interest expense.

All borrowings under the Fifth Amended and Restated Loan Agreement remain collateralized with substantially all of the Company’s assets, as well as the capital stock of its subsidiaries. The Revolving Credit Facility also contains various financial and non-financial covenants, such as a covenant that restricts the Company’s ability to borrow in order to pay dividends. As of December 28, 2024, the Company was in compliance with all covenants contained in the Revolving Credit Facility. The Company believes that it will maintain compliance with its financial covenants for the foreseeable future.

Foreign Currency Fluctuations and Changes in Exchange Rates

The Company is exposed to risks associated with foreign currency fluctuations and changes in exchange rates. The Company’s exposure to foreign currency fluctuations relates to operations in Canada, Germany and Serbia, principally conducted through its Canadian, German and Serbian subsidiaries. RCM’s exposure to foreign currency fluctuations relates to operations in Canada and Serbia, principally conducted through its Canadian and Serbian subsidiaries. Exchange rate fluctuations affect the United States dollar value of reported earnings derived from the foreign operations as well as the carrying value of the Company’s investment in the net assets related to these operations. Exchange rate fluctuations affect the United States dollar value of reported earnings derived from the Canadian operations as well as the carrying value of the Company’s investment in the net assets related to these operations. The Company does not engage in hedging activities with respect to foreign operations. The Company does not engage in hedging activities with respect to foreign operations.

Changes in Tax Laws

At any time, United States federal tax laws or the administrative interpretations of those laws may be changed. As a result, changes in United States federal tax laws could negatively impact our operating results, financial condition and business operations, and adversely impact the Company’s shareholders. At any time, tax laws in the Company’s other jurisdictions, Canada, Germany, Philippines, Puerto Rico and Serbia, may also change. At any time, tax laws in the Company’s other jurisdictions, Canada, Puerto Rico and Serbia, may also change. These tax law changes may have a material impact on the Company’s income tax expense. These tax law changes may have a material impact on the Company’s income tax expense.

Workers’ Compensation and Employee Medical Insurance

The Company self-insures a portion of the exposure for losses related to workers’ compensation and employees’ medical insurance. The Company has established reserves for workers’ compensation and employee medical insurance claims based on historical loss statistics and periodic independent actuarial valuations. The Company has established reserves for workers’ compensation and employee medical insurance claims based on historical loss statistics and periodic independent actuarial valuations. Significant differences in actual experience or significant changes in assumptions may materially affect the Company’s future financial results. Significant differences in actual experience or significant changes in assumptions may materially affect the Company’s future financial results.

ITEM 1A. RISK FACTORS (CONTINUED)

Improper Activities of Temporary Professionals Could Result in Damage to Business Reputation, Discontinuation of Client Relationships and Exposure to Liability

The Company may be subject to claims by clients related to errors and omissions, misuse of proprietary information, discrimination and harassment, theft and other criminal activity, malpractice, and other claims stemming from the improper activities or alleged activities of temporary professionals. There can be no assurance that current liability insurance coverage will be adequate or will continue to be available in sufficient amounts to cover damages or other costs associated with such claims. There can be no assurance that current liability insurance coverage will be adequate or will continue to be available in sufficient amounts to cover damages or other costs associated with such claims.

Claims raised by clients stemming from the improper actions of temporary professionals, even if without merit, could cause the Company to incur significant expense associated with rework costs or other damages related to such claims. Furthermore, such claims by clients could damage the Company’s business reputation and result in the discontinuation of client relationships. Furthermore, such claims by clients could damage the Company’s business reputation and result in the discontinuation of client relationships.

Acquisitions May Not Succeed

The Company reviews prospective acquisitions as an element of its growth strategy. The failure of any acquisition to meet the Company’s expectations, whether due to a failure to successfully integrate any future acquisition or otherwise, may result in damage to the Company’s financial performance and/or divert management’s attention from its core operations or could negatively affect the Company’s ability to meet the needs of its customers promptly.

International Operations

The Company operates its business in Canada, Germany, Philippines, Puerto Rico and Serbia. For the fiscal year ended December 28, 2024, approximately 7.8% of the Company’s revenue were generated outside the United States. For the fiscal year ended January 1, 2022, approximately 8.7% of the Company’s revenues were generated outside the United States. There are certain risks inherent in conducting business internationally including: the imposition of trade barriers, the enactment of tariffs, foreign exchange restrictions, longer payment cycles, greater difficulties in accounts receivables collection, difficulties in complying with a variety of foreign laws (including without limitation the U.S. Foreign Corrupt Practices Act), changes in legal or regulatory requirements, including as to laws and regulations governing economic and trade sanctions, difficulties in staffing and managing foreign operations, complex and uncertain employment environments, political instability and potentially adverse tax consequences. Our operations in Serbia could be adversely affected by the current conflict between Ukraine and Russia, with which Serbia has substantial ties. Our operations in Serbia could be adversely affected by the current conflict between Ukraine and Russia, with which Serbia has substantial ties. Should sanctions against Russia affect Russia in a way that causes adverse economic consequences to Serbia, or if such sanctions were to be extended to countries that might be considered to be in alignment with Russia, this could have a negative impact on our employees or operations both within and outside Serbia. To the extent the Company experiences these risks, the business and results of operations could be adversely affected.

Tariffs or Other Restrictions Imposed on Foreign Imports by the U.S. and Related Countermeasures

If significant tariffs or other restrictions are imposed on foreign businesses by the U.S. and related countermeasures are taken by impacted foreign countries, our business and results of operations could be adversely affected. During the first months of President Trump's second term, the U.S. announced the imposition of additional substantial tariffs on imports from various countries, including China, Canada and Mexico, and the subject countries indicated their intention to impose counter measures. Factors relating to these disputes could reduce demand for our services, result in the loss of customers and harm our competitive position in key markets. Additionally, ongoing trade tensions and uncertainty regarding future trade policies could negatively impact global economic conditions and consumer confidence, further affecting our business and results of operations.

ITEM 1A. RISK FACTORS (CONTINUED)

Global Epidemics

As was the case with the COVID-19 pandemic and endemic, and associated initiatives to reduce its spread, any other global pandemics or endemics that may occur in the future could adversely affect the Company’s business and financial position. For example, public and private sector policies and initiatives to reduce the transmission of a highly transmissible disease, such as closures of schools, businesses and manufacturing facilities, the promotion of social distancing, the adoption of working from home by companies and institutions, and travel restrictions could adversely affect demand for our services and present challenges to us in delivering these services. However, public and private sector policies and initiatives to reduce the transmission of COVID-19, such as closures of schools, businesses and manufacturing facilities, the promotion of social distancing, the adoption of working from home by companies and institutions, and travel restrictions could continue to adversely affect demand for our services and to present challenges to us in delivering these services. These impacts on our business could have an adverse effect on our liquidity position and access to capital, including our ability to access our line of credit. These impacts on our business could have an adverse effect on our liquidity position and access to capital, including our ability to access our line of credit.

These factors, in addition to delays in payment, could continue result in significant bad debts in the near future. Additionally, our operating results would be adversely affected if unexpected increases in the costs of labor and labor related costs, materials, supplies and equipment used in performing services could not be passed on to our clients. Additionally, our operating results would be adversely affected if unexpected increases in the costs of labor and labor related costs, materials, supplies and equipment used in performing services (including the impact of potential tariffs and COVID-19) could not be passed on to our clients. In addition, we believe that to maintain or improve our financial performance we must continue to obtain service agreements with new clients, retain and provide new services to existing clients, achieve modest price increases on current service agreements with existing clients and/or maintain internal cost reduction strategies at our various operational levels. In addition, we believe that to maintain or improve our financial performance we must continue to obtain service agreements with new clients, retain and provide new services to existing clients, achieve modest price increases on current service agreements with existing clients and/or maintain internal cost reduction strategies at our various operational levels. Furthermore, we believe that our ability to sustain the internal development of managerial personnel is an important factor impacting future operating results and the successful execution of our projected growth strategies. A future pandemic could make these objective more difficult to attain.

Trademarks

Management believes the RCM Technologies, Inc. name is extremely valuable and important to its business. The Company endeavors to protect its intellectual property rights and maintain certain trademarks, trade names, service marks and other intellectual property rights, including The Source of Smart Solutions® and Industries of Tomorrow, Today™ with a trademark application submitted for the use of the latter. The Company endeavors to protect its intellectual property rights and maintain certain trademarks, trade names, service marks and other intellectual property rights, including The Source of Smart Solutions®. The Company is not currently aware of any infringing uses or other conditions that would be reasonably likely to materially and adversely affect the Company’s use of its proprietary rights. The Company is not currently aware of any infringing uses or other conditions that would be reasonably likely to materially and adversely affect the Company’s use of its proprietary rights. The Company’s success depends on its ability to successfully obtain and maintain, and prevent misappropriation or infringement of, its intellectual property, maintain trade secret protection, and conduct operations without violating or infringing on the intellectual property rights of third parties. The Company’s success depends on its ability to successfully obtain and maintain, and prevent misappropriation or infringement of, its intellectual property, maintain trade secret protection, and conduct operations without violating or infringing on the intellectual property rights of third parties. Intellectual property litigation is expensive and time-consuming, and it is often difficult, if not impossible, to predict the outcome of such litigation. Intellectual property litigation is expensive and time-consuming, and it is often difficult, if not impossible, to predict the outcome of such litigation. If the Company is involved in intellectual property litigation, its business, financial condition and results of operations could be materially adversely affected. If the Company is involved in an intellectual property litigation, its business, financial condition and results of operations could be materially adversely affected.

Data Center Capacity and Telecommunication Links

Uninterruptible Power Supply (UPS), card key access, fire suppression, and environmental control systems protect the Company’s datacenter. All systems are monitored on a 24/7 basis with alerting capabilities via voice or email. The telecommunications architecture at the Company utilizes managed private circuits from AT&T, which encompasses provisioning redundancy and diversity.

The Company’s ability to protect its data center against damage from fire, power loss, telecommunications failure and other disasters is critical to business operations. In order to provide many of its services, the Company must be able to store, retrieve, process and manage large databases and periodically expand and upgrade its capabilities. In order to provide many of its services, RCM must be able to store, retrieve, process and manage large databases and periodically expand and upgrade its capabilities. Any damage to the Company’s data centers or any failure of the Company’s telecommunication links that interrupts its operations or results in an inadvertent loss of data could adversely affect the Company’s ability to meet its customers’ needs and their confidence in utilizing the Company for future services.

The Company’s ability to protect its data, provide services and safeguard its installations, as it relates to the IT infrastructure, is in part dependent on several outside vendors with whom the Company maintains service level agreements.

ITEM 1A. RISK FACTORS (CONTINUED)

Cyber Security

We are highly dependent on information technology systems to operate our business. A breakdown, invasion, corruption, destruction or interruption of critical information technology systems by employees, others with authorized access to our systems or unauthorized persons could negatively impact operations. In the ordinary course of business, we collect, store and transmit confidential information and it is critical that we do so in a secure manner to maintain the confidentiality and integrity of such information. In the ordinary course of business, we collect, store and transmit confidential information and it is critical that we do so in a secure manner to maintain the confidentiality and integrity of such information. Additionally, we outsource certain elements of our information technology systems to third parties. Additionally, we outsource certain elements of our information technology systems to third parties. As a result of this outsourcing, our third party vendors may or could have access to our confidential information making such systems vulnerable. As a result of this outsourcing, our third party vendors may or could have access to our confidential information making such systems vulnerable. Data breaches of our information technology systems, or those of our third party vendors, may pose a risk that sensitive data may be exposed to unauthorized persons or to the public. Data breaches of our information technology systems, or those of our third party vendors, may pose a risk that sensitive data may be exposed to unauthorized persons or to the public.

We have experienced cybersecurity events and disruptions such as viruses and attacks targeting our information technology systems. Such prior events have not had a material impact on our financial condition, results of operations or liquidity. However, future threats could have a materially adverse impact on our company by, among other things, causing harm to our business, financial condition, results of operations or reputation; disrupting our operations; exposing us to potential liability, regulatory actions and loss of business; and challenging our eligibility for future work on sensitive systems. Due to the evolving nature of these security threats, the potential impact of any future incident cannot be predicted. Our insurance coverage may not be adequate to cover all the costs related to cybersecurity attacks or disruptions resulting from such events.

While we believe that we have taken appropriate security measures to protect our data and information technology systems and have been informed by our third party vendors that they have as well, there can be no assurance that our efforts will prevent breakdowns or breaches in our systems, or those of our third party vendors, that could adversely affect our business.

Environmental Matters and Climate Change

The Company and many of its customers are subject to regulation by federal, state and international environmental laws, including those relating to climate change, that are subject to rapid change, which could result in regulatory uncertainty as well as potential significant increases in compliance costs. There can be no assurance that the steps we take to abide by applicable requirements will meet all current and future regulatory. Any failures to do so could result in governmental enforcement actions, fines, and other penalties, or other liabilities, that could adversely affect our business.

Data Privacy

We control, process, or have access to personal information regarding our own employees or employment candidates, as well as that of many of our customers or other third parties. Information concerning these individuals may also reside in systems controlled by third party vendors with whom we do business. The legal and regulatory environment concerning data privacy is becoming more complex and challenging, and the potential consequences of non-compliance have become more severe. The European Union’s General Data Protection Regulation, the California Consumer Privacy Act, the Health Insurance Portability and Accountability Act of 1996 and similar laws impose additional compliance requirements related to the collection, use, processing, transfer, disclosure, and retention of personal information, which can increase operating costs and resources to accomplish. Any failure to abide by these regulations or to protect such personal information from inappropriate access or disclosure, whether through social engineering or by accident or other cause, could have severe consequences including fines, litigation, regulatory sanctions, reputational damage, and loss of customers or employees. There can be no assurance that the steps we take to abide by applicable requirements and protect information will meet all current and future regulatory requirements, anticipate all potential methods of unauthorized access, or prevent all inappropriate disclosures. Any failures to do so could result in governmental enforcement actions, fines, and other penalties, or other liabilities, that could adversely affect our business.

ITEM 1B. UNRESOLVED STAFF COMMENTS

Not applicable.

ITEM 1C. CYBERSECURITY

Cybersecurity Risk Management and Strategy

The Company has developed and implemented a cybersecurity risk management program intended to protect the confidentiality, integrity, and availability of its critical systems and information. The Company’s cybersecurity risk management program includes a cybersecurity incident response plan and is integrated with the Company’s overall enterprise risk management program, sharing common methodologies, reporting channels and governance processes that apply across the enterprise risk management program to other legal, compliance, strategic, operational and financial risk areas. While the Company may not meet any particular standard, specification or requirement of the Center for Internet Security Critical Security Controls, the Company utilizes such controls as a guide to help identify, assess and manage cybersecurity risks relevant to the business. The Company has implemented cybersecurity policies and frameworks based on industry and governmental standards to align closely with requirements, instructions, and guidance from ISO27001, NIST, CMMC, GDPR, HIPAA, SOC and SOX Compliance.

Our cybersecurity risk management program includes, among other things:

●

risk assessments designed to help identify material cybersecurity risks to critical systems and information services;

●

a team comprising information technology (IT) security, IT infrastructure, and IT compliance personnel principally responsible for directing (i) cybersecurity risk assessment processes, (ii) security processes and (iii) planned responses to cybersecurity incidents;

●

the use of external cybersecurity service providers, where appropriate, to assess, test or otherwise assist with aspects of security processes;

●

cybersecurity awareness training of employees with access to IT systems;

●

a cybersecurity incident response plan and Security Operations Center to respond to cybersecurity incidents; and

●

a third-party risk management process for service providers.

During the year ended December 28, 2024, the Company has not identified risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents, that have materially affected operations, business strategy, results of operations or financial condition. However, the Company expects to continue to face certain risks from ongoing cybersecurity threats that, if realized, are reasonably likely to materially affect the Company, including our operations, business strategy, results of operations or financial condition. See Risk Factors – Cyber Security, Data Privacy and Data Center Capacity and Telecommunication Links.

21

---

ITEM 1C. CYBERSECURITY (CONTINUED)

Cybersecurity Governance

The Company’s Board considers cybersecurity risk as part of its risk oversight function and considers cybersecurity and IT risks as key strategic risks of the Company. The Board oversees management’s implementation of the Company’s cybersecurity risk management program, receiving at least annual updates from management (including our Chief Information Officer) on cybersecurity risks, including briefings on the Company’s cyber risk management program and cybersecurity incidents, and reviewing cybersecurity topics impacting companies with management and external experts.

The Company’s Chief Information Officer leads the IT and cybersecurity functions and has primary responsibility for leading the Company’s overall cybersecurity risk management program, supervising both internal cybersecurity personnel and external cybersecurity service providers. The Company’s cybersecurity function is responsible for assessing and managing material risks from cybersecurity threats, as well as informing management about and monitoring the prevention, detection, mitigation, and remediation of cybersecurity risks and incidents through various means, which include briefings with internal security personnel, threat intelligence and other information obtained from governmental, public or private sources, including external cybersecurity service providers and alerts and reports produced by security tools deployed in the IT environment.

The Company’s Chief Information Officer and Vice President of IT security and Compliance have significant experience in managing and leading information systems and deploying cybersecurity technologies and have extensive cybersecurity training and knowledge. The Company’s Vice President of IT security and Compliance has several industry certifications, including CISSP (Certified Information Security System Professional), CCSP (Certified Cloud Security Professional) and CCSK (Certificate of Cloud Security Knowledge). The Company’s Chief Information Officer reports to the Chief Executive Officer, and the Company’s Vice President of IT Security and Compliance reports to the Company’s Chief Information Officer.