|
Cybersecurity Risk Management, Strategy and Governance
|12 Months Ended
Jun. 28, 2025
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Item 1C. Cybersecurity
Risk Management and Strategy
We rely upon information technology networks and systems to process, transmit, and store electronic information, and to manage or support virtually all of our business processes and activities. We also use mobile devices, social networking, and other online activities to connect with our employees, suppliers, business partners, and customers. Accordingly, we maintain a comprehensive Information Security Program, anchored in a multi-tiered, defense-in-depth strategy designed to identify and mitigate risks from cybersecurity threats. We believe that our Information Security Program aligns with industry frameworks and assesses security trends, and facilitates identification and reduction of vulnerabilities. Our cybersecurity strategy considers existing risks to our company and those that we are likely to encounter based on our industry, company profile, and business objectives. Consideration of risks from cybersecurity threats is a key component of our overall enterprise risk management strategy.
We have implemented a risk management program to identify and track information risks, including cybersecurity threats, from many different sources, including third parties, technology projects, acquisitions, risk assessments, technical assessments, and internal/external audits, and assess them based on severity. Our annual information technology general control testing, which is conducted in connection with our internal control over financial reporting review process, and periodic reviews of risks and controls related to cybersecurity threats that may impact financial reporting control objectives also serve to identify and track information risks. Additionally, we partner with independent third-party service providers to regularly perform cybersecurity assessments, such as network and application penetration testing.
To emphasize the importance of cybersecurity awareness, advise of cybersecurity threats, and provide examples of how to mitigate such threats in their use of PFG systems, we also maintain an information security training program that combines several forms of training, including routine phishing exercises, across our workforce.
We acknowledge the potential cybersecurity risks inherent in our relationships with third parties. Accordingly, PFG has implemented a third-party risk management program to identify and oversee such risks. Our third-party risk assessment framework evaluates the cybersecurity practices and controls of third parties. Activities undertaken in relation to third parties may include due diligence inquiries, reviewing security policies and program capabilities, reviewing security certifications and results of independent audits. Review and establishment of contractual requirements is performed in accordance with the level of risk presented by a third party.
We maintain a regularly revised Cybersecurity Incident Response Plan and Cybersecurity Incident Notification Policy, which provide protocols for evaluating and responding to cybersecurity incidents, including escalation of information to senior leadership, including the Board of Directors, as appropriate, and meeting external reporting obligations. We periodically perform tabletop exercises where we perform walkthroughs of cybersecurity incident situations to test our response plans. To date, we have not experienced any cybersecurity incidents that materially affected, or are likely to materially affect, our business strategy, results of operations, or financial condition, but future incidents cannot be predicted. See “Part 1, Item 1A. Risk Factors” for additional information regarding cybersecurity-related risks that could impact our business.
Governance
Our Board of Directors executes its cybersecurity risk oversight function as a whole and by delegating responsibility to the Technology and Cybersecurity Committee of our Board of Directors, which oversees our management of risks relating to information technology security and our cybersecurity policies, controls and procedures. The Audit and Finance Committee of our Board of Directors oversees our enterprise risk management program as a whole and risk management regarding major financial risk exposure, including the potential financial impact of cybersecurity incidents. The Technology and Cybersecurity Committee receives quarterly presentations and reports on cybersecurity and information security risks from management, including our Executive Vice President and Chief Information Officer (“CIO”) and Vice President, Chief Information Security Officer (“CISO”). These presentations and reports address a broad range of topics, including progress of security initiatives, strategy, key performance indicators, cybersecurity risks, and notable cybersecurity incidents. In addition, the Technology and Cybersecurity Committee and the Board of Directors receive briefings from time to time from outside experts for an independent view on cybersecurity risks and emerging cybersecurity threats, including best practices and current trends in cybersecurity.
Our CIO’s experience includes over 25 years of experience in information technology leadership roles, including ProBuild Holdings, the nation’s largest supplier of building materials; Gates Corporation, a manufacturer/distributor of automotive parts; and Nupremis Inc., a start-up that provided hosting and managed services. We also have a dedicated CISO, whose team is responsible for management of PFG’s Information Security Program, policies, compliance with internal/external mandates, strategy, security incident planning and response. Our CISO reports to our CIO and has more than 20 years of cybersecurity, technology assurance and controls experience, including 18 years as a Certified Information Systems Security Professional (CISSP) and 13 years at PFG in information security and compliance. Our CISO joined PFG following several years of experience working in information security consulting, including Big 4 Accounting and Assurance, as well as working in industries including banking and finance.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Our Board of Directors executes its cybersecurity risk oversight function as a whole and by delegating responsibility to the Technology and Cybersecurity Committee of our Board of Directors, which oversees our management of risks relating to information technology security and our cybersecurity policies, controls and procedures. The Audit and Finance Committee of our Board of Directors oversees our enterprise risk management program as a whole and risk management regarding major financial risk exposure, including the potential financial impact of cybersecurity incidents. The Technology and Cybersecurity Committee receives quarterly presentations and reports on cybersecurity and information security risks from management, including our Executive Vice President and Chief Information Officer (“CIO”) and Vice President, Chief Information Security Officer (“CISO”). These presentations and reports address a broad range of topics, including progress of security initiatives, strategy, key performance indicators, cybersecurity risks, and notable cybersecurity incidents. In addition, the Technology and Cybersecurity Committee and the Board of Directors receive briefings from time to time from outside experts for an independent view on cybersecurity risks and emerging cybersecurity threats, including best practices and current trends in cybersecurity.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Our Board of Directors executes its cybersecurity risk oversight function as a whole and by delegating responsibility to the Technology and Cybersecurity Committee of our Board of Directors, which oversees our management of risks relating to information technology security and our cybersecurity policies, controls and procedures.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Technology and Cybersecurity Committee receives quarterly presentations and reports on cybersecurity and information security risks from management, including our Executive Vice President and Chief Information Officer (“CIO”) and Vice President, Chief Information Security Officer (“CISO”). These presentations and reports address a broad range of topics, including progress of security initiatives, strategy, key performance indicators, cybersecurity risks, and notable cybersecurity incidents. In addition, the Technology and Cybersecurity Committee and the Board of Directors receive briefings from time to time from outside experts for an independent view on cybersecurity risks and emerging cybersecurity threats, including best practices and current trends in cybersecurity.
|Cybersecurity Risk Role of Management [Text Block]
|These presentations and reports address a broad range of topics, including progress of security initiatives, strategy, key performance indicators, cybersecurity risks, and notable cybersecurity incidents. In addition, the Technology and Cybersecurity Committee and the Board of Directors receive briefings from time to time from outside experts for an independent view on cybersecurity risks and emerging cybersecurity threats, including best practices and current trends in cybersecurity.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|The Audit and Finance Committee of our Board of Directors oversees our enterprise risk management program as a whole and risk management regarding major financial risk exposure, including the potential financial impact of cybersecurity incidents.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|
Our CIO’s experience includes over 25 years of experience in information technology leadership roles, including ProBuild Holdings, the nation’s largest supplier of building materials; Gates Corporation, a manufacturer/distributor of automotive parts; and Nupremis Inc., a start-up that provided hosting and managed services. We also have a dedicated CISO, whose team is responsible for management of PFG’s Information Security Program, policies, compliance with internal/external mandates, strategy, security incident planning and response. Our CISO reports to our CIO and has more than 20 years of cybersecurity, technology assurance and controls experience, including 18 years as a Certified Information Systems Security Professional (CISSP) and 13 years at PFG in information security and compliance. Our CISO joined PFG following several years of experience working in information security consulting, including Big 4 Accounting and Assurance, as well as working in industries including banking and finance.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|The Technology and Cybersecurity Committee receives quarterly presentations and reports on cybersecurity and information security risks from management, including our Executive Vice President and Chief Information Officer (“CIO”) and Vice President, Chief Information Security Officer (“CISO”). These presentations and reports address a broad range of topics, including progress of security initiatives, strategy, key performance indicators, cybersecurity risks, and notable cybersecurity incidents. In addition, the Technology and Cybersecurity Committee and the Board of Directors receive briefings from time to time from outside experts for an independent view on cybersecurity risks and emerging cybersecurity threats, including best practices and current trends in cybersecurity.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef