Cybersecurity Risk Management and Strategy Disclosure

12 Months Ended

Dec. 31, 2025

Cybersecurity Risk Management, Strategy, and Governance [Abstract]

Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

We recognize the critical importance of maintaining the confidentiality, integrity, and availability of our systems, products, and data. Our cybersecurity risk management program is designed to identify, assess, and manage material risks arising from cybersecurity threats across our U.S. and international operations, including third-party service providers and suppliers. The program integrates governance, technical and administrative controls, incident response, training and awareness, and continuous improvement practices that are tailored to our risk profile as a medical device, aerospace & defense, and industrial EMS provider.

Risk Identification and Assessment.

We employ a risk-based approach to identify and assess cybersecurity threats, including threat-intelligence monitoring, vulnerability management, security logging and analytics, and periodic security testing (e.g., penetration tests and tabletop exercises). Cybersecurity risks are recorded in our enterprise risk register with likelihood and impact scoring and are prioritized for remediation based on potential operational, financial, regulatory, and reputational effects. We maintain an incident response plan that defines triage, escalation, containment, recovery, and post-incident review activities. During incident response, management, including representatives from information technology, legal, and executive leadership, evaluates cybersecurity incidents to determine whether an event is reasonably likely to have a material impact on our business, strategy, financial condition, or results of operations, which informs disclosure decisions under applicable SEC requirements.

Integration with Strategy, Operations, and Capital Allocation.

Cybersecurity risk considerations are incorporated into strategic planning, new program launches, capital allocation, and supplier selection. We evaluate cybersecurity controls in connection with our quality systems and regulatory commitments (including FDA QMSR/ISO 13485 and AS9100), our participation in defense supply chains, and customer expectations for secure manufacturing and data handling. We maintain cybersecurity insurance coverage and periodically reassess limits and retentions in light of market conditions and our evolving risk posture.

Third-Party and Supplier Risk Management.

We assess cybersecurity risks associated with third-party service providers and critical suppliers through security questionnaires, contractual requirements, and reviews of independent assurance reports (e.g., SOC reports) where available. Data sharing with vendors and cloud platforms is limited to business need, and we require appropriate controls, including access restrictions, encryption, and incident notification obligations. We periodically reassess third-party risks and adjust controls as necessary.

Training and Awareness.

Employees with network access participate in periodic training and simulated phishing exercises. Role-based training is provided to personnel with elevated privileges or access to sensitive data. Awareness materials are refreshed to reflect current threat trends.

Cybersecurity Risk Management Processes Integrated [Flag]

true

Cybersecurity Risk Management Third Party Engaged [Flag]

true

Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]

true

Cybersecurity Risk Board of Directors Oversight [Text Block]

Governance and Oversight.

The Board of Directors oversees enterprise risk management, including cybersecurity risk. The Audit Committee assists the Board in its oversight of cybersecurity matters and receives cybersecurity updates from management at least quarterly, including updates on the Company’s cybersecurity risk posture, program initiatives, and significant cybersecurity incidents, if any. The full Board receives periodic briefings on cybersecurity risk management.

Management’s cybersecurity program is led by the Vice President of Information Technology, who is responsible for day-to-day cybersecurity risk management activities, including policy governance, control implementation, security monitoring, incident response, and vendor risk management, and reports to Chief Executive Officer. The individual responsible for leading the cybersecurity program has over 10 years of experience in information technology, cybersecurity, and risk management, including experience in regulated manufacturing and defense supply chains, and holds relevant professional certifications.

Cross-functional leaders from Operations, Quality/Regulatory, Supply Chain, and Legal participate in cybersecurity governance and incident response activities.

Prior Incidents and Program Improvements.

Like many companies, we have experienced cybersecurity incidents in the past. To date, none have had a material impact on our business, financial condition, or results of operations. Lessons learned from past events have informed enhancements to controls, user awareness, logging and monitoring, and incident response processes.

Defense Supply Chain and CMMC Compliance.

We participate in the U.S. Department of Defense (“DoD”) supply chain, including handling Federal Contract Information and, for certain programs, Controlled Unclassified Information (CUI). On October 23, 2025, we obtained a Cybersecurity Maturity Model Certification (“CMMC”) Level 2 certification via an authorized C3PAO, applicable to the systems within our assessed boundary that process CUI. Beginning November 10, 2025, DoD CMMC rule phases in requirements for Level 1 or Level 2 compliance in solicitations, with increasing reliance on third-party assessments over a staged rollout. We maintain the technical and procedural controls necessary for Level 2 and manage ongoing compliance through evidence maintenance, annual affirmations, and timely updates to the Supplier Performance Risk System, as applicable. Non-compliance could limit our eligibility for certain defense contracts; therefore, we monitor and remediate any issues promptly, including through Plans of Action and Milestones where permitted.

ITAR and Other Regulatory Linkages.

All U.S. locations supporting defense customers operate in an ITAR-compliant manner. Our cybersecurity controls, including access control, network segmentation, encryption, and data-loss prevention, among others, support our ITAR compliance program and align with our quality systems for regulated manufacturing.

For more information regarding the risks we face from cybersecurity threats, please see Item 1A. “Risk Factors.”

Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]

The Board of Directors oversees enterprise risk management, including cybersecurity risk.

Cybersecurity Risk Role of Management [Text Block]