Information Security

Information Security Committee Independence (%)

• The Audit Committee is responsible for information security oversight. The committee is comprised entirely of independent directors as defined by our Corporate Governance Guidelines and the NASDAQ Listing Rules.

Information Security Board Briefings

• From time to time, the Audit Committee, with management, identifies and reviews risks related to Chefs’ operations and at least quarterly receives reviews and reports on information security and emerging cybersecurity threats.

Information Security Breach Within Last 3-Years

• There were no identified material cybersecurity breaches to Chefs’ information security in the last 3-years. The costs of such breaches were non-material.

Information Security Risk Insurance

• The Company has entered into an information security risk insurance policy.

Information Security Audits and Certifications

• We engage cyber vendors to conduct vulnerability assessments and audits across all our server and natural environments on an annual basis. We obtain evaluations across the entire company’s environments.

Information Security Training and Compliance Programs

• We provide annual cybersecurity training for all personnel with network access, as well as specialized training for personnel that are either high-risk or have access to customer/personal information. Several times a year, the company conducts phishing training as part of our security awareness program.