NetApp statement on slavery and human trafficking

September 2023

This Statement is made in accordance with the Australian Modern Slavery Act 2018 (Cth), the California Transparency in Supply Chains Act 2010, and the United Kingdom Modern Slavery Act 2015 ("applicable Modern Slavery laws") for the financial year ending 29 April 2023.

This Statement relates to the following reporting entities:

• NetApp Australia Pty Ltd ("NetApp Australia"), and Instaclustr Pty Limited (“Instaclustr Australia”) for the purpose of the Australian Modern Slavery Act 2018 (Cth);
• NetApp UK and NetApp BV, for the purpose of the UK Modern Slavery Act 2015;
• NetApp, Inc, for the purpose of the California Transparency in Supply Chains Act 2010.

According to the International Labour Organisation, almost 50 million people are living in modern slavery around the globe^{https://www.ilo.org/global/topics/forced-labour/lang--en/index.htm} , with more than half subject to forced labour conditions. NetApp is committed to complying with applicable Modern Slavery laws and taking appropriate steps to mitigate the risk of slavery and human trafficking in its business and supply chain.

NetApp’s commitment to human rights covers forced labor, slavery, child labor, and human trafficking and is outlined in our Human Trafficking Policy and the NetApp Supplier Code of Conduct. As an active member of the Responsible Business Alliance ("RBA"), NetApp uses the RBA Code of Conduct ("RBA Code") as the basis of its Supplier Code of Conduct. The RBA Code prohibits the use of forced labor, including bonded, indentured labor, or involuntary prison labor; human trafficking; and child labor. Fundamental to the RBA Code is the understanding that a business, in all of its activities, must operate in full compliance with the laws, rules, and regulations of the countries in which it operates. The RBA Code contains specific requirements covering slavery and human trafficking and encompasses a broader vision than simply the elimination of human trafficking. It includes compliance with global labor standards and applicable laws; worker health and safety; the environment; business ethics; and the management of internal systems and controls to ensure effective compliance. NetApp participates in RBA membership and educational activities.

NetApp’s internal policies and practices incorporate key concepts of the RBA Code and are consistent with international labor and human rights standards. NetApp is committed to complying with the changes to the U.S. Government’s Federal Acquisition Regulation with regard to Ending Trafficking in Persons, and we expect our suppliers to comply. (See our Purchasing Policy: Combating Trafficking in Persons.) NetApp expects its suppliers to promote an environment in which workers may freely choose employment. This expectation on labor and worker rights is part of a larger effort around supply chain transparency and accountability.

NetApp is a provider of storage and data management solutions for data-intensive enterprises. NetApp^® storage solutions include specialized hardware, software, and services for open network environments. We use a multichannel distribution strategy: We sell our products, solutions, and services to end-user business customers and service providers through a direct sales force and an ecosystem of partners. NetApp outsources manufacturing operations to third parties located in different countries around the world. As a way to mitigate our supply chain risk, we rely on a limited number of suppliers for materials, as well as several key subcontractors for the production of certain subassemblies and finished systems.

In May of 2022, NetApp announced its acquisition of Instaclustr, a leading platform provider of fully managed open-source database, pipeline and workflow applications delivered as a service. Instaclustr Australia is now a wholly-owned subsidiary of NetApp Australia. Instaclustr services are now NetApp products sold via the relevant regional entities including NetApp Australia.

NetApp Australia is a marketer and distributor of NetApp products in the Australian market and a provider of post-sales customer support and consultancy services. NetApp Australia uses reputable large-scale external vendors, such as professional services, real estate, and facilities suppliers.

During the reporting period, NetApp has (i) performed a thorough global risk assessment with the assistance of an external provider and (ii) continued to implement actions to assist in addressing modern slavery risks associated with our operations and supply chains, as described throughout this Statement.

This risk assessment focused on the key areas of NetApp’s business that present the highest levels of modern slavery risk (procurement and human resources). In carrying out this risk assessment, the external provider assessed NetApp’s procurement and human resources structure to understand: 

• the role of these business units within NetApp; 
• NetApp’s supply chains and other third parties with whom it interacts and does business; and 
• the decision making within, and oversight of, global procurement and human resources. 

Questionnaires and interviews were utilized with relevant global stakeholders to understand the key modern slavery risks across the business.  

The detailed report created looked at both internal operations and NetApp’s supply chain risks and has informed a number of key workstreams that are currently being undertaken across the business. 

NetApp has taken steps to mitigate internal risks in its own operations: 

• All NetApp employees are provided with contracts of employment/letters of offer stating wages and hours of work. All NetApp employees are also provided with payslips in accordance with their pay schedule.  
• Changes in employee legislation impacting compensation and benefits are monitored regularly through multiple channels.  
• NetApp continues to engage with relevant workforce bodies such as its French and Dutch Works Councils.  
• NetApp has appropriate contracts in place with its alternative workforce provider and has validated that this provider has suitable policies including a Human Rights Policy.  

NetApp has taken actions to mitigate the risk of slavery and human trafficking in its supply chain, including: 

• Supplier Code of Conduct. As explained above, NetApp’s Supplier Code of Conduct is aligned with the RBA Code and incorporates its key sections, including workers’ rights, the eradication of forced labor, working conditions, and supplier accountability and reporting of nonconformance. NetApp encourages and, in some cases, requires suppliers to adhere to the RBA Code of Conduct, including implementing a management system and audits and completing the RBA Self-Assessment Questionnaire (SAQ). The SAQ, which includes an assessment of the supplier’s policies and practices, helps alert NetApp to the possibility that human trafficking risks exist. NetApp expects its suppliers to read and abide by the standards outlined in NetApp’s Supplier Code of Conduct (including the suppliers to its Australian operations).  
  
  
• NetApp supplier and partner agreements. Compliance with NetApp's Supplier Code of Conduct is part of NetApp’s standard contract language. Where NetApp contracts with services suppliers who participate in a U.S. Government contract or subcontract, it flows down applicable clauses to its suppliers, such as FAR Clause 52.222-50, Combating Trafficking in Persons. NetApp supplier contract templates include modern slavery provisions, so that its expectations with respect to modern slavery are included in the contractual framework with certain categories of suppliers and service providers. These clauses require the supplier or service provider to comply with all applicable Modern Slavery laws, statutes, and regulations and to have and maintain its own policies and procedures to identify and address its individual exposure to modern slavery risk.  
  
  
• Supplier risk assessments and audits. NetApp uses the RBA assessment process (SAQ) to identify the potential risk of noncompliance by RBA member suppliers with NetApp’s Supplier Code of Conduct and RBA Code, including the actual or potential risks of slavery and human trafficking occurrences. As a part of NetApp’s overall participation in the RBA's collaborative audit effort, we expect RBA member suppliers to annually assess their conformance with the tenets of the Supplier Code of Conduct and RBA Code. Completion of the RBA SAQ includes an assessment of the supplier’s policies and practices that may give rise to human trafficking risks. NetApp may also require audits of RBA member suppliers, via a third party, if deemed necessary to verify their conformance to the RBA Code and related standards and policies. Third-party audits follow the RBA Validated Audit Process (VAP), which includes an assessment of the supplier’s risks and controls regarding human trafficking. If nonconformance is identified, we monitor the supplier’s activities to develop corrective action plans and close audit findings.  

NetApp screens 100% of strategic suppliers through a rigorous due diligence process to reduce the risk of doing business with third parties who are likely to violate the law.  

NetApp’s direct procurement team have a level of oversight beyond its first tier, and in some circumstances, contract directly with strategic second and third tier suppliers. This model of key supplier engagement affords NetApp increased oversight and influence over its supply chain.  

NetApp Australia and Instaclustr Australia were consulted in relation to modern slavery risks in preparation of this statement and they have a low risk of modern slavery practices in their operations and supply chains. Due to the nature and structure of its operations and supply chains, NetApp Australia and Instaclustr Australia relies on the actions taken at a global level to assess risk and address any risks identified. 

The specific steps that NetApp Australia and Instaclustr Australia have determined to take to respond to its low level of risk are outlined in “Training and Awareness,” below.  

Assessment of effectiveness. NetApp reviews the scores of the SAQ completed by its suppliers who are members of the RBA to confirm that they are not deemed to be a high risk. NetApp Australia and Instaclustr Australia relies on the assessment of NetApp and does not carry out additional assessments.

NetApp’s Code of Conduct, which contains specific provisions on procurement from suppliers, vendors, contractors, and supply chain relationships, provides guidance to enable employees to put our company’s values into practice. It is available in seven languages on NetApp’s intranet and in English on our company’s external website.

The principles embodied in our Code of Conduct reflect NetApp’s policies on, among other topics, compliance hotline, speaking up, investigations, antiretaliation, diversity and discrimination, conflict minerals, antitrust, antibribery, and anticorruption, and protecting our company’s assets and reputation. To ensure compliance with our Code of Conduct and policies, NetApp conducts annual Code of Conduct training for all employees. Courses are administered and tracked through NetApp Learning Services, an internal organization that serves the technical and sales learning needs of NetApp employees, partners, and customers. Employees who are new to NetApp are also required to take an interactive Code of Conduct course. Additionally, every employee is required to read the Code of Conduct and certify that he or she has done so prior to joining NetApp.

NetApp’s Ethics and Compliance Program includes an Integrity and Compliance Office (ICO) and Global and Regional Business Conduct Councils. ICO oversees and administers NetApp’s Code of Conduct and is our primary resource for developing and implementing programs and tools to ensure compliance with global laws and NetApp’s policies. Our Business Conduct Councils are cross-functional governance bodies composed of senior leaders from different business units, including Sales Support and Marketing, Human Resources, Finance, Internal Audit, Legal, and ICO that identify and address compliance issues. The councils review company investigations, drive control improvements, and identify and prioritize areas for global compliance focus. NetApp maintains a robust process for reporting slavery and human trafficking, including online channels, and our Code of Conduct contains a nonretaliation policy. Processes exist for informing senior management about allegations of slavery and human trafficking, including periodic internal reporting on allegations that arise in the supply chain and details about key investigations that are in progress or completed.

All of our employees take NetApp’s Code of Conduct training upon hire and participate in initial and annual mandatory training on the contents of the Code of Conduct. The Code covers topics such as Corporate Social Responsibility, Human Rights, Respecting the Environment, Supply Chain Relationships, Harassment-Free Workplace, Diversity, and Antidiscrimination. NetApp provides training in "Modern Slavery in the Supply Chain" to its employees who are directly engaged with sourcing and selecting suppliers. The purpose of the training is to ensure that employees understand what modern slavery is and how to spot modern slavery risks; to discuss with and communicate to third-party suppliers NetApp’s expectations with respect to combatting modern slavery; the steps that NetApp takes to minimize the risk of modern slavery occurring; and how employees can raise any concerns. New hires on the procurement team who have responsibility for sourcing and contracting are required to take the training "Modern Slavery in the Supply Chain." 100% of the employees who are required to take this training have completed it.

Through our RBA membership, we also continue to encourage and support the participation of our employees who are responsible for supply chain management. These employees attend conferences, trainings, and workshops focused on understanding the RBA policies and best practices, including fighting human trafficking and forced labor. These resources are made available to NetApp suppliers who are RBA members.

For the purpose of the UK Modern Slavery Act 2015, this Statement has been approved by the board of NetApp UK on on 21st September 2023 and signed by a director.

For the purpose of the UK Modern Slavery Act 2015, this Statement has been approved by the board of NetApp BV on on 21st September 2023 and signed by a director.

For the purpose of the Australian Modern Slavery Act 2018 (Cth), this Statement has been approved by the board of NetApp Australia Pty (ACN: 092 499 431) and in their capacity as principal governing body of NetApp Australia and as the owner and principal governing body of Instaclustr Pty Limited (Australia) (ACN: 159 571 605) on 21st September 2023 and signed on its behalf by a director of NetApp Australia.