NetApp statement on slavery and human trafficking

NetApp is a provider of storage and data management solutions for data-intensive enterprises. NetApp^® storage solutions include specialized hardware, software, and services for open network environments. We use a multichannel distribution strategy: We sell our products, solutions, and services to end-user business customers and service providers through a direct sales force and an ecosystem of partners. NetApp outsources manufacturing operations to third parties located in different countries around the world. We rely on a limited number of suppliers for materials, as well as several key subcontractors for the production of certain subassemblies and finished systems. The reporting entity for the purposes of the Australian Modern Slavery Act 2018 (Cth) is NetApp Australia Pty Ltd (“NetApp Australia”). NetApp Australia is a marketer and distributor of NetApp products in the Australian market and a provider of postsales customer support and consultancy services. NetApp Australia uses external vendors, such as marketing, professional services, real estate, and facilities suppliers, which are largely contracted through a third party. It does not own or control any other legal entities.

NetApp has taken actions to ensure transparency and to prevent abuses in our supply chain, including the following.

Supplier Code of Conduct.  NetApp’s Supplier Code of Conduct is aligned with the RBA Code and incorporates its key sections, including workers’ rights, the eradication of forced labor, working conditions, and supplier accountability and reporting of nonconformance. NetApp encourages and, in some cases, requires suppliers to adhere to the RBA Code of Conduct, including implementing a management system and audits and completing the RBA Self-Assessment Questionnaire (SAQ). The SAQ, which includes an assessment of the supplier’s policies and practices, helps NetApp identify whether any human trafficking risks exist. NetApp expects its suppliers to read and abide by the standards outlined in NetApp’s Supplier Code of Conduct (including the suppliers to its Australian operations).

NetApp supplier and partner agreements.  Compliance with the RBA Code is part of NetApp’s standard contract language. Where NetApp contracts with services suppliers who participate in a U.S. Government contract or subcontract, it flows down applicable clauses to its suppliers, such as FAR Clause 52.222-50, Combating Trafficking in Persons.

Supplier risk assessments and audits.  NetApp uses the RBA assessment process to identify the risks of noncompliance by RBA member suppliers with NetApp’s Supplier Code of Conduct and RBA Code, including the actual or potential risks of slavery and human trafficking occurrences. As a part of NetApp’s overall participation in the RBA's collaborative audit effort, we expect RBA member suppliers to annually assess their conformance with the tenets of the Supplier Code of Conduct and RBA Code. Completion of the RBA SAQ includes an assessment of the supplier’s policies and practices that may give rise to human trafficking risks. NetApp may also require audits of RBA member suppliers, via a third party, if deemed necessary to verify their conformance to the RBA Code and related standards and policies. Third-party audits follow the RBA Validated Audit Process (VAP), which includes an assessment of the supplier’s risks and controls regarding human trafficking. If nonconformance is identified, we monitor the supplier’s activities to develop corrective action plans and close audit findings.

For the purposes of the Australian Modern Slavery Act 2018 (Cth), NetApp Australia has carried out a modern slavery risk assessment and has assessed that there is a low risk of modern slavery practices in its operations and supply chains. Due to the nature and structure of its operations and supply chains, NetApp Australia relies on the actions taken at a global level to assess and address any risks identified. The specific steps that NetApp Australia has determined to take to respond to its low level of risk are outlined in “Training and Awareness,” below. Given that this is the first year that NetApp Australia has reported under the modern slavery legislation, they will assess the effectiveness of these steps before the next reporting period.

Assessment of effectiveness.  NetApp reviews the scores of the SAQ completed by its suppliers who are members of the RBA to confirm that they are not deemed to be a high risk. NetApp Australia relies on the assessment of NetApp and does not carry out additional assessments.

NetApp’s Code of Conduct, which contains specific provisions on procurement from suppliers, vendors, contractors, and supply chain relationships, provides guidance to enable employees to put our company’s values into practice. It is available in seven languages on NetApp’s intranet and in English on our company’s external website.

The principles embodied in our Code of Conduct reflect NetApp’s policies on, among other topics, compliance hotline, speaking up, investigations, antiretaliation, diversity and discrimination, conflict minerals, antitrust, antibribery and anticorruption, and protecting our company’s assets and reputation. To ensure compliance with our Code of Conduct and policies, NetApp conducts annual Code of Conduct training for all employees. Courses are administered and tracked through NetApp Learning Services, an internal organization that serves the technical and sales learning needs of NetApp employees, partners, and customers. Employees who are new to NetApp are also required to take an interactive Code of Conduct course. Additionally, every employee is required to read the Code of Conduct and certify that he or she has done so prior to joining NetApp.

NetApp’s Ethics and Compliance Program includes an Integrity and Compliance Office (ICO) and Global and Regional Business Conduct Councils. ICO oversees and administers NetApp’s Code of Conduct and is our primary resource for developing and implementing programs and tools to ensure compliance with global laws and NetApp’s policies. Our Business Conduct Councils are cross-functional governance bodies composed of senior leaders from Business, Human Resources, Finance, Internal Audit, Legal, and Integrity and Compliance Office that identify and address compliance issues. They review company investigations, drive control improvements, and identify and prioritize areas for global compliance focus. NetApp maintains a robust process for reporting slavery and human trafficking, including online channels, and our Code of Conduct contains a nonretaliation policy. Processes exist for informing senior management about allegations of slavery and human trafficking, including periodic internal reporting on allegations that arise in the supply chain and details about key investigations that are in progress or completed.

All of our employees take NetApp’s Code of Conduct training upon hire and participate in initial and annual mandatory training on the contents of the Code of Conduct. The Code covers topics such as Corporate Social Responsibility, Human Rights, Respecting the Environment, Supply Chain Relationships, Harassment-Free Workplace, Diversity, and Antidiscrimination. Through our RBA membership, we also encourage and support the participation of our employees who are responsible for supply chain management. These employees attend conferences, training, and workshops focused on understanding the RBA policies and best practices, including fighting human trafficking and forced labor. These resources are made available to NetApp suppliers who are RBA members.

As a result of carrying out its first modern slavery risk assessment for its Australia operations, NetApp will provide dedicated training to certain employees who are likely to be exposed to higher levels of modern slavery risk. The purpose of the training is to ensure that they understand what modern slavery is, the steps that NetApp takes to minimize the risk of modern slavery occurring, and how employees can raise any concerns. NetApp will also communicate expectations with respect to modern slavery to certain categories of suppliers and service providers.

As per the United Kingdom Modern Slavery Act, this statement has been approved by the boards of NetApp UK and NetApp BV and signed by a director.

As per the Australian Modern Slavery Act 2018 (Cth), this statement has been approved by the board of NetApp Australia Pty and signed by a director.