NetApp statement on slavery and human trafficking

September 2022

This Statement is made in accordance with the Australian Modern Slavery Act 2018 (Cth), the California Transparency in Supply Chains Act 2010, and the United Kingdom Modern Slavery Act 2015 ("applicable Modern Slavery laws") for the financial year ending 29 April 2022.

This Statement relates to the following reporting entities:

• NetApp Australia Pty Ltd ("NetApp Australia"), for the purpose of the Australian Modern Slavery Act 2018 (Cth);
• NetApp UK and NetApp BV, for the purpose of the UK Modern Slavery Act 2015;
• NetApp, Inc, for the purpose of the California Transparency in Supply Chains Act 2010.

According to the 2018 Global Slavery Index, over 40 million people are living in modern slavery around the globe. NetApp is committed to complying with applicable Modern Slavery laws and taking appropriate steps to mitigate the risk of slavery and human trafficking in its business and supply chain.

NetApp’s commitment to human rights covers forced labor, slavery, child labor, and human trafficking and is outlined in our Human Trafficking Policy and the NetApp Supplier Code of Conduct. As an active member of the Responsible Business Alliance ("RBA"), NetApp uses the RBA Code of Conduct ("RBA Code") as the basis of its Supplier Code of Conduct. The RBA Code prohibits the use of forced labor, including bonded, indentured labor, or involuntary prison labor; human trafficking; and child labor. Fundamental to the RBA Code is the understanding that a business, in all of its activities, must operate in full compliance with the laws, rules, and regulations of the countries in which it operates. The RBA Code contains specific requirements covering slavery and human trafficking and encompasses a broader vision than simply the elimination of human trafficking. It includes compliance with global labor standards and applicable laws; worker health and safety; the environment; business ethics; and the management of internal systems and controls to ensure effective compliance. NetApp participates in RBA membership and educational activities.

NetApp’s internal policies and practices incorporate key concepts of the RBA Code and are consistent with international labor and human rights standards. NetApp is committed to complying with the changes to the U.S. Government’s Federal Acquisition Regulation with regard to Ending Trafficking in Persons, and we expect our suppliers to comply. (See our Purchasing Policy: Combating Trafficking in Persons.) NetApp expects its suppliers to promote an environment in which workers may freely choose employment. This expectation on labor and worker rights is part of a larger effort around supply chain transparency and accountability.

NetApp is a provider of storage and data management solutions for data-intensive enterprises. NetApp^® storage solutions include specialized hardware, software, and services for open network environments. We use a multichannel distribution strategy: We sell our products, solutions, and services to end-user business customers and service providers through a direct sales force and an ecosystem of partners. NetApp outsources manufacturing operations to third parties located in different countries around the world. As a way to mitigate our supply chain risk, we rely on a limited number of suppliers for materials, as well as several key subcontractors for the production of certain subassemblies and finished systems.

NetApp Australia is a marketer and distributor of NetApp products in the Australian market and a provider of post-sales customer support and consultancy services. NetApp Australia uses reputable large-scale external vendors, such as professional services, real estate, and facilities suppliers.

During the reporting period, NetApp has continued to implement actions to assist in addressing modern slavery risks associated with our operations and supply chains, as described throughout this Statement.

NetApp has taken actions to mitigate the risk of slavery and human trafficking in its supply chain, including:

• Supplier Code of Conduct. As explained above, NetApp’s Supplier Code of Conduct is aligned with the RBA Code and incorporates its key sections, including workers’ rights, the eradication of forced labor, working conditions, and supplier accountability and reporting of nonconformance. NetApp encourages and, in some cases, requires suppliers to adhere to the RBA Code of Conduct, including implementing a management system and audits and completing the RBA Self-Assessment Questionnaire (SAQ). The SAQ, which includes an assessment of the supplier’s policies and practices, helps alert NetApp to the possibility that human trafficking risks exist. NetApp expects its suppliers to read and abide by the standards outlined in NetApp’s Supplier Code of Conduct (including the suppliers to its Australian operations).
• NetApp supplier and partner agreements. Compliance with NetApp's Supplier Code of Conduct is part of NetApp’s standard contract language. Where NetApp contracts with services suppliers who participate in a U.S. Government contract or subcontract, it flows down applicable clauses to its suppliers, such as FAR Clause 52.222-50, Combating Trafficking in Persons. NetApp supplier contract templates include modern slavery provisions, so that its expectations with respect to modern slavery are included in the contractual framework with certain categories of suppliers and service providers. These clauses require the supplier or service provider to comply with all applicable Modern Slavery laws, statutes, and regulations and to have and maintain its own policies and procedures to identify and address its individual exposure to modern slavery risk.
• Supplier risk assessments and audits. NetApp uses the RBA assessment process (SAQ) to identify the potential risk of noncompliance by RBA member suppliers with NetApp’s Supplier Code of Conduct and RBA Code, including the actual or potential risks of slavery and human trafficking occurrences. As a part of NetApp’s overall participation in the RBA's collaborative audit effort, we expect RBA member suppliers to annually assess their conformance with the tenets of the Supplier Code of Conduct and RBA Code. Completion of the RBA SAQ includes an assessment of the supplier’s policies and practices that may give rise to human trafficking risks. NetApp may also require audits of RBA member suppliers, via a third party, if deemed necessary to verify their conformance to the RBA Code and related standards and policies. Third-party audits follow the RBA Validated Audit Process (VAP), which includes an assessment of the supplier’s risks and controls regarding human trafficking. If nonconformance is identified, we monitor the supplier’s activities to develop corrective action plans and close audit findings.

NetApp screens 100% of strategic suppliers through a rigorous due diligence process to reduce the risk of doing business with third parties who are likely to violate the law. Since NetApp’s last reporting period, NetApp also screened 35 additional high-risk area/sector suppliers.

NetApp Australia has carried out a modern slavery risk assessment and has assessed that there is a low risk of modern slavery practices in its operations and supply chains. Due to the nature and structure of its operations and supply chains, NetApp Australia relies on the actions taken at a global level to assess and address any risks identified. The specific steps that NetApp Australia has determined to take to respond to its low level of risk are outlined in “Training and Awareness,” below.

To proactively manage its modern slavery program, NetApp is performing a global modern slavery risk assessment in the current fiscal year. This assessment will help NetApp to understand the level of modern slavery risk that it faces and will inform what other steps it should take in order to reduce its risk exposure.

Assessment of effectiveness. NetApp reviews the scores of the SAQ completed by its suppliers who are members of the RBA to confirm that they are not deemed to be a high risk. NetApp Australia relies on the assessment of NetApp and does not carry out additional assessments.

NetApp’s Code of Conduct, which contains specific provisions on procurement from suppliers, vendors, contractors, and supply chain relationships, provides guidance to enable employees to put our company’s values into practice. It is available in seven languages on NetApp’s intranet and in English on our company’s external website.

The principles embodied in our Code of Conduct reflect NetApp’s policies on, among other topics, compliance hotline, speaking up, investigations, antiretaliation, diversity and discrimination, conflict minerals, antitrust, antibribery, and anticorruption, and protecting our company’s assets and reputation. To ensure compliance with our Code of Conduct and policies, NetApp conducts annual Code of Conduct training for all employees. Courses are administered and tracked through NetApp Learning Services, an internal organization that serves the technical and sales learning needs of NetApp employees, partners, and customers. Employees who are new to NetApp are also required to take an interactive Code of Conduct course. Additionally, every employee is required to read the Code of Conduct and certify that he or she has done so prior to joining NetApp.

NetApp’s Ethics and Compliance Program includes an Integrity and Compliance Office (ICO) and Global and Regional Business Conduct Councils. ICO oversees and administers NetApp’s Code of Conduct and is our primary resource for developing and implementing programs and tools to ensure compliance with global laws and NetApp’s policies. Our Business Conduct Councils are cross-functional governance bodies composed of senior leaders from different business units, including Sales Support and Marketing, Human Resources, Finance, Internal Audit, Legal, and ICO that identify and address compliance issues. The councils review company investigations, drive control improvements, and identify and prioritize areas for global compliance focus. NetApp maintains a robust process for reporting slavery and human trafficking, including online channels, and our Code of Conduct contains a nonretaliation policy. Processes exist for informing senior management about allegations of slavery and human trafficking, including periodic internal reporting on allegations that arise in the supply chain and details about key investigations that are in progress or completed.

All of our employees take NetApp’s Code of Conduct training upon hire and participate in initial and annual mandatory training on the contents of the Code of Conduct. The Code covers topics such as Corporate Social Responsibility, Human Rights, Respecting the Environment, Supply Chain Relationships, Harassment-Free Workplace, Diversity, and Antidiscrimination. The NetApp Code of Conduct training may contain a specific module covering Modern Slavery and Human Trafficking. In 2021, NetApp provided training in "Modern Slavery in the Supply Chain" to its employees who are directly engaged with sourcing and selecting suppliers. The purposes of the training were to ensure that employees understand what modern slavery is and how to spot modern slavery risks; to discuss with and communicate to third-party suppliers NetApp’s expectations with respect to combatting modern slavery; the steps that NetApp takes to minimize the risk of modern slavery occurring; and how employees can raise any concerns. New hires on the procurement team who have responsibility for sourcing and contracting are required to take the training "Modern Slavery in the Supply Chain."

Through our RBA membership, we also continue to encourage and support the participation of our employees who are responsible for supply chain management. These employees attend conferences, trainings, and workshops focused on understanding the RBA policies and best practices, including fighting human trafficking and forced labor. These resources are made available to NetApp suppliers who are RBA members.

For the purpose of the UK Modern Slavery Act 2015, this Statement has been approved by the board of NetApp UK on October 21, 2021 and signed by a director.

For the purpose of the UK Modern Slavery Act 2015, this Statement has been approved by the board of NetApp BV on September 28, 2022 and signed by a director.

For the purpose of the Australian Modern Slavery Act 2018 (Cth), this Statement has been approved by the board of NetApp Australia Pty in their capacity as principal governing body of NetApp Australia on September 28, 2022 and signed on its behalf by a director of NetApp Australia.