California Senate Bill 657

October 2019

The California Transparency in Supply Chains Act of 2010 and United Kingdom Modern Slavery Act of 2015 require certain businesses to disclose efforts to prevent or otherwise eradicate slavery and human trafficking from their supply chains. NetApp is committed to complying with these laws and ensuring that its employees and suppliers across the globe take appropriate steps to mitigate the risk of human trafficking and slavery in our supply chain.

Our commitment to human rights which covers topics such as forced labor, slavery, child labor and human trafficking is outlined in our own Human Trafficking Policy and NetApp’s Supplier Code of Conduct. As an active member of the Responsible Business Alliance (“RBA”), NetApp has adopted the RBA Code of Conduct (“RBA Code”) which prohibits the use of forced labor, including bonded, indentured labor or involuntary prison labor, human trafficking and child labor. Fundamental to adopting the RBA Code is the understanding that a business, in all of its activities, must operate in full compliance with the laws, rules, and regulations of the countries in which it operates. The RBA Code contains specific requirements covering slavery and human trafficking and encompasses a broader vision than simply the elimination of human trafficking, to include compliance with global labor standards and applicable laws; worker health and safety; the environment; business ethics; and the management of internal systems and controls to ensure effective compliance. In addition to adopting the RBA Code, NetApp participates in RBA activities.

NetApp’s internal policies and practices implement the RBA Code and are consistent with international labor and human rights standards. NetApp is committed to complying with the changes to the U.S. Government’s Federal Acquisition Regulation with regards to Combating Trafficking in Persons and expects our suppliers to comply (see our Trafficking in Persons Purchasing Policy). We work with our supply chain to create an environment where workers may freely choose employment. This focus on labor and worker rights is part of a larger effort around supply chain transparency and accountability.

NetApp has taken actions to ensure transparency and the prevention of abuses in our supply chain, including:

Supplier code of conduct. NetApp’s Supplier Code of Conduct is aligned with the RBA Code and implements its key sections, including workers’ rights, the eradication of forced labor, working conditions, and supplier accountability and reporting of non-conformance. NetApp requires adherence of its first-tier suppliers to the RBA Code. Such suppliers are required to demonstrate their compliance with the RBA Code – including implementation of a management system, self-assessments, and audits – by completion of the RBA Self- Assessment Questionnaire (SAQ).

NetApp supplier and partner agreements. Compliance with the RBA Code is part of NetApp’s standard contract language being implemented with all new first tier suppliers. Where NetApp contracts with services suppliers who participate in a U.S. Government contract or subcontract, it flows down applicable clauses to its suppliers, such as FAR Clause 52.222-50, Combating Trafficking in Persons.

Supplier risk assessments and audits. NetApp utilizes the RBA assessment process to identify the risks of non-compliance by our top suppliers with NetApp’s Supplier Code of Conduct and RBA Code, including the actual or potential risks of slavery and human trafficking occurrences. As a part of NetApp’s overall participation in the RBA's collaborative audit effort, we expect our suppliers to annually assess their conformance with the tenets of the Supplier Code of Conduct and RBA Code with the completion of the RBA SAQ, which includes an assessment of the supplier’s policies and practices that may give rise to human trafficking risks. NetApp also requires audits, via a third party, if deemed necessary to verify our supply chain’s conformance to the RBA Code and related standards and policies. Third-party audits follow the RBA Validated Audit Process (VAP), which includes an assessment of the supplier’s risks and controls regarding human trafficking. If non-conformance is identified, we work closely with our suppliers to develop corrective action plans and close audit findings.

NetApp’s Code of Conduct, which contains specific provisions on procurement from suppliers, vendors, and contractors and supply chain relationships, provides guidance to enable employees to put our company’s values into practice. It is available in 7 languages on NetApp’s intranet and in English on our company’s external website.

The principles embodied in our Code of Conduct reflect NetApp’s policies on, among other topics, compliance hotline, speaking up, investigations, anti-retaliation, diversity and discrimination, conflict minerals, antitrust, anti- bribery and anti-corruption and protecting our company’s assets and reputation. To ensure compliance with our Code of Conduct and policies, NetApp conducts annual Code of Conduct training for all employees. Courses are administered and tracked through our NetApp University, an internal program that serves the technical and sales learning needs for NetApp employees, partners and customers. Employees who are new to NetApp are also required to take an interactive Code of Conduct course. Additionally, every employee is required to read the Code and certify that he or she has done so prior to joining NetApp.

NetApp’s Ethic and Compliance Program includes an Integrity & Compliance Office (“ICO”) and Global and Regional Business Conduct Councils. ICO oversees and administers NetApp’s Code of Conduct and is NetApp’s primary resource for developing and implementing programs and tools to ensure compliance with global laws and NetApp’s policies. Our Business Conduct Councils (“BCC”) are cross-functional governance bodies, comprised of senior leaders from Business, Human Resources, Finance, Internal Audit, Legal and Integrity and Compliance Office that identify and address compliance issues. They review company investigations, drive control improvements and identify and prioritize areas for global compliance focus. NetApp maintains a robust process for reporting slavery and human trafficking, including online channels, and our Code of Conduct contains a non-retaliation policy. Processes for informing senior management about allegations of slavery and human trafficking include periodic internal reports on the supply chain and details about key investigations that are in progress or completed.

All of our employees are provided with NetApp’s Code of Conduct training upon hire and undergo initial and annual mandatory training on the contents of the Code of Conduct which includes topics such as Corporate Social Responsibility, Human Rights, Respecting the Environment, Supply Chain Relationships, Harassment-free Workplace, Diversity & Anti-discrimination. Through our RBA membership, we also encourage and support the participation of our employees who are responsible for supply chain management to attend conferences, training and workshops focused on ensuring understanding of the RBA policies and best practices, including fighting human trafficking and forced labor. These resources are made available to NetApp’s suppliers.

As per the United Kingdom Modern Slavery Act, this statement has been approved by the boards of NetApp UK and NetApp BV and signed by a director.