Transparency: Open access to NetApp information

June 2021

NetApp knows that trust is earned, not granted, and that building trust is essential to the willingness of our customers to confidently use NetApp products and services. Our deep commitment to transparency is designed to help earn that trust. We share clear and specific information about our values, policies, and core principles. These serve as the foundation for designing our products and services, governing our operations, and guiding our relationships with customers, partners, and our wider community.

Personal integrity, practiced on a daily basis, is the unshakeable foundation of our corporate integrity. The values that we share define who we are as a company and what we can expect from each other. NetApp’s Code of Conduct defines those values and how we implement them through our actions. It serves as the guide that helps everyone who works at NetApp put our values into practice every day. It helps us meet our obligations to our stakeholders and comply with the law and our own policies.

Based on the standards developed by the Responsible Business Alliance for the electronics industry, the NetApp Supplier Code of Conduct outlines the policies and practices that govern our suppliers. Every NetApp supplier must not only support the code, but actively implement our standards to ensure safe, ethical, and respectful work environments. The code outlines standards for labor, health and safety, the environment, and business ethics. It also specifies the elements of an acceptable system to manage conformity to our code.

Third-party requests are defined as any requests for customer data that did not originate with the party generating that data, and are generally categorized as either legal orders or nonlegal requests. Legal orders, such as law enforcement warrants or civil subpoenas, are those data requests that are required by law; nonlegal requests are all other requests. When responding to third-party requests, NetApp maintains detailed processes that are designed to protect the privacy and security of customer data.

For more than 25 years, NetApp has been committed to building a model company. We strive to achieve market leadership by living our values and fulfilling our commitments to all of our stakeholders. Building a model company takes deep commitment across all levels of the organization. Throughout our operations, we aim to put our values into action through our environmental, social, and governance (ESG) programs in sustainability, diversity, philanthropy, human rights, data privacy, and data security. Here we report on how NetApp views and addresses our impact on the people and world around us.

Conflict minerals refer to minerals that are mined in the Democratic Republic of the Congo and surrounding countries using forced labor, or where money derived from mining may be financing armed groups engaged in civil war, human rights abuses, or environmental damage.

NetApp complies with global laws regulating conflict minerals, such as the EU Conflict Minerals Regulation. We maintain policies and practices grounded in our Supplier Code of Conduct to ensure that our supply chain also complies. NetApp also files a public disclosure (Form SD) to the U.S. Securities and Exchange Commission that outlines our assessment of our suppliers’ use (if any) of conflict minerals.

Laws in Australia, California, the UK, and elsewhere require certain businesses to report on their efforts to prevent or eradicate slavery and human trafficking in their supply chains.

NetApp is committed to complying with these laws and to ensuring that our employees and suppliers around the globe take appropriate steps to mitigate the risks across our supply chain. NetApp uses the Responsible Business Alliance Code as the basis for identifying the risks of noncompliance. We work with our supply chain to promote an environment in which workers freely choose employment. We implement a robust system of internal accountability supported by mandatory annual training on our Supplier Code of Conduct and specific contractual agreements with suppliers.

NetApp is committed to building technology that meets international accessibility standards. The Voluntary Product Accessibility Template (VPAT) contains a list of requirements needed for a product to meet U.S. accessibility standards, which NetApp must meet to sell our products and services to the U.S. government. The template enables vendors, such as NetApp, to state their products’ conformance with these standards.

NetApp’s compliance is detailed in Accessibility Conformance Reports for more than 100 NetApp products and software (including the operating system).

NetApp offers an overview of the current status of all NetApp services as well as a calendar view of historical uptime (over the past 90 days). When there are outages, the daily reports indicate the reason—scheduled maintenance or other outage. They then specify the start time and date of the outage and the status—whether it is under investigation (including updates), a fix is being monitored, or it has been resolved.