Governance At the same time, for customer clarity and regulatory compliance, we’re focused on improving NetApp values transparency around our data privacy and security policies, practices, and operations. NetApp adaptability. With also provides contractual commitments on the treatment of personal data and meets a variety of national and international standards for data security. an ever-changing Empowering Digital Transformation Through Trust legal environment, NetApp’s Trust Center offers our customers, partners, and stakeholders a one-stop-shop for as well as an evolving clear and concise information about how NetApp’s products secure customer information while protecting individual privacy. We also set out the data security policies and procedures that threat landscape, we govern how we manage the security of our systems and our customers’ data. constantly seek to Broadly, NetApp follows global best practices and relevant laws for storing, transmitting, and improve our privacy processing data. Among others, we take measures that are central to effective security including encryption, authentication and authorization controls, breach reporting, data loss prevention, and data security and patch management. practices. NetApp values adaptability. With an ever-changing legal environment, as well as an evolving threat landscape, we constantly seek to improve our privacy and data security practices. NetApp was one of the first companies to file Binding Corporate Rules (BCRs) to govern the transfer of data from the European Union to other countries. BCRs require a comprehensive data privacy and security program, from training and governance to audits. 39
ESG Report | NetApp Page 39 Page 41