Governance Protecting Privacy NetApp holds itself Data privacy and security are foundational to NetApp’s business and align with our values of accountable to physical, respect, integrity, and building a model company. When privacy and security practices are logical, process, and based on these values, we believe trust will be the outcome: management controls – Respect: We strive to create products and services that empower our customers to meet throughout its business, expectations in the manner they view as the best practice and in full compliance with the law. which is demonstrated – Integrity: We provide honest and transparent information about our policies and practices by the certification of and use the law as the minimum standard. NetApp information security – Model: We continuously optimize our business operations to establish a model of integrity management systems for our customers, peers, and the industry. to ISO/IEC 27001:2013 by an Our efforts to improve our data privacy and security programs — and to empower our independent auditor. In FY21, customers with the tools they need to do the same — never stop. In 2020, we launched our NetApp’s in-scope products Privacy Champion program to assign operational responsibility for privacy. A NetApp Privacy Champion is rigorously trained to provide expertise, answer frontline privacy-related questions, and services met all controls identify issues, and collaborate with other experts to solve them. defined by ISO 27001:2013. NetApp uses our own operations to demonstrate industry-leading capabilities in data protection. We design our in-house business processes to comply with global best practices in data privacy and security. For example, our internal privacy policy details how we collect or observe information through a variety of contexts, collectively referred to as the “NetApp Platform.” The policy also discloses how we use, process, store, transfer, and disclose personal information. 40