Governance We continue to As an active member of the Responsible Business Alliance (RBA), NetApp has adopted the improve processes principles of the RBA Code of Conduct. As such, we comply with international labor and human rights standards. to identify, evaluate, Strengthening Our Supply Chain and potentially engage Our Supplier Code of Conduct is aligned with the RBA Code of Conduct and implements its diverse suppliers. key sections, including workers’ rights and noncompliance reporting. We encourage and, in some cases, require our first-tier suppliers to adhere to the RBA Code of Conduct. Adherence to the RBA Code of Conduct includes implementing a management system, self- assessments, and audits, by completion of the RBA Self-Assessment Questionnaire (SAQ). The SAQ questions include an assessment of the supplier’s policies and practices, which, in conjunction with NetApp’s Partner Risk Assessment and Due Diligence (PRADD) screening process, alerts NetApp to the potential risk of human trafficking. The RBA process provides the option to engage auditors to verify our supply chain’s conformance to the RBA Code of Conduct. These outside inspections follow the RBA Validated Audit Process (VAP), including an assessment of the supplier’s risks and controls related to human trafficking. If nonconformance is identified, we work closely with our suppliers to develop corrective action plans and resolve any audit concerns. 43