2021 TCFD Index Task Force on Climate-Related Financial Disclosures Recommended Disclosures Answer, Cross-Reference, Omissions, and Explanations GOVERNANCE Describe the board’s oversight of climate-related risks and NetApp has a board-level Audit Committee that provides oversight to the Enterprise Risk Management (ERM) program, opportunities. which includes a risk sub-category that focuses on climate. Describe management’s role in assessing and managing NetApp maintains a robust Enterprise Risk Management (ERM) Program and Policy. NetApp's ERM Program has two climate-related risks and opportunities. governing bodies – the Audit Committee and the Executive Risk Committee (ERC). The Executive Risk Committee is the coordinating body that oversees NetApp's response to risks that could impact NetApp's ability to achieve its overarching strategic goals, as well as its underlying business objectives. The Executive Risk Committee consists of selected members from each of the five risk pillars (strategic, operational, financial, compliance, human capital — Vice President / Executive Vice President level, cross-functional membership), Executive Management, and ERM Risk Manager. Individual Risk Owners share their function's top risks with the ERC every quarter. If the risk is significant, the board is informed at the Annual Audit Committee Meeting or even sooner, if necessary. The ERC is responsible for accountability and oversight of our ERM process in: (1) Identifying climate-related risks; (2) Ownership for identification of climate-related risks; (3) Approval of risk mitigation strategies and resource allocations to manage risks as appropriate; (4) Ensuring stakeholders are adequately informed about the long-term, risk-adjusted business strategy; and (5) Escalation of significant risks and risk events to the board. NetApp's Risk Manager holds a central role in coordinating ongoing global ERM program activities. The life cycle of our enterprise risk program includes steps to identify, assess, decide, act, respond, recover, and monitor individual risks related to climate. NetApp has a governance structure in place to address climate change. If a significant climate- related risk is identified, the Executive Risk Committee would inform the board. The Risk Committee and Risk Manager would provide detailed information to the board about the risk/incident and the timeline for response and next steps.