2021 SASB Index SASB Sector Standards 2018* SASB Code Accounting or Activity Metric FY21 Cross-Reference, Omissions, and Explanations PRODUCT SECURITY TC-HW-230a.1 Description of approach to identifying and addressing data NetApp follows secure development principles throughout our product development security risks in products lifecycle. We expand and improve on our secure-development programs on a continuing basis. As a part of our standard procedures, we implement secure design principles, developer training, and extensive testing programs. Details regarding NetApp’s product security can be found at https://Security.NetApp.com. EMPLOYEE DIVERSITY & INCLUSION TC-HW-330a.1 Percentage of gender and racial/ethnic group representation Performance Data, p. 55 for (1) management, (2) technical staff, and (3) all other employees. PRODUCT LIFECYCLE MANAGEMENT TC-HW-410a.1 Percentage of products by revenue that contain IEC 62474 100 percent of NetApp's products contain IEC 62474 declarable substances. declarable substances TC-HW-410a.2 Percentage of eligible products, by revenue, meeting the NetApp does not offer products meeting the requirements for EPEAT registration or requirements for EPEAT registration or equivalent equivalent. TC-HW-410a.3 Percentage of eligible products, by revenue, meeting Approximately 32 percent of NetApp's total FY21 revenue came from products sold ® ® ENERGY STAR criteria meeting the requirements for ENERGY STAR certification. TC-HW-410a.4 Weight of end-of-life products and e-waste recovered, Performance Data, p. 54 percentage recycled SUPPLY CHAIN MANAGEMENT TC-HW-430a.1 Percentage of Tier 1 supplier facilities audited in the RBA NetApp did not conduct any RBA VAP audits in FY21 because none of NetApp’s major Validated Audit Process (VAP) or equivalent, by (a) all suppliers that are RBA members and who completed the Self Assessment Questionnaire facilities and (b) high-risk facilities (“SAQ”) scored as “high risk” on the SAQ. TC-HW-430a.2 Tier 1 suppliers’ (1) non-conformance rate with the NetApp did not conduct any RBA VAP audits in FY21 because none of NetApp’s major RBA Validated Audit Process (VAP) or equivalent, and suppliers that are RBA members and who completed the Self Assessment Questionnaire (2) associated corrective action rate for (a) priority non- (“SAQ”) scored as “high risk” on the SAQ. conformances and (b) other non-conformances * NetApp’s 2021 ESG Report applies the 2018 version of the Hardware Sustainability Accounting Standard; “2018” refers to the Standards issue date, not the date of information presented in this report.