Leading with Corporate Social Responsibility

Environmental

Fortinet’s main purpose is to develop products that integrate multiple security and networking functions in one appliance that is energy efficient, requiring much less power, space and cooling than the previous multiple appliance approach. Fortinet’s initiatives make every effort to ensure full environmental compliance.  

Innovation that drives environmental responsibility is core to our strategy

We demonstrate our commitment to environmentally responsible behavior by ensuring that our products reduce environmental impact, we lead with environmentally responsible approaches to our daily business operations, and we adhere to compliance and regulations worldwide.

Energy efficient products

From the start of our business in 2000, our main purpose has aligned with environmental sustainability and conservation, helping enable a low-carbon information technology infrastructure and minimizing waste and leveraging the full cycle of materials. Our strategy is to deliver better security and networking functionality by integrating functionality into one single appliance with a single power cord.

Traditionally, a customer may require an array of different appliances, potentially using up to five times the space, cooling, and power. With Fortinet’s integrated approach, a customer can achieve the same security and networking functionality with just one appliance that uses one-fifth of the power, cooling, and space.

 

Environmental leadership

In addition to sustainability being at the core of our strategy, we believe daily environmentally friendly operational practices make good business sense. At Fortinet, we intertwine environmental and efficient business practices into our every-day operations. Our headquarters in Sunnyvale, California harnesses natural energy with large solar panels installed in the parking lot to reduce energy usage.  Fortinet is expanding our corporate headquarters into a 172,000 square foot state-of-the-art building with a LEED Gold Energy Efficiency Rating.

Fortinet incentivizes employees at its headquarters to reduce their environmental footprint by providing  onsite EV Charging Stations based on solar power, preferred parking spaces for those who drive to work in sustainable energy vehicles, mobile fueling for all employees and installed bike racks. Fortinet is committed to renewable energy. At Fortinet headquarters the company utilizes solar power, drought resistant landscaping, a silica rooftop to reduce heat, LED bulbs, and auto power-down after-hours to reduce reliance on electricity generated by local utilities that burn natural gas. Fortinet also has office recycling programs at company locations, such as E-Waste , Paper & Cardboard, Food Scrap Program & battery recycling collection program.

Fortinet has strategically invested worldwide in setting-up local/regional RMA Depots to reduce transportation-related emissions and provide better customer service. With these local/regional RMA Depots, Fortinet is able to efficiently minimize shipping distances, collect defective products at centralized locations, perform local repairs, recycle  defective units in compliance with local regulations and to consolidate shipments to reduce our carbon footprint.

Fortinet manages its logistics/shipping process with Supply Chain and Logistics Service Providers committed to ensure compliance with  laws and regulations through the application and enforcement of Environmental Policies that are aimed to reduce air emissions and pollutions by promoting the use of clean fuels, transportation network optimization and by investing in fuel saving technologies.

Compliance

RoHS compliance

Dedicated teams and processes ensure compliance with environmental product material content requirements worldwide.

The E.U. Directive on Restriction of Hazardous Substances (RoHS) mandates some of the most stringent environmental manufacturing standards, and Fortinet has gone beyond the requirements to manufacture all of its products sold worldwide to comply with these strict policies, even in countries outside of the EU where the environmental regulations are less environmentally protective. We monitor our suppliers and contract manufacturers to ensure they follow required standards and procedures and generate compliance documentation. In addition, we monitor and apply, material content requirements covered by REACH and other regulations from E.U., non-E.U. members and industry standards.

WEEE compliance

Fortinet is committed to proper disposal and recycling, for example supporting compliance with the E.U. Waste Electrical and Electronic Equipment (WEEE) directive to properly dispose of and recycle Fortinet appliances  in an environmentally friendly way. Fortinet requires its E.U. distributors and resellers to perform environmentally friendly, WEEE-compliant collection, shipment, and processing for disposed products, at no charge to the user.  To ensure compliance with WEEE, Fortinet provides required labeling on its products with a crossed-out wheelie bin symbol to help minimize WEEE disposal as unsorted municipal waste and facilitate its separate collection. Additionally, Fortinet’s products do not contain fluorinated greenhouse gases, liquids nor prohibited substances and, as such, do not require special handling nor treatment from other common WEEE recyclables.

 

For more information, see the following FAQ.

 

Social

Fortinet’s primary purpose aligns with contributing social good, in that Fortinet’s primary purpose is to develop products that make the world a safer and more efficient place for organizations like schools, hospitals, medical device companies, and small and large businesses to operate. Our products are designed to allow organizations to protect personal and private customer information and intellectual property, and to run their businesses without the cost, distraction, and violations of privacy that sophisticated criminal organizations and hackers are bringing about on a daily basis.

Beyond our core business, we also have programs designed to help make the world a better place through our employee initiatives, initiatives to help close the security skills gap, community initiatives, and public safety and human rights initiatives.

Fortinet Culture

As a company, Fortinet’s top culture priorities for our employees align with our focus on diversity and inclusion. Fortinet believes in:

  • Openness: Sharing knowledge and information openly, and collaboratively considering a variety of diverse ideas and different perspectives. 
  • Teamwork: Working collaboratively as a worldwide, diverse team to deliver results and solve challenging and complex problems to help our customers.
  • Innovation: The development of original ideas and solutions that help customers by attracting and retaining top, diverse talent from around the world.

Fortinet’s diversity and inclusion efforts have contributed to positive employee-based recognition of our efforts. In 2017, the San Francisco Business Times named us as a Great Place to Work in the San Francisco Bay Area. Fortinet was honored with a Glassdoor Employees’ Choice Award recognizing Fortinet as the Best Places to Work in Canada in 2019. This award is based entirely on the input of employees who voluntarily provide feedback on their workplace experience. Fortinet received high ratings for our career opportunities and values. Fortinet has also been recognized as a Great Place to Work in Mexico, Brazil and India, and Fortinet was recognized as a BC Top Employer in British Columbia, Canada from 2019-2015. As of April 2020, Fortinet has a 4.5 out of a 5.0 overall company rating and 96% positive CEO rating in Glassdoor.

 

Employee Initiatives

Board Level Oversight

The Board of Directors changed the name of its Compensation Committee to be its Human Resources Committee, to signify the Board’s substantive focus on a healthy employee culture of diversity and inclusion and fairness.

Fortinet Women’s Network

The Fortinet Women’s Network is designed to empower women in cybersecurity with networking opportunities and monthly meetings.

Fair Pay and Benefits

Fortinet offers competitive and fair salaries and actively participates in various domestic and international compensation surveys to ensure our pay practices remain attractive and fair to all employees. Fortinet health benefits, retirement plans and/or allowances are customized to meet the unique needs of our employees in a variety of countries around the world. 

Community Outreach

We encourage our employees to become involved in charitable activities that positively impact their communities.

Health and Safety

We have taken numerous steps to go above and beyond requirements to help protect employees during the Coronavirus pandemic.

Charitable Giving

Our employee charitable gift matching program encourages U.S. employees to contribute to qualifying charitable organizations.

Closing the Security Skills Gap

As a technology company and a learning organization, Fortinet is committed to closing the cybersecurity skills gap through training and education initiatives of people worldwide, including our employees, our channel partners’ employees and beyond. These efforts include:

 

NSE Institute programs

Network Security Expert (NSE) Institute comprised of the NSE Certification program, Fortinet Network Security Academy (FNSA) and the Fortinet Veterans (FortiVet) program is focused on closing the cybersecurity skills gap and addressing the talent shortage. For more information visit here.

World Economic Forum

As a founding partner of WEF’s Centre for Cybersecurity, Fortinet has been engaging in discussions at WEF events, including Davos, and offering unique and valuable insights to the global cybersecurity conversation.

Community Initiatives

We also have programs designed to return value to the communities in which we live, such as community outreach and charitable giving programs.

In addition, we have processes that ensure protection of human rights in our supply chain, and avoid doing business with certain parties if designated as problematic from a human rights perspective.

Further, Fortinet has led efforts to share threat information and collaborate with our competition to help protect society’s data. Fortinet founded the Cyber Threat Alliance to share threat intelligence with other security organizations to better secure the world’s data.  

We also partner with various government organizations to share threat intelligence and fight bad actors to secure society’s data and private information. 

Through Fortinet’s threat sharing leadership, Fortinet leverages its primary focus on security to help provide the public service of sharing threat intelligence to more broadly protect information, privacy, and critical infrastructure and to help important organizations and infrastructure operators effectively meet their purpose without disruption.

Public Safety and Human Rights

Fortinet aims to partner with peers and stakeholders to influence and help shape public policy decisions to improve security on global, national, and local levels.

  • Fortinet prohibits discrimination.
  • Fortinet promotes a meritocracy.
  • Fortinet offers wellness programs.

Customs Trade Partnership Against Terrorism (CTPAT)

Fortinet proudly supports the CTPAT program efforts to safeguard the world's trade industry from terrorists and to maintain the economic health of the U.S. and its neighbors.

Conflict Minerals

The Fortinet conflict minerals policy demonstrates our commitment to human rights and to comply with the Conflict Minerals Rules and ensure our partners adhere to our compliance standards.

Prohibition on Human Trafficking

Fortinet is committed that its business practices, human resources procedures, and the selection of its staff are aligned with the combat against slavery and human trafficking. Read the Fortinet statement for more information.

Blocking Business with Human Rights Violators

Fortinet takes steps to screen against denied parties, including but not limited to designated terrorists, human rights violators, human rights abuse, and corruption.

Fortinet’s products and services are used by customers for data protection and privacy.

Governance

Fortinet leads in diversity and inclusion, starting at the highest level of Fortinet leadership.  Fortinet’sBoard of Directors includesthree female directors, with females making up 33% of the members of the Board of Directors, and 78% of Fortinet’s current directors are diverse.

Fortinet is focused on strong governance.  For example, the Board of Directors, on its own initiative, eliminated its staggered Board and instituted annual Board terms.

The Governance Committee updated its Charter in 2020 to include its focus on oversight of environmental, social and corporate governance, or ESG, matters.

Fortinet engages in a continuous quality-improvement approach to corporate governance practices. We monitor and evaluate trends in corporate governance and compare and evaluate new developments against our current practices. We understand that corporate governance is not static. We receive input from our stockholders and others on our practices and policies, and the Governance Committee considers this input when considering best governance practices for our company, reviewing proposals to change practices or policies and making recommendations to the Board of Directors.

Shareholder Rights

Fortinet previously approved a stockholder communications policy, which is available on our Investor Relations website, that gives our stockholders the ability to address the Board of Directors through correspondence with our Corporate Secretary. This allows any stockholder to present appropriate materials to the Board of Directors at any time, while maintaining a process of fairness and thoughtfulness with regards to the governance practices of the Board of Directors.

 

Audit and Oversight

As stated in its Charter, the Fortinet Audit Committee provides oversight of Fortinet’s accounting and financialreporting processes and the audit of Fortinet’s financial statements; assists the Board in oversight of (1) the integrity of Fortinet’s financial statements, (2) Fortinet’s compliance with legal and regulatory requirements, (3) the internal audit function, (4) the independent auditor’s qualifications, independence and performance, and (5) Fortinet’s internal accounting and financial controls; and provides to the Board such information and materials as it may deem necessary to make the Board aware of significant financial matters that require the attention of the Board.

 

Compensation

As stated in its Charter, the Fortinet Human Resources Committee provides oversight of Fortinet’s compensation policies, plans and benefits programs, and overall compensation philosophy; discharges the Board’s responsibilities relating to (1) oversight of the compensation of Fortinet’s Chief Executive Officer (“CEO”) and its executive officers (including officers reporting under Section 16 of the Securities Exchange Act of 1934) and (2) the evaluation and approval of Fortinet’s CEO and executive officer compensation plans, policies and programs; and administers Fortinet’s equity compensation plans for its executive officers and employees.

 

Compliance

Fortinet’s employees are required to abide by a Code of Business Conduct and Ethics.

Learn More

Fortinet partners are required to comply with the Partner Code of Conduct.

Learn More

 

Fortinet is committed to conducting business with integrity and in compliance with the letter and the spirit of the law. Fortinet’s Whistleblower Policy sets forth a duty to report compliance matters and prohibits retaliation.

 

Environmental FAQs

Q: What is RoHS and which products are affected?

A: Directive 2011/65/EU "Restriction of Hazardous Substances” in electrical and electronic equipment per EU Directive 2011/65/EU and its amendments.

RoHS applies to the following substances:

  • Lead (Pb) - Polybrominated Diphenyl Ether (PBDE)
  • Mercury (Hg) - Bis(2-ethylhexyl) phthalate (DEHP)
  • Cadmium (Cd) - Benzyl butyl phthalate (BBP)
  • Hexavalent Chromium (Cr6+) - Dibutyl phthalate (DBP)
  • Polybrominated biphenyl (PBB) - Diisobutyl phthalate (DIBP)

To comply with the EU RoHS legislation, each of these substances must either be removed or reduced below the maximum permitted concentrations in any products containing electrical or electronic components placed on the market within the European Union.

All consumer and commercial electrical and electronic products are affected.

Q: What is the difference between lead-free and RoHS-compliant?

A: While lead (Pb) is the most widely used toxic substance in electrical and electronic equipment (EEE), the term "lead-free" often implies the product contains no lead, but in some instances denotes the presence of lead below a defined maximum concentration. RoHS restricts ten substances, lead among them. To be compliant with the RoHS Directive, the presence of each of these substances must be reduced below their allowed maximum concentration values (MCV), or an applicable exemption taken.

Q: What are the benefits of the RoHS Directive?

A: The production of these raw materials and their eventual disposal can cause damage to both the environment in terms of pollution and to human health from occupational exposure and exposure following disposal. The elimination of these materials from use in products will reduce the environmental and health risks of exposure early in the supply chain.

Q: What is Fortinet's approach to the RoHS issues?

A: Due to concerns about the environmental and health impacts of hazardous substances used in electrical products, Fortinet completed a transition to Restriction of Hazardous Substances (RoHS) compliance. We respect the global environment and are committed to environmentally responsible products and behavior.  Fortinet fully support restrictions of hazardous substances that could reach the environment when such equipment reaches its end-of-life disposal.

Q: What is Fortinet's verification standard for RoHS compliance?

A: Fortinet follows the RoHS Directive (2011/65/EU) and considers a product to be RoHS-compliant if the maximum concentration value is less than 0.1% by weight in homogeneous materials for lead, mercury, hexavalent chromium, brominated flame retardants (PBBs and PBDEs) and phthalates (DEHP, BBP, DBP, DIBP), and is up to 0.01% by weight in homogeneous materials for cadmium, or if an applicable exemption is taken as defined by the Directive.

Q: My company is based in the USA. Does the European Union RoHS legislation affect us?

A: If you place Fortinet products on the market to any European Union member country, yes, you are affected.

Q: How will Fortinet identify European Union RoHS-compliant products?

A: All EU RoHS-compliant products shipped from Fortinet have integrated into the serial number an identifier for RoHS-compliance. RoHS compliance is now a CE mark directive.  Therefore, the CE mark must be placed on the shipping box and product.

Q: How does Fortinet verify the materials from its vendors and suppliers are EU RoHS compliant?

A: To ensure RoHS compliance of components and assemblies, Fortinet collect and assess RoHS compliance declarations, Material Declarations and Analytical Test Results documents from the manufacturer as specified in the EN 50581:2012 (IEC 6300:2018) “Standard for RoHS2 Technical Documentation”.

Q: What is WEEE?

A: European Union Directive 2012/19/EU covers the handling of Waste from Electrical and Electronic Equipment by the producer upon a product’s end-of-life. In the EU, the "producer" is responsible for handling the WEEE product collection and recycling. The consistent interpretation of the "producer" by EU member states has been the "importer of record" (VAT Registrant), and that party must register and make available arrangements for treatment, recovery, and recycling of electrical and electronic equipment. Legislation became effective August 13, 2005. All EEE placed on the market after that date must be WEEE marked and arrangements made available for collection after the product's end-of-life.

Q: Why is the WEEE Directive needed?

A: In Europe, at the inception of WEEE, over 90% of electrical and electronic equipment went into landfill sites - around six million tons of waste every year. Emissions of hazardous substances to the soil, ground water and air that result are a risk to both health and the environment.

Q: Are the RoHS and WEEE directives related?

A: Yes, in the sense that RoHS restricts the use of hazardous substances placed into products and WEEE deals with the end-of-life recycling of those products containing hazardous substances. WEEE Directive aims to raise levels of recycling of WEEE and encourages products be designed with dismantling and recycling in mind. A key part of this is to make importers and distributors of electrical and electronic equipment to the EU responsible for meeting the costs of the collection, treatment, and recovery of WEEE. If products are designed with this in mind, there is an opportunity to reduce these costs. The RoHS Directive fits into this by reducing the amount of hazardous substances used in products. This reduces the risks to recycling staff and means that less special handling is required, again leading to a reduction in recycling costs.

Q: Where can I find more information on RoHS and WEEE?

A: Please refer to the European Commission's Environmental webpage.