Our Commitment to Informed Public Policy with Proper Openness and Oversight
Fortinet is committed to contribute to communities in positive ways whereby we are well-positioned to help. For example, we participate in policy discussions that will, among other things, help better inform policymakers with accurate and fulsome information to help further our mission to empower efficient and secure network operations for our customers and to help bridge the security skills gap.
Fortinet is committed to ensure proper controls and openness related to its public policy engagement, in part through oversight at the highest levels. Our Board of Directors has assigned oversight responsibility regarding Fortinet’s public policy engagements to the Governance Committee of the Board.
Furthermore, at an executive management level, our General Counsel and Head of Government Affairs are responsible to oversee meaningful high level government affairs engagements and to monitor such activities to ensure proper disclosure and full compliance with all laws and regulations.
Fortinet’s Code of Business Conduct and Ethics (“Code of Conduct”) includes policies designed to help with oversight to help ensure openness, compliance, and alignment with Fortinet’s customer and stockholder political engagement objectives.
And Fortinet requires its employees to take annual ethics training and to certify annually that each employee has read, understands, and will abide in full by the Code of Conduct.
To date, Fortinet has not engaged in corporate donations to campaigns for public office or to elected public officials. And Fortinet’s internal policies expressly require that, absent prior written approval by the General Counsel and Head of Government Affairs, “No political contribution shall be made, directly or indirectly, with Fortinet’s funds or assets, regardless of whether the contribution is legal under the laws of the country in which it is made.” Specifically, this includes contributions to 527 organizations and direct independent expenditures.
Fortinet will update these disclosures to be open in the event it decides to change this approach, and, to be prepared in such event, Fortinet has set up controls to ensure proper oversight, compliance and openness in the event Fortinet does start to participate in such donations, where permitted.
Fortinet’s internal financial approval processes require high level approvals for any and all potential political contributions by Fortinet.
Fortinet has a strict policy and process around any such contributions/expenditures, and Fortinet’s Code of Conduct is clear that “it is the company’s policy to comply fully with all local, state, federal, foreign and other applicable laws, rules and regulations regarding political contributions.”
And in line with applicable laws, Fortinet’s policies prohibit its employees from making political contributions and submitting the associated expense to Fortinet for reimbursement.
Fortinet has not made Federal political contributions. Additionally, Fortinet has not established and does not currently maintain a political action committee (PAC). Additionally, Fortinet does not use company funds or assets to contribute to any PAC. If Fortinet decides to make political contributions in the future, we are committed to appropriate compliance and required disclosure and reporting of these activities, and, if Fortinet changes its approach to consider Federal political contributions, it will take steps to ensure full compliance with legal requirements, such as establishing a PAC, and will also disclose related details on this site.
Openness and Required Disclosures
Fortinet commits to openly disclose any required public reporting and disclosure, such as those required related to political contributions and lobbying. Given there have been no company contributions to individuals running for political office or elected public officials to date, there are no related contribution disclosures.
Fortinet does engage in discussions with policymakers at different levels of government, as permitted, and files all required reports and disclosures. At the Federal level, Fortinet regularly submits reports required by the Lobbying Disclosure Act of 1995, as amended. These filings can be found here. With regard to Fortinet’s limited state and local government engagements to date, Fortinet files all required registrations, reports, and disclosures related to such engagements, as required by the relevant jurisdictions. Required state and local reports can be located on each of the jurisdictions’ publicly accessible lobbying-related website.
At Fortinet’s initiative on this website, Fortinet has made voluntary disclosures beyond required disclosures, in keeping with Fortinet’s commitment to be open.
Strategic Alliances and Industry Associations
Fortinet has engaged in strategic alliances with various third parties for the betterment of the community, for example, to provide improved protection from security threats and sophisticated hackers. As one specific example, Fortinet was a founding member of the Cyber Threat Alliance (CTA), an organization of security companies who, pursuant to the CTA, share threat intelligence among the private company members to help the security industry as a whole protect against bad actors, for the better protection of society. Information on the CTA can be found here.
Fortinet intends to continue engagement with third-party strategic allies and industry associations as practical, to, among other things, expand our positive influence on important public policy issues in various areas such as: helping train under-represented groups and women in security skills to help with career development for these individuals while helping bridge the security skills gap, securely closing the digital divide, and helping ensure physical and digital infrastructure policies address the ongoing dynamic, sophisticated, and rapidly evolving cybersecurity threat environment.