Leading with Corporate Social Responsibility
Fortinet’s main purpose is to develop products that integrate multiple security and networking functions in one appliance that is energy efficient, requiring much less power, space and cooling than the previous multiple appliance approach. Fortinet’s initiatives make every effort to ensure full environmental compliance.
Innovation that drives environmental responsibility is core to our strategy
We demonstrate our commitment to environmentally responsible behavior by ensuring that our products reduce environmental impact, we lead with environmentally responsible approaches to our daily business operations, and we adhere to compliance and regulations worldwide.
Energy efficient products
From the start of our business in 2000, our main purpose has aligned with environmental sustainability and conservation, helping enable a low-carbon information technology infrastructure and minimizing waste and leveraging the full cycle of materials. Our strategy is to deliver better security and networking functionality by integrating functionality into one single appliance with a single power cord.
Traditionally, a customer may require an array of different appliances, potentially using up to five times the space, cooling, and power. With Fortinet’s integrated approach, a customer can achieve the same security and networking functionality with just one appliance that uses one-fifth of the power, cooling, and space.
In addition to sustainability being at the core of our strategy, we believe daily environmentally friendly operational practices make good business sense. At Fortinet, we intertwine environmental and efficient business practices into our every-day operations. Our headquarters in Sunnyvale, California harnesses natural energy with large solar panels installed in the parking lot to reduce energy usage. Fortinet is expanding our corporate headquarters into a 172,000 square foot state-of-the-art building with a LEED Gold Energy Efficiency Rating.
Fortinet incentivizes employees at its headquarters to reduce their environmental footprint by providing onsite EV Charging Stations based on solar power, preferred parking spaces for those who drive to work in sustainable energy vehicles, mobile fueling for all employees and installed bike racks. Fortinet is committed to renewable energy. At Fortinet headquarters the company utilizes solar power, drought resistant landscaping, a silica rooftop to reduce heat, LED bulbs, and auto power-down after-hours to reduce reliance on electricity generated by local utilities that burn natural gas. Fortinet also has office recycling programs at company locations, such as E-Waste, Paper & Cardboard, Food Scrap Program & battery recycling collection program.
Fortinet has strategically invested worldwide in setting-up local/regional RMA Depots to reduce transportation-related emissions and provide better customer service. With these local/regional RMA Depots, Fortinet is able to efficiently minimize shipping distances, collect defective products at centralized locations, perform local repairs, recycle defective units in compliance with local regulations and to consolidate shipments to reduce our carbon footprint.
Fortinet manages its logistics/shipping process with Supply Chain and Logistics Service Providers committed to ensure compliance with laws and regulations through the application and enforcement of Environmental Policies that are aimed to reduce air emissions and pollutions by promoting the use of clean fuels, transportation network optimization and by investing in fuel saving technologies.
Dedicated teams and processes ensure compliance with environmental product material content requirements worldwide.
The EU Directive on Restriction of Hazardous Substances (RoHS) mandates some of the most stringent environmental manufacturing standards, and Fortinet has gone beyond the requirements to manufacture all of its products sold worldwide to comply with these strict policies, even in countries outside of the EU where the environmental regulations are less environmentally protective. We monitor our suppliers and contract manufacturers to ensure they follow required standards and procedures and generate compliance documentation. In addition, we monitor and apply, material content requirements covered by REACH and other regulations from EU, non-EU members and industry standards.
Fortinet is committed to proper disposal and recycling, for example supporting compliance with the EU Waste Electrical and Electronic Equipment (WEEE) directive to properly dispose of and recycle Fortinet appliances in an environmentally friendly way. Fortinet requires its EU distributors and resellers to perform environmentally friendly, WEEE-compliant collection, shipment, and processing for disposed products, at no charge to the user. To ensure compliance with WEEE, Fortinet provides required labeling on its products with a crossed-out wheelie bin symbol to help minimize WEEE disposal as unsorted municipal waste and facilitate its separate collection. Additionally, Fortinet’s products do not contain fluorinated greenhouse gases, liquids nor prohibited substances and, as such, do not require special handling nor treatment from other common WEEE recyclables.
For more information, see the following FAQ.
Fortinet’s primary purpose aligns with contributing social good, in that Fortinet’s primary purpose is to develop products that make the world a safer and more efficient place for organizations like schools, hospitals, medical device companies, and small and large businesses to operate. Our products are designed to allow organizations to protect personal and private customer information and intellectual property, and to run their businesses without the cost, distraction, and violations of privacy that sophisticated criminal organizations and hackers are bringing about on a daily basis.
Beyond our core business, we also have programs designed to help make the world a better place through our employee initiatives, initiatives to help close the security skills gap, community initiatives, and public safety and human rights initiatives.
As a company, Fortinet’s top culture priorities for our employees align with our focus on diversity and inclusion. Fortinet believes in:
- Openness: Sharing knowledge and information openly, and collaboratively considering a variety of diverse ideas and different perspectives.
- Teamwork: Working collaboratively as a worldwide, diverse team to deliver results and solve challenging and complex problems to help our customers.
- Innovation: The development of original ideas and solutions that help customers by attracting and retaining top, diverse talent from around the world.
Fortinet’s diversity and inclusion efforts have contributed to positive employee-based recognition of our efforts. In 2017, the San Francisco Business Times named us as a Great Place to Work in the San Francisco Bay Area. Fortinet was honored with a Glassdoor Employees’ Choice Award recognizing Fortinet as the Best Places to Work in Canada in 2019. This award is based entirely on the input of employees who voluntarily provide feedback on their workplace experience. Fortinet received high ratings for our career opportunities and values. Fortinet has also been recognized as a Great Place to Work in Mexico, Brazil and India, and Fortinet was recognized as a BC Top Employer in British Columbia, Canada from 2015 - 2019. As of April 2020, Fortinet has a 4.5 out of a 5.0 overall company rating and 96% positive CEO rating in Glassdoor.
Board Level Oversight
The Board of Directors changed the name of its Compensation Committee to be its Human Resources Committee, to signify the Board’s substantive focus on a healthy employee culture of diversity and inclusion and fairness.
Fortinet Women’s Network
The Fortinet Women’s Network is a regional program designed to empower women in cybersecurity with networking opportunities.
We encourage our employees to become involved in charitable activities that positively impact their communities.
Our employee charitable gift matching program encourages U.S. employees to contribute to qualifying charitable organizations.
Fair Pay and Benefits
Fortinet offers competitive and fair salaries and actively participates in various domestic and international compensation surveys to ensure our pay practices remain attractive and fair to all employees. Fortinet health benefits, retirement plans and/or allowances are customized to meet the unique needs of our employees in a variety of countries around the world.
Fortinet has showed leadership by establishing its COVID-19 Response Plan to combat the COVID-19 pandemic, with specific actions to help our employees, customers and community. We have taken steps to help protect the health and well-being of our employees; increased Fortinet’s employee charitable contribution matching program over tenfold to match employees’ contributions up to $2,000 per employee; provided customers free products to help organizations continue to do business with an abruptly increased remote workforce and free security training to help continue operations during this challenging time; and we are providing free online information technology security training for the public, to help high school and college students and professionals augment their security skillsets to open career opportunities and generally help narrow the security skills gap.
Closing the Security Skills Gap
As a technology company and a learning organization, Fortinet is committed to closing the cybersecurity skills gap through training and education initiatives of people worldwide, including our employees, our channel partners’ employees and beyond. These efforts include:
NSE Institute programs
Network Security Expert (NSE) Institute comprised of the NSE Certification program, Fortinet Network Security Academy (FNSA) and the Fortinet Veterans (FortiVet) program is focused on closing the cybersecurity skills gap and addressing the talent shortage. For more information visit here.
World Economic Forum
As a founding partner of WEF’s Centre for Cybersecurity, Fortinet has been engaging in discussions at WEF events, including Davos, and offering unique and valuable insights to the global cybersecurity conversation.
We also have programs designed to return value to the communities in which we live, such as community outreach and charitable giving programs.
In addition, we have processes that ensure protection of human rights in our supply chain, and avoid doing business with certain parties if designated as problematic from a human rights perspective.
Further, Fortinet has led efforts to share threat information and collaborate with our competition to help protect society’s data. Fortinet founded the Cyber Threat Alliance to share threat intelligence with other security organizations to better secure the world’s data.
We also partner with various government organizations to share threat intelligence and fight bad actors to secure society’s data and private information.
Through Fortinet’s threat sharing leadership, Fortinet leverages its primary focus on security to help provide the public service of sharing threat intelligence to more broadly protect information, privacy, and critical infrastructure and to help important organizations and infrastructure operators effectively meet their purpose without disruption.
Public Safety and Human Rights
Fortinet aims to partner with peers and stakeholders to influence and help shape public policy decisions to improve security on global, national, and local levels.
- Fortinet prohibits discrimination.
- Fortinet promotes a meritocracy.
- Fortinet offers wellness programs.
Customs Trade Partnership Against Terrorism (CTPAT)
Fortinet proudly supports the CTPAT program efforts to safeguard the world's trade industry from terrorists and to maintain the economic health of the U.S. and its neighbors.
The Fortinet conflict minerals policy demonstrates our commitment to human rights and to comply with the Conflict Minerals Rules and ensure our partners adhere to our compliance standards.
Prohibition on Human Trafficking
Fortinet is committed that its business practices, human resources procedures, and the selection of its staff are aligned with the combat against slavery and human trafficking. Read the Fortinet statement for more information.
Blocking Business with Human Rights Violators
Fortinet takes steps to screen against denied parties, including but not limited to designated terrorists, human rights violators, human rights abuse, and corruption.
Fortinet’s products and services are used by customers for data protection and privacy.
Fortinet leads in diversity and inclusion, starting at the highest level of Fortinet leadership. Fortinet’s Board of Directors includes three female directors, with females making up 33% of the members of the Board of Directors, and 78% of Fortinet’s current directors are diverse.
Fortinet is focused on strong governance. For example, the Board of Directors, on its own initiative, eliminated its staggered Board and instituted annual Board terms.
The Governance Committee updated its Charter in 2020 to include its focus on oversight of environmental, social and corporate governance, or ESG, matters.
Fortinet engages in a continuous quality-improvement approach to corporate governance practices. We monitor and evaluate trends in corporate governance and compare and evaluate new developments against our current practices. We understand that corporate governance is not static. We receive input from our stockholders and others on our practices and policies, and the Governance Committee considers this input when considering best governance practices for our company, reviewing proposals to change practices or policies and making recommendations to the Board of Directors.
Fortinet previously approved a stockholder communications policy, which is available on our Investor Relations website, that gives our stockholders the ability to address the Board of Directors through correspondence with our Corporate Secretary. This allows any stockholder to present appropriate materials to the Board of Directors at any time, while maintaining a process of fairness and thoughtfulness with regards to the governance practices of the Board of Directors.
Audit and Oversight
As stated in its Charter, the Fortinet Audit Committee provides oversight of Fortinet’s accounting and financial reporting processes and the audit of Fortinet’s financial statements; assists the Board in oversight of (1) the integrity of Fortinet’s financial statements, (2) Fortinet’s compliance with legal and regulatory requirements, (3) the internal audit function, (4) the independent auditor’s qualifications, independence and performance, and (5) Fortinet’s internal accounting and financial controls; and provides to the Board such information and materials as it may deem necessary to make the Board aware of significant financial matters that require the attention of the Board.
As stated in its Charter, the Fortinet Human Resources Committee provides oversight of Fortinet’s compensation policies, plans and benefits programs, and overall compensation philosophy; discharges the Board’s responsibilities relating to (1) oversight of the compensation of Fortinet’s Chief Executive Officer (“CEO”) and its executive officers (including officers reporting under Section 16 of the Securities Exchange Act of 1934) and (2) the evaluation and approval of Fortinet’s CEO and executive officer compensation plans, policies and programs; and administers Fortinet’s equity compensation plans for its executive officers and employees.
Fortinet is committed to conducting business with integrity and in compliance with the letter and the spirit of the law. Fortinet’s Whistleblower Policy sets forth a duty to report compliance matters and prohibits retaliation.
Q: What is RoHS and which products are affected?
A: Directive 2011/65/EU "Restriction of Hazardous Substances” in electrical and electronic equipment per EU Directive 2011/65/EU and its amendments.
RoHS applies to the following substances:
- Lead (Pb)
- Mercury (Hg)
- Cadmium (Cd)
- Hexavalent Chromium (Cr6+)
- Polybrominated biphenyl (PBB)
- Polybrominated Diphenyl Ether (PBDE)
- Bis(2-ethylhexyl) phthalate (DEHP)
- Benzyl butyl phthalate (BBP)
- Dibutyl phthalate (DBP)
- Diisobutyl phthalate (DIBP)
To comply with the EU RoHS legislation, each of these substances must either be removed or reduced below the maximum permitted concentrations in any products containing electrical or electronic components placed on the market within the European Union.
All consumer and commercial electrical and electronic products are affected.
Q: What is the difference between lead-free and RoHS-compliant?
A: While lead (Pb) is the most widely used toxic substance in electrical and electronic equipment (EEE), the term "lead-free" often implies the product contains no lead, but in some instances denotes the presence of lead below a defined maximum concentration. RoHS restricts ten substances, lead among them. To be compliant with the RoHS Directive, the presence of each of these substances must be reduced below their allowed maximum concentration values (MCV), or an applicable exemption taken.
Q: What are the benefits of the RoHS Directive?
A: The production of these raw materials and their eventual disposal can cause damage to both the environment in terms of pollution and to human health from occupational exposure and exposure following disposal. The elimination of these materials from use in products will reduce the environmental and health risks of exposure early in the supply chain.
Q: What is Fortinet's approach to the RoHS issues?
A: Due to concerns about the environmental and health impacts of hazardous substances used in electrical products, Fortinet completed a transition to Restriction of Hazardous Substances (RoHS) compliance. We respect the global environment and are committed to environmentally responsible products and behavior. Fortinet fully support restrictions of hazardous substances that could reach the environment when such equipment reaches its end-of-life disposal.
Q: What is Fortinet's verification standard for RoHS compliance?
A: Fortinet follows the RoHS Directive (2011/65/EU) and considers a product to be RoHS-compliant if the maximum concentration value is less than 0.1% by weight in homogeneous materials for lead, mercury, hexavalent chromium, brominated flame retardants (PBBs and PBDEs) and phthalates (DEHP, BBP, DBP, DIBP), and is up to 0.01% by weight in homogeneous materials for cadmium, or if an applicable exemption is taken as defined by the Directive.
Q: My company is based in the USA. Does the European Union RoHS legislation affect us?
A: If you place Fortinet products on the market to any European Union member country, yes, you are affected.
Q: How will Fortinet identify European Union RoHS-compliant products?
A: All EU RoHS-compliant products shipped from Fortinet have integrated into the serial number an identifier for RoHS-compliance. RoHS compliance is now a CE mark directive. Therefore, the CE mark must be placed on the shipping box and product.
Q: How does Fortinet verify the materials from its vendors and suppliers are EU RoHS compliant?
A: To ensure RoHS compliance of components and assemblies, Fortinet collect and assess RoHS compliance declarations, Material Declarations and Analytical Test Results documents from the manufacturer as specified in the EN 50581:2012 (IEC 6300:2018) “Standard for RoHS2 Technical Documentation”.
Q: What is WEEE?
A: European Union Directive 2012/19/EU covers the handling of Waste from Electrical and Electronic Equipment by the producer upon a product’s end-of-life. In the EU, the "producer" is responsible for handling the WEEE product collection and recycling. The consistent interpretation of the "producer" by EU member states has been the "importer of record" (VAT Registrant), and that party must register and make available arrangements for treatment, recovery, and recycling of electrical and electronic equipment. Legislation became effective August 13, 2005. All EEE placed on the market after that date must be WEEE marked and arrangements made available for collection after the product's end-of-life.
Q: Why is the WEEE Directive needed?
A: In Europe, at the inception of WEEE, over 90% of electrical and electronic equipment went into landfill sites - around six million tons of waste every year. Emissions of hazardous substances to the soil, ground water and air that result are a risk to both health and the environment.
Q: Are the RoHS and WEEE directives related?
A: Yes, in the sense that RoHS restricts the use of hazardous substances placed into products and WEEE deals with the end-of-life recycling of those products containing hazardous substances. WEEE Directive aims to raise levels of recycling of WEEE and encourages products be designed with dismantling and recycling in mind. A key part of this is to make importers and distributors of electrical and electronic equipment to the EU responsible for meeting the costs of the collection, treatment, and recovery of WEEE. If products are designed with this in mind, there is an opportunity to reduce these costs. The RoHS Directive fits into this by reducing the amount of hazardous substances used in products. This reduces the risks to recycling staff and means that less special handling is required, again leading to a reduction in recycling costs.
Q: Where can I find more information on RoHS and WEEE?
A: Please refer to the European Commission's Environmental webpage.