|
Cybersecurity Risk Management, Strategy, and Governance
|12 Months Ended
Apr. 25, 2025
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Item 1C. Cybersecurity
Risk Management and Strategy
The Company regularly assesses risks from cybersecurity threats, monitors its information systems for potential vulnerabilities, and tests those systems pursuant to the Company’s cybersecurity policies, standards, processes and practices, which are integrated into the Company’s overall risk management system. To protect the Company’s information systems from cybersecurity threats, the Company uses various security technologies and tools that help the Company identify, escalate, investigate, manage, resolve and recover from security incidents in a timely manner. These efforts include:
•
ongoing collection of threat intelligence and environment awareness through monitoring,
•
data protection management and vulnerability monitoring through data loss prevention and exfiltration tools,
•
cybersecurity risk management processes and practices,
•
control assurance,
•
secure development of new products,
•
identity and access management,
•
incident response, auditing and monitoring, and
•
maintaining a 24x7 security operations center to allow for always available incident response.
The Company takes a risk-based approach to cybersecurity and has implemented cybersecurity policies throughout its operations that are designed to address cybersecurity threats and incidents. In particular, the Company follows an incident escalation process that is incorporated into its incident and risk management processes. In the event the Company identifies a cybersecurity incident, its senior management, consisting of the Chief Financial Officer, Chief Information Security Officer (CISO), Chief Administrative Officer, and Executive Vice President of Business Technology and Operations review the facts and circumstances involved in such cybersecurity incident, or series of related cybersecurity incidents.
The Company partners with third parties to assess the effectiveness of its cybersecurity prevention and response systems and processes, including third-party review of the Company’s Information Security Management System for ISO 27001 controls, assessment of the Company’s cloud products and managed services according to the American Institute of CPAs (AICPA) Service Organization Control (SOC) Audit Type II, and new product validation as part of the Company’s secure development lifecycle. The Company additionally engages third-party providers in support of endpoint detection and responses, data loss prevention efforts, and incident management efforts.
To date, the Company is not aware of cybersecurity threats, including as a result of any previous cybersecurity incidents, that have materially affected or are reasonably likely to materially affect the Company, including its business strategy, results of operations or financial condition. For additional discussion of cybersecurity risks and potential related impacts on the Company, refer to the risk factors in Part I, Item 1A. “Risk Factors,” including “If a material cybersecurity or other security breach impacts our services, systems, supply chain, or end-user customer systems, or if stored data is improperly accessed, our business could suffer significant harm.”
Governance
NetApp's Board of Directors oversees the Company’s risk management process, including cybersecurity risks, directly and through its committees. The Audit Committee of the Board of Directors oversees the Company’s risk management program, which focuses on the most significant risks the Company faces in the short-, intermediate-, and long-term timeframes. The Company’s CISO regularly updates each of the Board of Directors and the Audit Committee at least twice a year. Such updates include a review of cybersecurity risks affecting the Company, related metrics, and any incidents or issues that require attention from the Board of Directors.
The CISO provides leadership, strategic direction, and oversight for NetApp’s Global Security Risk and Compliance functions and security program. Global Security executives oversee management of risks and track projects progress, remediations, and any issues related to cybersecurity risks.
NetApp’s CISO is responsible for leading the assessment and management of cybersecurity risks. The current CISO has over 30 years of experience in IT and information security, including over 16 years with NetApp in roles of increasing seniority, and is a
Certified Information Security Auditor, Certified Information Security Manager with ISACA and a Certified Information Systems Security Professional with ISC2. The CISO stays informed on information security risks through regular meetings on key cybersecurity projects and KPIs. Updates are communicated to the Global Security Steering Committee, which provides quarterly reports to the Board of Directors and to the Audit Committee.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|The Company regularly assesses risks from cybersecurity threats, monitors its information systems for potential vulnerabilities, and tests those systems pursuant to the Company’s cybersecurity policies, standards, processes and practices, which are integrated into the Company’s overall risk management system.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Governance
NetApp's Board of Directors oversees the Company’s risk management process, including cybersecurity risks, directly and through its committees. The Audit Committee of the Board of Directors oversees the Company’s risk management program, which focuses on the most significant risks the Company faces in the short-, intermediate-, and long-term timeframes. The Company’s CISO regularly updates each of the Board of Directors and the Audit Committee at least twice a year. Such updates include a review of cybersecurity risks affecting the Company, related metrics, and any incidents or issues that require attention from the Board of Directors.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Audit Committee of the Board of Directors oversees the Company’s risk management program, which focuses on the most significant risks the Company faces in the short-, intermediate-, and long-term timeframes.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Board of Directors oversees the Company’s risk management process, including cybersecurity risks, directly and through its committees. The Audit Committee of the Board of Directors oversees the Company’s risk management program, which focuses on the most significant risks the Company faces in the short-, intermediate-, and long-term timeframes. The Company’s CISO regularly updates each of the Board of Directors and the Audit Committee at least twice a year. Such updates include a review of cybersecurity risks affecting the Company, related metrics, and any incidents or issues that require attention from the Board of Directors.
|Cybersecurity Risk Role of Management [Text Block]
|
The CISO provides leadership, strategic direction, and oversight for NetApp’s Global Security Risk and Compliance functions and security program. Global Security executives oversee management of risks and track projects progress, remediations, and any issues related to cybersecurity risks.
NetApp’s CISO is responsible for leading the assessment and management of cybersecurity risks. The current CISO has over 30 years of experience in IT and information security, including over 16 years with NetApp in roles of increasing seniority, and is a
Certified Information Security Auditor, Certified Information Security Manager with ISACA and a Certified Information Systems Security Professional with ISC2. The CISO stays informed on information security risks through regular meetings on key cybersecurity projects and KPIs. Updates are communicated to the Global Security Steering Committee, which provides quarterly reports to the Board of Directors and to the Audit Committee.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|The CISO provides leadership, strategic direction, and oversight for NetApp’s Global Security Risk and Compliance functions and security program.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|
NetApp’s CISO is responsible for leading the assessment and management of cybersecurity risks. The current CISO has over 30 years of experience in IT and information security, including over 16 years with NetApp in roles of increasing seniority, and is aCertified Information Security Auditor, Certified Information Security Manager with ISACA and a Certified Information Systems Security Professional with ISC2.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|The CISO stays informed on information security risks through regular meetings on key cybersecurity projects and KPIs. Updates are communicated to the Global Security Steering Committee, which provides quarterly reports to the Board of Directors and to the Audit Committee.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef