Committed to Responsible and Sustainable Operations

At Penguin Solutions, we hold ourselves to high standards of safety and ethical conduct. Our commitment to sustainability and social responsibility remains a top priority as we work to create positive change for the planet as a whole.

Our emphasis on environmental stewardship and our people-first approach inform our corporate policies and practices worldwide. We strive to minimize the negative environmental impacts of our operations and work to improve the lives of our employees and their communities.

We participate in the RBA Validated Assessment Program (VAP), which uses third-party audits of our key manufacturing locations to evaluate our performance on social, ethical, and environmental practices as well as occupational health and safety. Our consistently high scores on these audits are a testament to our continued commitment to these critical concerns.

As a proud Responsible Business Alliance (RBA) member for over a decade, we collaborate with our supply chain partners and uphold rigorous standards related to RBA’s focus on improved working conditions, environmental stewardship, and business performance.

Our ethics and compliance program exemplifies our foundational core values and our commitment to integrity across Penguin Solutions. We have compliance review boards that hold quarterly meetings to discuss compliance practices and identify potential business risks. All of our governance policies undergo a thorough annual review to ensure continued relevance, legibility, and compliance with applicable laws and regulations. Regular communications, staff meetings, and online training sessions ensure that our workforce stays informed of any changes to our governance policies.

Our Code of Business Conduct and Ethics aligns with the UN Guiding Principles on Business and Human Rights and sets out our expectations for ethical conduct and compliance with applicable laws. All employees, contractors, officers, directors, and other business partners agree to adhere to this code.

With integrity and ethical conduct at the core of our operations, we prioritize cultivating an environment where all individuals—employees, customers, suppliers, contractors, and other business partners—feel supported and at ease voicing concerns. Anyone observing instances of potential noncompliance or misconduct is encouraged to report their concerns using one of the resources we provide.

Across the globe, our Quality, Environment, Health, and Safety (QEHS) program promotes the continued health and safety of all our employees and stakeholders as well as environmental well-being. Our Vice President of QEHS leads this program, reporting to our Chief Financial Officer (CFO) and providing our CEO with key updates on a regular basis. Our CEO notifies our Board of Directors of these updates as needed.

The QEHS program is underpinned by our QEHS Policy, which outlines our operating standards for optimal health and safety conditions.

Our operations align with International Organization for Standardization (ISO) standards. All of our major manufacturing sites in the US, China, and Malaysia are certified to ISO 9001, ISO 14001, and ISO 45001 or satisfactory equivalent.

Over the course of FY 2025, we laid the groundwork for future ISO 28001 certification at the corporate level by establishing policies, procedures, and processes in alignment with the standard.

Maintaining these standards helps ensure that our health and safety, quality control, and environmental management activities embody best practice.

Our Cybersecurity and Technology Risk Management (CTRM) Committee manages our IT strategy, which ensures compliance with applicable information security and data protection laws and guides our approach to data handling, privacy protection, and risk mitigation. This committee directs our Information Security Risk Management framework, which aligns with standards set forth by Operational Sustainability Our Workplace Community Impact ISO and the National Institute of Standards and Technology (NIST).

In July 2025, we achieved SOC 1 attestation, and we achieved SOC 2 attestation in December 2025. The CTRM Committee meets regularly to discuss IT strategy and emerging concerns and keeps the Board of Directors informed by providing updates at least once each year. Recently, the committee’s responsibilities have been broadened to include oversight of our AI roadmap and initiatives.

To better anticipate and adapt to new cybersecurity challenges, we use tabletop exercises based on real-life scenarios that help us understand how to respond to incidents and carry out appropriate responses. Biannual exercises will be focused on both technical and business scenarios.