Code of Business Conduct

(2020)

1.  Introduction

Integrity is a core value at Cohesity and this Code of Business Conduct (“Code”) guides a wide range of business practices and professional behaviors to keep us within clear guardrails of ethical conduct.  This Code applies to Cohesity, Inc. and its subsidiaries and affiliates worldwide (collectively, “Cohesity” or the “Company”) and all Cohesity personnel, including employees, officers, directors, contract workers and consultants (for ease of reference hereinafter “personnel”).  This Code cannot possibly address every type of issue that may arise, but sets out basic principles and is a compass to guide our actions.  All personnel must conduct themselves accordingly and seek to always act with the utmost integrity, avoiding even the appearance of improper behavior.

Cohesity is a US-based company, with personnel and customers all over the world.  As such, this Code applies globally.  We must comply with the laws of the countries where we do business. While we respect cultural differences, if a local custom or business practice violates our Code, we must follow the Code.

The Code must always be referenced in conjunction with other applicable Cohesity policies, such as our Employee Handbooks, data protection and privacy policies, and the Global Travel and Expense Policy, for example.

We all need to show our commitment to act with integrity by acknowledging that we’ve read, understand, and agree to abide by the letter and spirit of the Code. Employees are required to do this when they are hired and to renew this commitment regularly.  Each day you work at Cohesity you must follow this Code. Employees with specific roles and responsibilities may also be required to complete additional certifications, disclosures, and trainings.

Violations of the Code may result in disciplinary action, up to and including immediate termination of employment.  Non-employee personnel may likewise be subject to termination of their contract or business relationship with Cohesity for violating the Code.  If any Cohesity personnel violate the law, Cohesity may contact law enforcement authorities as appropriate.

If you are in a situation that you believe may violate or lead to a violation of the Code, inform and consult your manager or Human Resources.

Additionally, Cohesity has a hotline available  to its workforce through EthicsPoint for reporting ethics and compliance concerns or suspected violations of the Code or the law.  All reports to the hotline are fielded by an independent third-party vendor who will in turn forward details to Cohesity’s Legal team.

 

2. Purpose

The Code seeks to guide ethical business dealings, promote conduct that is consistent with our core value of integrity, and to deter wrongdoing.  This includes:

  • Honest and ethical conduct in everything we do;
  • Compliance with applicable laws, rules and regulations;
  • Avoiding actual or apparent conflicts of interest;
  • Fair competition and dealing;
  • Responsible business entertainment and gifts;
  • Compliance with Anti-bribery, anti-corruption, and anti-money laundering practices;
  • Full, fair, and accurate regulatory filings and public disclosures;
  • Accuracy in bookkeeping and business records;
  • Respect in the workplace and maintaining a healthy work environment;
  • Prevention of theft and fraud;
  • Responsible use and safeguarding of Cohesity assets and confidential information;
  • Prompt internal reporting of violations of the Code; and
  • Our staunch policy against retaliation.

3.         Compliance with the Code

All actions taken on behalf of or in connection with Cohesity should be guided by the Code, so it’s important that all Cohesity personnel know the Code well and refer to it often. It’s our guidebook for how we conduct our business.  A few over-arching tenets to always keep in mind:

  • Always use good judgment and common sense. If something seems unethical or improper, it probably is.
  •  Avoid even the appearance of improper behavior or conduct that could be perceived as unethical.  We don’t ever want a third-party (such as a customer or investor) to even perceive behavior that might be regarded as improper.
  •  When in doubt, ask for guidance.  Your manager, Human Resources, and Legal are always available resources for you.
  • If you see something amiss, speak up. We all have a duty to promptly raise ethics and compliance concerns and count on one another to report any activity that may violate the Code.

As already mentioned, we cannot possibly anticipate every situation that could arise and address it in the Code, but here are guiding questions to help.  In all your professional conduct always consider your actions and ask yourself:

  • Is it legal?
  • Could it appear unethical or raise questions regarding ethics?
  • Is it consistent with our core value of integrity?
  • Is it consistent with this Code?
  • Could this adversely affect Company stakeholders?
  • Will it reflect well on me and Cohesity?

Another good litmus test is to consider whether you would be embarrassed or Cohesity’s reputation would be damaged if this made headline news.

4. Compliance With Applicable Laws, Rules and Regulations

Obeying the law is the foundation on which Cohesity’s ethical standards are built.  All Cohesity personnel must comply with applicable laws, rules and regulations.  Although you are not expected to know the details of these laws, it is important to know enough to determine when to seek advice from managers or other appropriate personnel.

 5. Conflicts of Interest

All Cohesity personnel are expected to use good judgment to act in the best interest of Cohesity at all times.  As such, Cohesity personnel must avoid actual or potential conflicts of interest.  A conflict of interest exists when a person’s private interests – meaning activities, relationships, or financial interests – interfere with or are adverse in any way, in fact or potentially, with the interests of Cohesity.

Conflicts of interest are prohibited, unless the conflict is fully disclosed and an exception is approved by Cohesity’s Chief Executive Officer, Chief Financial Officer, Senior Vice President of Finance, Chief People Officer, or Board of Directors of Cohesity (the “Board”), depending on the circumstances.  Examples of when a conflict of interest may arise include, but are not limited to:

  • Taking actions or having interests that may make it difficult for you to perform your responsibilities to Cohesity objectively and effectively.
  • Having an undisclosed business relationship with or significant financial interest in a customer, competitor, supplier, reseller, or other business partner of Cohesity.
  • When a director, officer or employee conducts Cohesity business with a relative or significant other, or with a business with which a relative or significant other is associated in any significant role.
  • Outside employment that may in any way obstruct an employee’s obligations to Cohesity.  Employees may not work for a customer, competitor, supplier, reseller, or other business partner while employed by Cohesity or use Cohesity time, facilities or materials for outside employment.
  • Where personnel, their families, or close associates receive improper personal benefits as a result of an individual’s position with Cohesity.
  • The employment of any person having a close personal relationship with a Cohesity employee that would result in the individuals having positions or assignments within the same department or that have financial dependence or influence.
  • Serving as a director of any company that competes with Cohesity.

Conflicts of interest may not always be clear-cut, so if you have a question, you should consult with higher levels of management, Human Resources, or the Legal Department.

To disclose and request approval for a conflict of interest, please send an email describing the activity and the potential impact to Cohesity to Cohesity’s Legal team.

6. Fair Competition and Dealing

Cohesity seeks to outperform its competition fairly and honestly.  Using or disclosing, or encouraging others to use or disclose, other companies’ proprietary, confidential or trade secret information without the owner’s prior consent or any theft or misappropriation of such information is strictly prohibited.  You should endeavor to respect the rights of and deal fairly with Cohesity’s customers, suppliers, competitors and employees.

7. Business Entertainment and Gifts

The purpose of business entertainment and gifts in a commercial setting is to promote goodwill and sound working relationships.  When gifts or entertainment are extravagant or frequent, however, they can compromise your objectivity or create the appearance of impropriety. All business gifts and entertainment must be infrequent and appropriate for the business relationship, local customs and law.  No gift or entertainment should ever be offered, given, provided or accepted by you unless it:

  • is not a cash gift (including gift cards, unless pursuant to a Company-sanctioned program or marketing event),
  • is consistent with customary business practices,
  • is not “excessive in value” (see below for further guidance),
  • cannot be construed as a bribe or payoff, and
  • does not violate any laws or regulations.

The factors above are understandably complex and can be difficult to navigate because circumstances are not always black and white.  Above all, always exercise your best judgement.  Here are some guidelines to help you:

  • Gifts valued at more than $250 are not allowed. Exceptions to this may be made only in rare circumstances if reviewed and approved by the executive staff member (eStaff) for your business group or the Chief Financial Officer or Senior Vice President of Finance.
  • Gifts valued above $100 should receive extra scrutiny. Prior to giving or receiving a gift valued over $100, notify and consult with your manager.
  • Entertainment or business meals should not exceed $250 per head in value. Entertainment (sporting and cultural events or concerts, for example) and business meals are permitted in moderation.  In the rare instance an event or business meal may exceed the $250 limit, it should be approved in advance by the executive staff member (eStaff) for your business group, the Chief Financial Officer, or the Senior Vice President of Finance.
  • Gifts and entertainment should be infrequent on an individual basis, meaning that no individual should be given multiple gifts and/or entertainment/meals over the course of a reasonable period of time (e.g., over the course of a fiscal year).
  • Giving business gratuities to government officials is strictly prohibited. In line with the section below on anti-bribery and anti-corruption, giving anything of value – whether in the form of a meal, entertainment, or gift – to any government official or personnel of enterprises that are owned (in whole or in part) by a foreign government is not permitted.
  • Avoid gifts that could be offensive. Do not give anything that could be regarded as insensitive to others. Examples include gifts that have sexual undertones, are political in nature, or “gag gifts” that are intended as a joke about age, race, nationality, gender or other attribute.
  • When in doubt, ask. In any non-obvious situation, you should make certain that another Cohesity employee is aware of your determination (e.g., your manager, or a senior member of Finance, Human Resources, or Legal).

Violations of this policy regarding business entertainment and gifts may result in disciplinary action, up to and including the termination of employment, as well as no reimbursement for the expenditure at issue.

8. Compliance with Anti-Bribery and Anti-Corruption; Anti-Money Laundering Practices

Anti-Bribery and Anti-Corruption

Even if bribery and corruption are a common way of doing business in a particular country or region, that is not Cohesity’s way of doing business, under any circumstances. All Cohesity personnel must take extra precautions when dealing with foreign or U.S. government officials, including employees of enterprises that are owned (in whole or in part) by foreign governments.  Bribery comes in many forms and does not only mean the payment of money.

The U.S. Foreign Corrupt Practices Act prohibits giving anything of value, directly or indirectly, to officials of foreign governments or foreign political candidates in order to obtain or retain business.  It is strictly prohibited to make illegal payments to government officials of any country.

In addition, the U.S. government has a number of laws and regulations regarding business gratuities that may be accepted by U.S. government personnel.  The promise, offer or delivery to an official or employee of the U.S. government of a gift, favor or other gratuity in violation of these rules would not only violate Cohesity policy, but could also be a criminal offense.  State and local governments, as well as foreign governments, may have similar rules.

Anti-Money Laundering

Cohesity shall, at all times, abide by all applicable anti-money laundering laws, rules, and regulations in all jurisdictions in which it operates. Cohesity requires that its customers, vendors, and business partners to do the same.

Money laundering is the process by which a person or entity conceals the existence, nature or source of the proceeds of illegal activity (“Criminal Funds”) and disguises them to appear legitimate and avoid government detection.  Some examples of money laundering:

  • engaging in a financial transaction involving Criminal Funds in order to conceal the nature, source, or ownership thereof;
  • engaging in a financial transaction involving Criminal Funds in order to promote further offenses;
  • transporting Criminal Funds into, out of, or through the United States;
  • engaging in a financial transaction involving Criminal Funds in order to evade taxes on the income produced by the illicit activity;
  • structuring financial transactions in order to evade reporting requirements;
  • smuggling unreported cash across a U.S. border; or
  • failing to comply with the Department of the Treasury’s anti-money laundering provisions.

All Cohesity personnel should flag any activities that may indicate possible money laundering or otherwise illegal activities.  Examples of potentially suspicious activities include, but are not limited to:

  • Payment in a currency other than that specified in the contract.
  • Payment to countries with no relation to the contract.
  • Payment in cash.
  • Payment to others who are not part of the agreement.
  • Any other odd or uncommon payment requests

9. Regulatory Filings and Public Disclosures

The federal securities laws require Cohesity to disclose certain information.  In addition, from time to time, Cohesity may make other public communications, such as issuing press releases.  Cohesity expects all personnel who are involved in the preparation of public documents to ensure that the information disclosed in those documents is full, fair, accurate, timely and understandable.

In the event you reasonably believe that questionable accounting or auditing practices in relation to any regulatory filing or public disclosure have possibly occurred or are occurring, you should report your concerns to Cohesity’s Chief Executive Officer, Chief Financial Officer or Senior Vice President of Finance.

10. Business Records

All Cohesity’s books, records, accounts and financial statements must be maintained in reasonable detail, appropriately reflect Cohesity’s transactions, and conform both to applicable legal requirements and to Cohesity’s system of internal controls.  Unrecorded or “off the books” funds or assets should not be maintained unless permitted by applicable law or regulation.

In addition, when submitting business-related expenses for reimbursement, expense claims must be substantiated and recorded accurately in accordance with the Company’s policies.  It is a clear violation of the Code to submit personal expenses with no business purpose or to inflate or claim business expenses not actually incurred.  If you are not sure whether you may seek reimbursement for a certain expense, refer to Cohesity’s Global Travel and Expense Policy or consult with Cohesity’s Finance Department.

11. Respect in the Workplace and a Healthy Work Environment

The diversity of Cohesity personnel is a tremendous asset and respect is prominent in our core values.  Cohesity is firmly committed to providing equal opportunity in all aspects of employment and will not tolerate any illegal discrimination, harassment or retaliation of any kind.  Examples of such behavior include derogatory comments based on racial or ethnic characteristics and unwelcome sexual advances.  Please consult the Company’s Employee Handbook for more information on the Company’s policies against such conduct.

 Cohesity also strives to provide its employees with a safe and healthy work environment.  You are responsible for helping to maintain a safe and healthy workplace for all employees by following safety and health rules and reporting accidents, injuries and unsafe equipment, practices or conditions. Violence and threatening behavior are not permitted.  Employees should report to work in condition to perform their duties, free from the influence of illegal drugs or alcohol.  The abuse of alcohol or illegal drugs in the workplace will not be tolerated.

12. Prevention of Theft and Fraud

Theft and fraud are crimes and will not be tolerated. Theft is taking something that doesn’t belong to you without permission. It can include physically taking something like money or property, or it can be done through other means like forgery, embezzlement, and fraud. Fraud is a type of theft by deception. It involves making someone believe something that isn’t true, with the purpose of having that person act in a certain way.

When personnel steal or commit fraud, it damages our reputation and brand and hurts us in other ways. We are all responsible for helping to safeguard Cohesity’s assets and reputation by watching for any kind of fraudulent activities against Cohesity, our personnel, customers, shareholders, business partners, or other stakeholders. You should report any suspicious activity immediately.

13. Safeguarding Cohesity Assets and Confidential Information

To perform your job, you will be given access to many Cohesity assets, including physical assets, such as our facilities, equipment, and technology resources. These also include intangible assets, such as our information, intellectual property (patents, copyrights, trademarks, and trade secrets), brands, and reputation. All of us are responsible for protecting these assets from damage, loss, misuse, unauthorized disclosure, and security threats.

Cohesity assets should be used primarily for Cohesity business. Some personal use is acceptable if it does not interfere with your job responsibilities or otherwise violate this Code or any other Cohesity policy. All Cohesity assets are the property of Cohesity and, to the extent permitted by law, the Company may deploy monitoring systems to protect the security, confidentiality, and privacy of data, infrastructure, systems, and personnel and to prevent the misappropriation of intellectual property and confidential information.

Confidential information includes any information that is not authorized for release to the public, such as product development and business plans, algorithms, interfaces, product architecture, source code, object code, financial data, customer lists, pricing strategies, marketing plans, organizational charts, and personal data.

Confidential information is one of Cohesity’s most valuable assets and handling it is one of our greatest collective responsibilities. You should assume that any information that has not been specifically authorized for public release is confidential information, whether owned by Cohesity or entrusted to Cohesity by a third party (such as a customer, vendor, or employee).  We may use confidential information only as authorized and we cannot share it with anyone who is not authorized to see it. Some confidential information is so confidential that we may share it only with the Cohesity personnel who need to know about it.

There are many reasons for protecting confidential information, including maintaining our competitive lead, keeping a customer’s trust, and protecting personal privacy. It is therefore often illegal to misuse confidential information. Moreover, your obligation to protect confidential information continues even after your employment or contract with the Company ends.

14. Corporate Opportunities

You are prohibited from taking for yourself opportunities that are discovered through the use of corporate property, information or position without the informed prior consent of the Board.  You may not use corporate property or information obtained through your position with Cohesity for improper personal gain, and you may not compete with Cohesity directly or indirectly.  Furthermore, you owe a duty to Cohesity to advance its legitimate interests when such an opportunity arises.

15. Quarterly Sales Certifications

Individuals who are involved in sales transactions are required to provide quarterly certifications to reinforce Cohesity’s expectations regarding business conduct and sales practices and to ensure all transacted business meets the standards of the Code and other relevant Cohesity policies.

16.  Training

It is your responsibility to complete all training that Cohesity makes available to you related to this Code of Conduct. Training is not optional.

17.  Waivers of the Code

Waivers of the Code may only be granted by Cohesity’s Chief Executive Officer, Chief Financial Officer, or Senior Vice President of Finance; provided, however, that any waiver of the Code for executive officers or directors may be granted only by the Board or a Board committee. Any such waiver of the Code for executive officers or directors, and the reasons for such waiver, will be disclosed as required by law.

18. Reporting Violations of the Code

You are encouraged to talk to managers or other appropriate personnel about suspected unethical or illegal behavior, or when in doubt about the best course of action in a particular situation.

You may also submit a good-faith concern by calling or emailing Cohesity’s General Counsel or Chief People Officer.  In addition, starting July 1, 2020, a hotline will be available for reporting ethics and compliance concerns or suspected violations of the Code or the law.  All reports to the hotline are fielded by an independent third-party vendor who will in turn forward details to Cohesity’s Legal team for investigation and follow-up.  You may submit a report online or by telephone and have the option to remain completely anonymous, unless prohibited by local law in the country where you are located.  Please be mindful, however, that it may be more difficult, or even impossible, for anonymous reports to be thoroughly investigated. We therefore encourage reporters to disclose their identity.

We take any report very seriously. We will investigate suspected violations, decide whether the Code, other Cohesity policy, or the law has been violated, and take appropriate action. If there is a Code or policy investigation that requires your participation, you are expected to cooperate and answer all questions completely and honestly.

It is a violation of the Code to knowingly make a false accusation, lie to investigators, or interfere or refuse to cooperate with an investigation. Honest reporting does not necessarily mean that you must be right, but you have the good-faith belief that the information you give is accurate.

19. Policy Against Retaliation

You may report ethical violations in confidence and without fear of retaliation.  If your situation requires that your identity be kept secret, your anonymity will be protected to the greatest extent possible.  Any retaliation against anyone who raises an issue honestly is a violation of the Code. Raising a concern honestly or participating in an investigation cannot and will not be the basis for any adverse employment action including, but not limited to, separation, demotion, threat, harassment, or discrimination.