Governance

Committed to Responsible and Sustainable Operations

ESG Management

Our approach to governance incorporates attention to ESG across every aspect of the company in order to better serve the interests of our businesses, our employees, our shareholders, our partners, and the world around us.

Two committees head up ESG management at Penguin:

Our ESG Steering Committee tracks ESG performance, champions our ESG initiatives, and ensures that ESG is supported at the highest levels of the company.
Our Nominating and Corporate Governance Committee (NCGC) is responsible for overseeing our corporate ESG strategy, reviewing our annual ESG goals, addressing ESG matters, and providing updates to the full board as necessary.

Responsible Business Alliance Membership

We are proud members of the Responsible Business Alliance (RBA), the world’s leading industry coalition committed to corporate social responsibility across global supply chains. As an RBA member for over ten years, Penguin supports the organization’s mission to improve working conditions, environmental considerations, and business performance by upholding rigorous standards and collaborating with our supply chain partners.

We participate in the RBA Validated Assessment Program (VAP), which uses third-party audits to assess performance on social, ethical, occupational health and safety, and environmental practices at our key manufacturing locations. Our Penang site received platinum-level recognition for its 2023 VAP audit score; in January 2024, Penguin Computing also received a platinum-level score in the VAP.

Ethics and Compliance

Our ethics and compliance program is anchored in our core values and reflects our unwavering dedication to integrity across all of our business lines. Each year, we conduct a thorough review of all Penguin Solutions policies to ensure that they are relevant, coherent, and fully compliant with applicable laws and regulations.

Our Code of Business Conduct and Ethics details our requirements for ethical conduct and compliance with applicable laws. Informed by the UN Guiding Principles on Business and Human Rights, it sets out our expectations for all of our employees, contractors, officers, directors, and other business partners.

Our Whistleblower Policy outlines our commitment to ethical conduct and establishes a procedure for reporting concerns. We strive to provide an environment where employees, customers, suppliers, contractors, and other business partners feel comfortable voicing concerns, particularly with regard to potential non-compliance or wrongdoings within the company. We encourage individuals to report instances of non-compliance online via ethicspoint.com or through our 24/7 toll-free whistleblower hotline, both of which can be accessed anywhere that Penguin or one of its subsidiaries has a physical presence.

Quality Management Program

We demonstrate our commitment to the safety and well-being of our employees, our other stakeholders, and the environment through our Quality, Environment, Health, and Safety (QEHS) program. Our QEHS Policy presents our operating standards for optimal workplace health and safety, which we implement at each of our global sites.

Our quality management systems align with standards set by the International Organization for Standardization (ISO). We hold ISO 9001, ISO 14001, and ISO 45001 certifications across all our sites, which helps ensure consistent application of best practices in quality control, environmental management, and health and safety.

Data Privacy, Security, and IP Protection

Our customers and partners rely on us to protect their data and intellectual property and we take this responsibility seriously. In our rapidly evolving digital world, ensuring the security of our systems and networks is more important than ever.

Our Cybersecurity Risk Management Committee develops our Information Security Risk Management framework and oversees our IT strategy, which governs our policies and procedures for data collection and management, privacy protection, risk mitigation, compliance with applicable information security and data protection laws, and maintenance of business operations resilience and security.

We are always working to strengthen our IT strategy. In 2023, we doubled the size of our cybersecurity team, bringing on new perspectives and valuable expertise. We have also improved our mean response times, lowered our vulnerability risk, and strengthened our incident response plan so that we can better address threats in real-time.