Sustainability Report 2021 18 Sustainability Report 2021 18 Recognizing that cyber-attacks long ago moved from being a matter of if to when, we maintain both a robust defense framework and the capacity for rapid detection and response. We conduct 24/7 monitoring and weekly vulnerability assessments and continuously update our mitigation practices to stay ahead of threats. Among other efforts, we: > Maintain response procedures and escalation protocols > Employ third parties for external threat monitoring, penetration testing and phishing exercises > Maintain enhanced email security controls > Provide robust training for our employees on recognizing security threats to enable compliance with applicable data security laws, regulations, industry practice and our internal policies > Partner with industry groups, government agencies and outside experts for information exchange and peer benchmarking > Engage third-party auditors to help assure the effectiveness of internal controls Our efforts extend across our supply chain via enhanced security controls embedded in the supplier onboarding process, protocols for assessing supply chain cyber-breaches and ransomware incidents, a playbook for restoring business continuity and continuous assessment and control enhancement for high-impact suppliers. To enhance customer trust, we provide virus-free certifications with all sales of Applied semiconductor systems. Applied Materials has undergone a National Institute of Standards of Technology (NIST) Cybersecurity Framework assessment and currently maintains one of the best BitSight security scores among our industry peers. We’ve also achieved ISO 27001 certification for information security at 45 of our business sites, in order to align our data security management systems and programs with global best practices. Our Chief Information Security Officer reports at least quarterly to the Board’s Audit Committee on our data and IP security programs, policies, controls, key risks and notable incidents. Applied Materials considers data security one of our top strategic priorities. In a threat landscape highlighted by massive data breaches, rising ransomware attacks, increasing availability of hacking tools and incursions by state-sponsored actors, we devote all necessary resources toward making Applied a safe data choice for our global stakeholders. Data and IP Security INTRODUCTION PURPOSE Corporate Governance Ethics & Compliance Public Policy Data & IP Security Personal Data Privacy Community Impact PEOPLE PLANET PROGRESS