● To demonstrate our commitment to a low-carbon economy and to embrace a 1.5˚C future, we have publicly committed to numerous climate-related commitments all in line with the shared goal of a just transition to a 1.5˚C future. See the Metrics & Targets section for a summary of our key climate-related goals. Global leadership and collaboration ● To deliver unprecedented, timely environmental action, we seek to achieve new levels of collaboration among businesses, NGOs, governments and other institutions on a global scale, which is why we participate in a variety of environmental coalitions and working groups. Increased frequency and severity of extreme weather events including tropical cyclones Acute and (hurricanes and typhoons), flooding, wildfire, drought and heatwaves can affect the physical safety chronic and security of our employees, our infrastructure for the delivery of our services, ancillary aspects physical risk of data centers (e.g., electricity grid, data network), or our employees’ ability to perform critical business processes. In addition, our operational costs may increase as a result of shifts in climate (short term to patterns, such as vulnerabilities associated with future water scarcity due to climate change in our long term) operating environments. Employee Global Operations (“GO”) Center and Global Safety and Security (“GS&S”) team ● The GS&S Risk Management team is responsible for identifying, assessing, mitigating, communicating and monitoring risks that could negatively impact our employees, brand, business operations and property. All identified GS&S risks are formally assessed and analyzed in terms of likelihood and impact, mitigated with the appropriate response strategy, communicated to support risk-based decision making and monitored over time to identify trends semi-annually. The assessment process is fully aligned to ERM’s inherent and residual risk scales. In addition, the GS&S Risk Management Program is continually evolving, and the GS&S team updates their analyses as the company scales, acquires other companies and expands our global footprint. ● With respect to climate, two of the risks identified on the GS&S Risk Register that could be triggered by natural disasters are: Safety Incidents in the Work Environment and Business Continuity. In the GS&S semi-annual risk assessment workshops, the scope of the risk is updated, the likelihood and impact of the drivers are assessed, the drivers are mapped to controls, the controls are assessed based on operational effectiveness, additional mitigations are identified and then mapped to controls and the overall consequences of the risk are identified in the context of our business model. Infrastructure resiliency ● We have a comprehensive data-redundancy and infrastructure-resiliency plan. This allows us to manage customer information and data flows with redundancy in a way that minimizes disruption to operations and the customer experience even when a data center is disrupted. Given that these arrangements already require near-live duplication of all data, no additional direct cost is incurred during data center disruptions. In addition, our IT infrastructure is decentralized, reducing our direct financial risks. A severe weather event would therefore need to impact multiple data centers at once to potentially lead to a material financial impact. 18 | Salesforce TCFD Report