Exhibit 1.02 to Form SD
SYMANTEC CORPORATION
CONFLICT MINERALS REPORT
FOR THE REPORTING PERIOD JANUARY 1 TO DECEMBER 31, 2013
On August 22, 2012, the Securities and Exchange Commission (the “SEC”) adopted a final rule (the “Conflict Minerals Rules”) regarding disclosure of the use of certain minerals and their derivatives (“Conflict Minerals”) originating in the Democratic Republic of the Congo and adjoining countries (“Covered Countries”) that are being exploited and traded to finance extreme levels of violence in that geographic area to the extent that such Conflict Minerals are necessary to the functionality or production of a product manufactured or contracted for manufacture. The SEC’s adoption of Conflict Minerals rules is mandated by Section 1502 of the Dodd-Frank Wall Street Reform and Consumer Protection Act, and the rules establish significant due diligence and reporting requirements for publicly traded companies.
| I. | Company Overview |
Symantec Corporation (herein referred to, alternatively, as “Symantec,” “the Company,” “we” and “our”) protects the world’s information and is a global leader in security, backup and availability solutions. Our market leading products and services protect people and information in any environment – from the smallest mobile device, to the enterprise data center, to cloud-based systems. Founded in April 1982, Symantec operates one of the largest global threat-intelligence networks, and provides leading security, backup and availability solutions. The company has more than 20,000 employees in more than 50 countries. Our Internet home page is www.symantec.com. Other than the information expressly set forth in this report, the information contained or referred to on our website is not part of this report.
| II. | Products Overview |
Symantec is a global leader in providing security, storage and systems management solutions to help our customers – from consumers and small businesses to the largest global organizations – secure and manage their information against more risks at more points. Our company’s unique focus is to eliminate risks to information, technology and processes independent of the device, platform, interaction or location. Symantec product overviews can be found athttp://www.symantec.com/products-solutions/
All tier one suppliers of physical products that Symantec contracts to manufacture are considered “in-scope suppliers.” These suppliers manufacture products in the following categories: (i) appliances and (ii) tokens.
| III. | Supply Chain Overview |
All of Symantec’s product manufacturing is outsourced to Subcontract Manufacturing and Logistic Partners. Our in-scope suppliers are located in North America, South America, EMEA, Russia and Asia. In 2013, Symantec sourced from 16 in-scope suppliers.
| IV. | Conflict Minerals Analysis and Reasonable Country of Origin Inquiry |
Based upon a review of our product categories and our reasonable country of origin inquiry (“RCOI”), we have concluded that:
| • | products in both of our product categories contain Conflict Minerals that are necessary to the production or functionality of such products; and |
| • | we are unable to determine whether the Conflict Minerals present in our products originate in the Covered Countries. |
We are therefore required by the Conflict Minerals Rules to file with the SEC a Form SD and a Conflict Minerals Report as an exhibit thereto.
| V. | Description of Due Diligence |
Symantec’s due diligence conforms to the OECD Due Diligence Guidance for Responsible Supply Chains of Minerals from Conflict-Affected and High-Risk Areas (Second Edition).
Step #1: Establish Strong Company Management Systems
| • | Symantec has established a policy on Conflict Minerals (the “Policy”). The Policy can be viewed at:http://www.symantec.com/corporate_responsibility/topic.jsp?id=human_rights_responsible_sourcing . In 2013, the Policy was communicated to relevant personnel, and it is available to all Symantec employees via Symantec’s website. |
| • | Symantec has established a Conflict Minerals Team (the “Team”) that is responsible for Conflict Minerals due diligence, governance and reporting. The Team consists of representatives from Finance, Legal and Supply Chain, all of whom have experience and expertise with respect to the requirements of the Conflict Minerals Rules, and is supported by external consultants. Oversight of Symantec’s Conflict Minerals due diligence, governance and reporting is exercised by the Company’s Disclosure Committee and the Audit Committee of the Board of Directors. The Team is supported by a member of Symantec’s Senior Management Team. |
| • | To make training regarding Conflict Minerals compliance available to suppliers, Symantec refers suppliers the Conflict-Free Sourcing Initiative’s (“CFSI”) website atwww.conflictfreesourcing.org, which website contains Conflict Minerals training materials and resources for suppliers. |
| • | In 2014, Symantec will incorporate a provision requiring compliance with the Conflict Minerals Rules and the Policy into its new supplier agreements, and such provision will be included in existing supplier agreements upon renewal of such agreements. |
| • | Pursuant to the Policy, concerned parties may contact Symantec regarding complaints related to Conflict Minerals compliance by using Symantec’s Ethics LineSymantec’s EthicsLine or by sending an e-mail to the Office of Ethics and Compliance atethicsandcompliance@symantec.com. Suppliers may also contact their Supply Chain representative. |
| • | All documentation and records, including all material communications with suppliers, are retained electronically for a period of five (5) years. |
2
Step #2: Identify and Assess Risk in the Supply Chain
| • | Symantec has established a Conflict Minerals Compliance Program (the “Program”) which outlines the process for supplier due diligence and engagement. |
| • | The Program includes the identification of the suppliers that provide inputs to Symantec’s products that may contain Conflict Minerals. This analysis is performed on an annual basis as well as through the ongoing supplier approval and onboarding process, with data pulled from the global supplier database. |
| • | The Global Supply Chain Compliance Team works with Legal and Finance to determine the enterprise reporting entity for compliance purposes. This includes the determination of whether any of Symantec’s subsidiaries, joint ventures, or acquired companies are in scope or out of scope for the respective reporting year pursuant to the Conflict Minerals Rules. |
| • | For out-of-scope entities, if the entity supplies Symantec in-scope entities with products Symantec contracts to manufacture, then the entity will be considered a supplier and will be surveyed as part of the RCOI process. |
| • | The EICC/GeSI Conflict Minerals Reporting Template (the “Survey”) is emailed by the global Supply Chain Compliance Team to all in-scope suppliers along with an introductory email. |
| • | On a biannual basis, any new subsidiaries and joint ventures will be evaluated for inclusion as an in-scope entity for the purposes of compliance with the Conflict Minerals Rules. |
| • | For acquisitions, due diligence is conducted to determine whether the newly acquired organization will be subject to the Conflict Minerals Rules. |
Step #3: Design and Implement a Strategy to Respond to Identified Risks
| • | Symantec has designed a Due Diligence Decision Tree that sets forth steps to be taken to mitigate risk based on a supplier’s Survey responses. Suppliers are ranked for risk, ranging from Low to High, based upon red flags and issues raised by suppliers’ Survey responses (the “Risk Levels”). |
| • | All Suppliers regardless of risk level in 2013 were contacted via email with follow up questions and/or requests. |
| • | For suppliers in the Medium to High risk categories in 2014, Symantec will deploy the following escalation procedure: |
| • | Escalation 1: An email communication informing the supplier of their Risk Level. This communication will outline follow up requests using the Due Diligence Decision Tree process. |
| • | Escalation 2: A follow up conference call with the supplier to discuss the risk and agree on an action plan regarding the follow up requests. |
| • | The Risk Levels will be made available to the Symantec Global Supply Chain Team & Procurement Team to be used in sourcing decisions and negotiations. |
3
Step #4: Carry Out Independent Third-Party Audit of Supply Chain Due Diligence at Identified Points in the Supply Chain
Similar to other downstream companies, we do not have a direct relationship with the smelters and refiners that process the Conflict Minerals that are present in our products; therefore, we rely on the CFSI to conduct third-party audits of smelters and refineries.
Step #5: Report on Supply Chain Due Diligence
As required by the Conflict Minerals Rules, we have filed a Form SD and a Conflict Minerals Report as an exhibit thereto for the 2013 calendar year reporting period. The Form SD and Conflict Minerals Report are also available on our website at http://investor.symantec.com/investor-relations/sec-filings.
| VI. | Supplier Survey Responses and Smelter and Refinery Information |
Our Conflict Minerals due diligence yielded the following results:
| • | 100% of in-scope suppliers responded using the Survey. |
| • | 44% of in-scope providers provide products that do not contain Conflict Minerals. |
| • | 56% of in-scope suppliers provide products that contain one or more Conflict Minerals. |
| • | 56% of in-scope suppliers who provide products that contain Conflict Minerals are still in the process of investigating the source of such Conflict Minerals. |
| • | 25% of in-scope suppliers require their suppliers to source from smelters validated as compliant with the CFSI Conflict-Free Smelter Program assessments protocols using the CFSI compliant smelter list. A further 12% of in-scope suppliers state that they plan to do this for the 2014 calendar year reporting period. |
| • | 62% of in-scope suppliers have a Conflict Minerals policy in place, and 20% of such in-scope suppliers have made their policy available to the public. |
With respect to smelters and refineries not certified by the CFSI Conflict-Free Smelter Program, although we were not able to determine the mines of origin of the Conflict Minerals sourced from such smelters and refineries, we were able to determine their country locations. Attached asAddendum A to this Conflict Minerals Report is a list of such country locations, grouped according to the specific Conflict Mineral processed by such smelters and refineries.
Symantec’s efforts to determine the mine or location of origin with the greatest possible specificity consists of the due diligence measures described in Section V.
4
Addendum A
METAL | COUNTRY | |
| GOLD | Australia Belgium Brazil Canada Chile China Germany Hong Kong India Indonesia Italy Japan Kazakhstan Republic of Korea Kyrgyzstan Mexico Netherlands Peru Philippines Russian Federation Saudi Arabia South Africa Spain Sweden Switzerland Taiwan Turkey United Kingdom United States Uzbekistan | |
| TANTALUM | Austria Brazil China Ethiopia Germany India Japan Kazakhstan Russian Federation South Africa United Kingdom United States | |
5
| TIN | Argentina Australia Belgium Bolivia Brazil Canada China Czech Republic France Germany Indonesia Japan Republic of Korea Malaysia Netherlands Peru Philippines Poland Russian Federation Singapore Switzerland Taiwan Thailand United Kingdom United States Uzbekistan | |
| TUNGSTEN | American Samoa Austria Canada China Germany Japan Republic of Korea Luxembourg Russian Federation Sweden Taiwan United States Vietnam | |
6
