ESG

Our Commitment to Sustainability

Sumo Logic is a pioneer in continuous intelligence, a new category of software enabling organizations of all sizes to address the greatest data challenges and opportunities presented by digital transformation and cloud computing. Our vision is to democratize machine data and we believe we can achieve this by focusing on our core values of putting our customers first, fostering a strong learning culture, valuing relationships and team success, operating openly and honestly, and working with heart.

We recognize that our commitment to managing environmental, social, and governance (ESG) risks and opportunities is essential to long-term value creation for our stockholders, employees, customers, communities, and other stakeholders. Our approach to ESG is anchored in our mission to democratize machine data and empower organizations with the critical data and insights required to address technology and collaboration challenges with prescriptive action in real time — a modern business imperative. Both our management team and our Board of Directors believe that our environmental stewardship, social responsibility, and corporate governance practices are foundational to our operational success, growth strategy, and financial priorities.

Our strategic priorities for ESG align with the Sustainability Standards Accounting Board (SASB) for the Software and IT Services industry. We strive for continuous improvement in ESG as we grow and expand our global reach.

Governance

Our Board is responsible for promoting our strong culture of corporate citizenship and adherence to business standards guided by our Code of Business Conduct and Ethics. Our Corporate Governance and Nominating Committee has oversight of our ESG practices, as outlined in their committee charter. Other board committees also play a role in ESG, with responsibilities across areas such as cybersecurity, human capital management, and corporate risk assessment and management. In addition, members of our management team and subject matter experts across our company are responsible for the implementation of our ESG strategy, initiatives, and communications.

We believe the composition of our Board, including the diversity of experiences, knowledge, and viewpoints of our directors, is critical to our success. To learn more about board diversity and our leadership’s oversight of ESG, please see our 2021 Proxy Statement.

Responsible Business Practices

Honest and ethical conduct is critical to our business. Our success depends on the trust we foster with our employees, with our customers and partners, and with our community by acting with integrity and in accordance with applicable laws. We expect every employee, officer, director, and consultant to not only read and understand our Code of Business Conduct and Ethics, but to also apply good judgment and the highest personal ethical standards in making business decisions.

We encourage employees to raise concerns and be alert to possible violations and report them without fear of retaliation. The Sumo Logic Compliance Hotline, hosted by an independent third-party provider, allows employees or other stakeholders to report any questions, concerns, or suspected violations.

Intellectual Property and Competitive Behavior

The markets in which we compete are competitive and characterized by rapid changes in technology, customer requirements, and industry standards, and frequent introductions of improvements to existing service offerings. Our competitors and potential competitors include providers of tools such as analytics, enterprise and open source search, SIEM, monitoring, and other software offerings. Our success depends in part upon our ability to safeguard our core technology and other intellectual property protection for our technology, inventions, improvements, proprietary rights, and other assets. We seek to accomplish that objective by establishing intellectual property rights in and protecting those assets. More information can be found in our annual report on Form 10-K.

Risk Management and Business Continuity

Our platform is built on a multi-tenant cloud architecture, hosted on Amazon Web Services (AWS) using intelligent resource management, auto scaling, and partitioning logic to manage our compute and storage footprint so that we can deliver resiliency and optimal performance while maintaining efficiency. Our platform runs across multiple regions and within each region across multiple AWS data centers. Our microservices are distributed to avoid single-points-of-failure and to ensure fault-tolerance even in the case of full physical data center outage.

We have enhanced our disaster readiness by establishing a site reliability team that continuously tests the health of our IT environment, monitors security protocols, and addresses any system outages for immediate and complete restoration. Our contingency plans are certified through third-party audits and tested annually.

Vendor Management

We take a risk-based approach to assessing vendor risk. Our procurement team relies on a risk engagement matrix to assess potential vendor relationships in accordance with how critical they are to our operations. We have a security team in place to analyze at risk software-as-a-service (SaaS) vendors that have a direct impact on the integrity and reliability of our technical infrastructure. The review incorporates the confidentiality, integrity, and availability system attributes of our SaaS vendors and enforces the standards that are critical to our operations. We review our risk assessments of our critical vendors annually. Our vendors are our partners and we work with them to deliver the best possible platform and service to our customers.

Social Responsibility

At Sumo, we recognize and take seriously our responsibility to help protect, preserve, and promote human rights around the world. For us, this means creating technology to address our customer’s greatest challenges, ensuring privacy and security for our partners and users, and finding opportunities to amplify our social impact in the community’s where we live and work.

Data Security and Customer Privacy

Sumo acknowledges the pervasive human rights risks in our industry around privacy and data security. Our strong policies and management systems in each of these areas are structured to make us resilient in a volatile world of accelerated innovation, global data proliferation, and fast-changing regulatory frameworks. We build privacy and data protection into the design and development of our products, services, and operations. We also have strong relationships with our business partners to ensure our expectations and compliance requirements are followed.

Data security and privacy are at the forefront of our decisions at Sumo. We utilize numerous controls to ensure platform security, including identity and access management, multi-factor authentication, robust logging, real-time security monitoring, encrypted operating system volumes and more. We have a dedicated System and Organization Controls (SOC) security operations center with a full incident response program escalating to our Chief Executive Officer and our Chief Security Officer, as well as to our Audit Committee, if warranted.

Our distinct public cloud offering is built out to and operated in accordance with NIST 800-53 FedRAMP-Moderate framework. Specifically, our platform is PCI-DSS 3.2.1 Service Provider Level 1 certified, SOC 2 Type 2 attested, HIPAA Security Rule compliance attested, ISO 27001 certified, CSA STAR certified, and our federal offering is FedRAMP Moderate Authorized. Independent, third-party assessors audit and certify our compliance annually with these standards.

We have a robust security and data privacy training program required for all employees and contractors upon hire and ongoing annually and strive for 100% of employees completing this training. Please see our Privacy Statement for more information on our commitment to safeguards around the information used with our cloud analytics solutions.

Philanthropy and Volunteerism

Sumo is committed to supporting our local communities in which we live and work. We believe that we can make a difference in the lives of those in need and those who are underserved or underrepresented, through our corporate philanthropy and employee volunteer programs. Some of the organizations we have worked with include:

AID India

Meals on Wheels

Second Harvest

Food Bank of the Rockies

New York Cares

Pencil

Girls Who Code

UNICEF

Ocean Cleanup

Operation Underground Railroad

Human Capital

While we are incredibly proud of our technology, we’re most proud of our community of passionate, talented individuals committed to creating significant customer impact and value. Our board of directors play a key role in the oversight of our culture, setting the tone at the top, and see human capital management, including diversity, equity, inclusion, and belonging (DEIB) initiatives, as critical elements to our long-term success. Our objective is to create the organizational conditions and culture for talented individuals to thrive. We aim to advance our technological innovation, business success, and stockholder value by motivating such individuals to perform to the best of their abilities and achieve our corporate objectives. We offer competitive pay and benefits, including paid family leave, flexible work schedules and a comprehensive health and wellness program. For more information, please see the Careers section on our website.

Diversity, Equity, Inclusion and Engagement

We strive to cultivate a high-performing and diverse workforce and to foster a culture of collaboration and learning, where all employees feel valued and enhance each other’s performance. We aim to continue to make positive strides on DEIB and have engaged consulting services to guide our developing and integrating a robust DEIB strategy. We are taking initial steps to advance our DEIB initiatives through unconscious bias training and diverse talent acquisition strategies. We are also increasing transparency around the demographics of our employee workforce, recognizing we still have a way to go.

We actively seek opportunities for regular engagement and communication by our Chief Executive Officer (CEO) and other senior executive leaders with our broader employee population. For example, we host periodic townhalls that provide an opportunity for our CEO and other senior leaders to be accessible to our global employees while discussing topics such as recent financial results, innovative growth initiatives, and customer success stories.

We also conduct an annual confidential company-wide employee engagement survey. Feedback from these surveys provides our management team with valuable information about our workplace culture and corporate mission, and the results are used to develop and refine other aspects of our overall human capital management and other growth strategies.

Environmental Management

We are committed to environmental leadership throughout our global business operations. We continually evaluate ways to advance environmental-friendly practices in our organization from managing our facilities to enhancing our processing and computing to optimize resource efficiency.

We believe that global demand for the functionality of our platform will continue to increase as international businesses undergo digital transformations and adopt cloud-based technologies. We have established a worldwide presence through a combination of global office locations, semi-remote workforce, and outsourced cloud computing, all incorporated within our approach to environmental management.

As of January 31, 2021, we operated lease arrangements for 12 buildings worldwide with varied space configurations. The Denver, Colorado office building is LEED-EB O&M Platinum Certified, including EV charging stations, green roof features, and environmentally conscious energy and waste management. We are currently working with our landlords to identify and prioritize improvement opportunities as part of advancing our environmental management strategy.

We do not own or operate any on-premises data centers. Our service solutions are instead hosted on AWS cloud-based platforms, allowing us to leverage economies-of-scale through them regarding carbon emissions and electricity usage.