Our Commitment to Sustainability
Sumo Logic is a pioneer in continuous intelligence, a new category of software enabling organizations of all sizes to address the greatest data challenges and opportunities presented by digital transformation and cloud computing. Our vision is to democratize machine data, and we believe we can achieve this by focusing on our core values of bringing light to dark, putting our customer first, fostering a learning culture, working with heart, and focusing on one single agenda.
We deliver continuous intelligence — real-time insights delivered as a service across multiple-use cases — from a cloud-native platform. With continuous intelligence, Sumo Logic empowers the people who power modern business — allowing them to make smarter decisions, faster.
We recognize that our commitment to managing environmental, social, and governance (ESG) risks and opportunities is essential to long-term value creation for our stockholders, employees, customers, communities, and other stakeholders. Our approach to ESG is anchored in our mission to democratize machine data and empower organizations with the critical data and insights required to address technology and collaboration challenges with prescriptive action in real time — a modern business imperative. Both our management team and our board of directors believe that our environmental stewardship, social responsibility, and corporate governance practices are foundational to our operational success, growth strategy, and financial priorities. Our strategic priorities for ESG align with the Sustainability Accounting Standards Board (SASB) for the software and IT services industry. We strive for continuous improvement in ESG as we grow and expand our global reach.
Our board is responsible for promoting our strong culture of corporate citizenship and adherence to business standards guided by our Code of Business Conduct and Ethics . Our Corporate Governance and Nominating Committee has oversight of our ESG practices, as outlined in its committee charter . Other board committees also play a role in ESG, with responsibilities across areas such as cybersecurity, human capital management, and corporate risk assessment and risk management. In addition, members of our management team and subject-matter experts across our company are responsible for the implementation of our ESG strategy, initiatives, and communications.
We believe the composition of our board — including the diversity of experiences, knowledge, and viewpoints of our directors — is critical to our success. To learn more about board diversity and our leadership’s oversight of ESG, please see our 2021 Proxy Statement.
Honest and ethical conduct is critical to our business. Our success depends on the trust we foster with our employees, with our customers and partners, and with our community by acting with integrity and in accordance with applicable laws. We expect every employee, officer, director, and consultant to not only read and understand our Code of Business Conduct and Ethics , but also apply good judgment and the highest personal ethical standards in making business decisions. In 2021, 100% of employees completed our compliance training.
We encourage employees to raise concerns and be alert to possible violations and report them without fear of retaliation. The Sumo Logic Compliance Hotline , hosted by an independent third-party provider, allows employees and other stakeholders to report any questions, concerns, or suspected violations.
Intellectual Property and Competitive Behavior
The markets in which we operate are competitive and characterized by rapid changes in technology, customer requirements, and industry standards, and frequent introductions of improvements to existing service offerings. Our competitors and potential competitors include providers of tools such as analytics; enterprise and open-source search, security information and event management (SIEM); security orchestration, automation, and response (SOAR); observability, monitoring; and other software offerings. Our success depends in part upon our ability to safeguard our core technology and other intellectual property protection for our technology, inventions, improvements, proprietary rights, and other assets. We seek to accomplish that objective by establishing intellectual property rights in and protecting those assets. More information can be found in our annual report on Form 10-K.
Risk Management and Business Continuity
Our platform is built on a multi-tenant cloud architecture, hosted on Amazon Web Services (AWS) using intelligent resource management, auto scaling, and partitioning logic to manage our compute and storage footprint so that we can deliver resiliency and optimal performance while maintaining efficiency. Our platform runs across multiple regions and within each region across multiple AWS data centers. Our microservices are distributed to avoid single points of failure and to ensure fault tolerance even in the case of full physical data center outage. We have enhanced our disaster readiness by establishing a site reliability team that continuously tests the health of our IT environment, monitors security protocols, and addresses any system outages for immediate and complete restoration. Our contingency plans are certified through third-party audits and tested annually.
Our vendors are primarily in the IT industry and based in low-risk countries where ESG risk is less prevalent. We ask that vendors comply with our Supplier Code of Conduct or demonstrate equivalent policies and practices.
We take a risk-based approach to assessing vendors. Our procurement team relies on a risk engagement matrix to assess potential vendor relationships in accordance with how critical they are to our operations. We have a security team in place to analyze at-risk software as a service (SaaS) vendors that have a direct impact on the integrity and reliability of our technical infrastructure. The review incorporates the confidentiality, integrity, and availability system attributes of our SaaS vendors and enforces the standards that are critical to our operations. We review our risk assessments of our critical vendors annually. Our vendors are our partners and we work with them to deliver the best possible platform and service to our customers.
We are committed to periodically reviewing and assessing risk in our value chain including the risk of slavery, human trafficking, child labor or other human rights issues. Please see our Modern Slavery Act disclosure statement for more information.
At Sumo Logic, we recognize and take seriously our responsibility to help protect, preserve, and promote human rights around the world. For us, this means creating technology to address our customers’ greatest challenges, ensuring privacy and security for our partners and users, and finding opportunities to amplify our social impact in the communities where we live and work.
Data Security and Customer Privacy
Sumo Logic acknowledges the pervasive human rights risks in our industry around privacy and data security. Our strong policies and management systems in each of these areas are structured to make us resilient in a volatile world of accelerated innovation, global data proliferation, and fast-changing regulatory frameworks. We build privacy and data protection into the design and development of our products, services, and operations. We also have strong relationships with our business partners to ensure our expectations and compliance requirements are followed. Data security and privacy are at the forefront of our decisions at Sumo Logic. We utilize numerous controls to ensure platform security, including identity and access management, multi-factor authentication, robust logging, real-time security monitoring, encrypted operating system volumes, and more. We have a dedicated security operations center (SOC) with a full incident response program escalating to our chief executive officer and our chief security officer as well as to our Audit Committee, if warranted. Our distinct public cloud offering is built out to and operated in accordance with NIST 800-53 FedRAMP-Moderate framework. Specifically, our platform is PCI-DSS 3.2.1 Service Provider Level 1 certified, SOC 2 Type 2 attested, HIPAA Security Rule compliance attested, ISO 27001 certified, and CSA STAR certified. Our federal offering is FedRAMP Moderate Authorized. Independent third party assessors audit and certify our compliance annually with these standards. We have a robust security and data privacy training program required for all employees and contractors upon hire and ongoing annually and strive for 100% of employees completing this training. Please see our Privacy Statement for more information on our commitment to safeguards around the information used with our cloud analytics solutions.
Philanthropy and Volunteerism
Sumo Logic is committed to supporting our local communities in which we live and work. We believe that we can make a difference in the lives of those in need and those who are underserved or underrepresented through our corporate philanthropy and employee volunteer programs. Some of the organizations we have worked with through July 2021 include:
AID India Food
Bank of the Rockies
Girls Who Code
Meals on Wheels
New York Cares
Operation Underground Railroad
While we are incredibly proud of our technology, we’re most proud of our community of passionate, talented individuals committed to creating significant customer impact and value. Our board of directors plays a key role in the oversight of our culture, setting the tone at the top, and sees human capital management — including diversity, equity, inclusion, and belonging (DEIB) initiatives — as critical elements to our long-term success. Our objective is to create the organizational conditions and culture for talented individuals to thrive. We offer competitive pay and benefits, including paid family leave, flexible work schedules and a comprehensive health and wellness program. For more information, please see the Careers section on our website.
Diversity, Equity, Inclusion and Engagement
We strive to cultivate a high-performing and diverse workforce and to foster a culture of collaboration and learning where all employees feel valued and enhance each other’s performance. We aim to continue to make positive strides on diversity, equity, inclusion, and belonging (DEIB) and have engaged consulting services to integrate a robust DEIB strategy.
In 2021, we rolled out a company-wide inclusion, bias, and allyship training, offering over 24 sessions globally. After completing the training, 80% of respondents said they better understand the experiences of other employees and feel motivated to build an inclusive culture at Sumo Logic. We also offered a training titled Courageous Conversations in observance of Juneteenth, focusing on techniques to discuss race, equity, and inclusion in the workplace. Additionally, 100% of employees complete training on harassment and discrimination annually.
We actively seek opportunities for regular engagement and communication by our chief executive officer (CEO) and other senior executive leaders to our broader employee population. For example, we host periodic town halls that provide an opportunity for our CEO and other senior leaders to be accessible to our global employees while discussing topics such as recent financial results, innovative growth initiatives, and customer success stories.
We are committed to environmental leadership throughout our global business operations. We continuously evaluate ways to advance environmentally friendly practices in our organization, from managing our facilities to enhancing our processing and computing to optimize resource efficiency.
We believe that global demand for the functionality of our platform will increase as international businesses undergo digital transformations and adopt cloud-based technologies. We have established a worldwide presence through a combination of global office locations, a semi-remote workforce, and outsourced cloud computing, all incorporated within our approach to environmental management. We do not own or operate any data centers on-premises. Our service solutions are instead hosted on AWS cloud-based platforms, allowing us to leverage economies of scale regarding carbon emissions and electricity usage.
As of January 31, 2021, we operate lease arrangements for 12 buildings worldwide with varied space configurations. The majority of our footprint lies in our headquarters in Redwood City, which houses approximately 30% of our workforce. In 2021, we measured our energy, water and waste footprint for this office as another advancement in our ESG journey. We are currently working with our landlords to identify and prioritize improvement opportunities as part of advancing our environmental management strategy. This includes expanding the number of LEED and WELL certifications in our office portfolio to ensure the well-being of our employees and reduce the environmental impact of our operations.