HowESGDrivesWorkiva DrivingChange AboutThisSummary KEYESGDEVELOPMENTS GOVERNANCE STAKEHOLDERS MATERIALITY STRATEGY RESPONSIBLEGOVERNANCEPRACTICES VALUECHAIN SupportingResponsibleGovernanceandPractices Anunwaveringcommitmenttosoundgovernanceforsociety’sbenefithelpsdriveWorkiva’sCore Principlesthroughoutourcompany.Andweconstantlyrefineourgovernancestrategy.OurBoardof Directorsandmanagementregularlyreviewbestcorporate,governance,andbusinesspracticesand modifyourapproachasnecessary. GovernancePractices Workiva’scurrentbestpracticesinclude: Ourcontinuoustrainingprogramensuresthat • ABoardofDirectorsledbyanindependentchair 100%ofemployeescomplete: andcomprisingprimarilyofindependentdirectors • Informationsecurityandsecuritiestrading • FullyindependentBoard,AuditCommittee, trainingwithin48hoursofstartingwork CompensationCommittee,andNominating& • Codeofconducttrainingeachyear GovernanceCommittee • Anti-corruptionandbriberytrainingannually • Disclosureofexecutivecompensationpolicyand • Datasecuritytrainingeachyear theCEO-to-employeecompensationratio • Workplaceharassmenttrainingannually • Ananti-corruption/exportcontrols/economic sanctionspolicy BusinessPractices OurCodeofConduct,SupplierCodeofConduct,andAnti-CorruptionPolicyeachsupportsbest sustainability practices andisavailableonlineforinspection. OurboardhasmadecybersecurityanddataprivacythreatsatoppriorityatWorkiva.Reportsonourefforts againstthesethreatsaredeliveredateveryboardandauditcommitteemeeting,andacomprehensive cybersecurityreportisconsideredannuallybytheboard. TheboardissupportedbyaglobalCyberSecurityworkinggroupthatincludesexpertsfromprivacy,legal, compliance,andotherfunctionswhostrategizehowweshoulddealwithcybercrime.Thetaskforce’s efforts helped Workiva get authorization as a Moderate Impact Cloud Service Provider under the FedRAMPprogram. Workivaalsousesthird-partyauditorstoevaluateourcontrolsagainsttheSOC1andSOC2compliance frameworks.Weregularlyconductsupplierriskreviewstomakesureconfidential,sensitive,andproprietary dataareaccessedandhandledproperly.AndinAugust2021,WorkivaachievedISO27001certificationfora comprehensiveandeffectiveinformationsecuritymanagementsystemandbestpractices. DRIVINGCHANGE | 8