SUSTAINABILITY ACCOUNTING STANDARDS BOARD (SASB) CONTENT INDEX

The Booz Allen Hamilton 2022 Environmental, Social, Governance (ESG) Report ("2022 ESG Report") has been prepared in accordance with the Sustainability Accounting Standards Board (SASB) Index: Professional & Commercial Services subset. SASB standards are designed to identify a set of sustainability issues most likely to impact the operating performance or financial condition of the typical company in an industry, regardless of location. Topics that may be deemed material under the SASB Standards are not necessarily material for purposes of the U.S. federal securities laws or for other purposes. For additional information on the SASB Standards, please visit the SASB Standards website.

CODE	METRIC	LOCATION AND/OR DISCUSSION
Data Security and Privacy
SV-PS-230a.1	Description of approach to identifying and addressing data security risks	2022 ESG Report; Corporate Governance, Ethics & Compliance (Pages 45-46) 2022 ESG Report; Corporate Governance, Enterprise Risk Management and Supply Chain Management (Page 47) 2022 ESG Report; Drive Community Resilience, Cybersecurity and Data Privacy (Pages 39-40) FY22 Annual Report; Part I, Item 1 (Page 6) FY22 Annual Report; Part I, Item 1A (Pages 14-15, 20-22, 25-26) We safeguard information and technology assets in order to prevent harm to our employees, our enterprise, our clients, and those whose information or assets are entrusted to us. Our Board's Audit Committee, which is tasked with oversight of certain risk issues, including cybersecurity, receives reports from the Chief Information Security Officer and the Chief Information Officer multiple times throughout the year. The Audit Committee regularly briefs the full Board on these matters, and the full Board also receives periodic briefings on cyber threats in order to enhance our directors' literacy on cyber issues. At the enterprise level, Information Services, Security, Enterprise Risk Management, Legal, Ethics & Compliance, and related advisory bodies engage in the following, among other activities, designed to protect sensitive information with which we come into contact: Track systems integration effectiveness, efficiency, and data integrity. Manage incidents through identification, investigation, and remediation with maintenance and annual testing of incident response plans and procedures, including regularly conducted tabletops and after-action walkthroughs for continuous improvement. Collect, consume, and distribute cyber threat intelligence reporting. Maintain partnerships within the information security community. Support compliance with relevant security and control plans and guidance and conduct annual risk assessments and external audits, including external annual compliance assessments against the NIST 800-171 requirements. Facilitate both internal and external collaboration for intelligence sharing. Promote organizational effectiveness through employee training. Proactively search for vulnerabilities and attackers utilizing automated and manual techniques. Conduct adversary emulation exercises using both in-house and external professionals without notice to threat defenders to continuously test our defend and respond capabilities. Advise on standards for firm storage and cloud computing and client delivery environments. Maintain secure facilities up to Top Secret and Sensitive Compartmented Information Facilities accredited by various agencies. Advise on enterprise and entrusted asset privacy and international trade compliance, brand use and protection requirements, and intellectual property. Advise on public reporting requirements and treatment of material nonpublic information Every Booz Allen person is responsible for doing their part to maintain the integrity, proper use, and handling of information. All employees are required to participate in annual information security training on a variety of topics including data privacy, phishing, and other emerging issues. We offer additional training, depending on an employee's job function, to make sure they are equipped to respond in a rapidly evolving cyberthreat landscape.
SV-PS-230a.2	Description of policies and practices relating to collection, usage, and retention of customer information	2022 ESG Report; Drive Community Resilience, Cybersecurity and Data Privacy (Pages 39-40) Our standard information security and data security policies, practices, and procedures apply to all Booz Allen entities, including wholly owned subsidiaries, as well as all cleared Booz Allen facilities and their employees. To enhance both specificity and flexibility, we supplement those standard procedures with additional protocols specific to the needs of a location, client, or engagement. We also evaluate the security policies and practices of our suppliers and business partners. Our data privacy policy outlines our commitment to the protection of personal information and sets forth retention and deletion requirements. We also recognize, respect, and seek to achieve compliance with applicable laws of foreign nations. Booz Allen people are bound by confidentiality obligations and policy requirements that apply when they collect, receive, use, process, store, destroy, or disclose information, and we have a robust investigation and disciplinary process in place to respond to noncompliance. But the nature of our work and our corporate values require more than just compliance. It is up to every Booz Allen employee to create connections, establish relationships, and build trust within teams. We support our employees with an ecosystem of services, programs, training, and tools designed to prevent, bring to light, and mitigate potential risk situations. See also: Compliance with International Trade Regulations Policy Data Privacy Policy Code of Business Ethics & Conduct (Page 16)
SV-PS-230a.3	Number of data breaches, percentage involving customers' confidential business information (CBI) or personally identifiable information (PII), number of customers affected	2022 ESG Report; Drive Community Resilience, Cybersecurity and Data Privacy (Pages 39-40) Booz Allen has not reported any material cybersecurity breaches in the last three years.
Workforce Diversity & Engagement
SV-PS-330a.1	Percentage of gender and racial/ethnic group representation for executive management and all other employees	2022 ESG Report; Empower Diverse Talent (Pages 12-27) 2022 ESG Report; Corporate Governance, Board of Directors (Page 44) FY22 Annual Report; Part I, Item 1, Human Capital (Pages 4-5) Refer to page 15 of our 2022 ESG Report for the percentage of gender and racial/ethnic group representation for our total workforce, senior leadership, and all other employees. See also: Booz Allen's Diversity, Equity & Inclusion Program Equal Employment Opportunity and Affirmative Action Policy Code of Business Ethics & Conduct (Page 14) Total Rewards Program
SV-PS-330a.2	Voluntary and involuntary turnover rate for employees	2022 ESG Report; Empower Diverse Talent, Diversity, Equity, & Inclusion (Page 15) FY22 Annual Report; Part 1, Item 1, Human Capital (Page 4) We do not report aggregate voluntary and involuntary annual turnover rates as that information is deemed Booz Allen confidential. Consistent with our commitment to diversity, equity, and inclusion, we do report the percentages of new hires and departures by demographic categories on page 15 of our 2022 ESG Report.
SV-PS-330a.3	Employee engagement as a percentage	2022 ESG Report; Empower Diverse Talent, Employee Engagement & Retention (Pages 21-22) 2022 ESG Report; Empower Diverse Talent (Pages 12-27) 2022 ESG Report; Drive Community Resilience, Resilient Enterprise & Workforce (Pages 35-36) 2022 ESG Report; Drive Community Resilience, Cybersecurity and Data Privacy (Pages 39-40) 2022 ESG Report; Corporate Governance, Ethics & Compliance (Pages 45-46) FY22 Annual Report; Part I, Item 1, Employee Engagement (Page 5) We conduct an annual Employee Experience Survey, which measures, among other factors, our employees' impression of the inclusiveness of our work environment. The survey results provide insights into how employees experience Booz Allen and our culture, helping our leaders better understand areas of opportunity and areas for greater attention. In fiscal year 2022, we saw the impact of our COVID-19 response efforts on the well-being of our employees and clients, and we continued to focus our attention on keeping each other, our families, and our clients safe; supporting our clients' vital missions; and protecting our business. We engaged with employees to understand how we could best help them, including maintaining a robust benefits program, financial and job security, enhanced caregiver support, and telework resources. In our FY22 Employee Experience Survey, 85% of Booz Allen people said the firm helps them build relevant skills, and 83% of Booz Allen people said the firm supports their professional development. We do not disclose employee engagement as a percentage; however, the references provided provide discussions of our practices to support employee engagement.
Professional Integrity
SV-PS-510a.1	Description of approach to ensuring professional integrity	2022 ESG Report; Corporate Governance, Ethics & Compliance (Pages 45-46) 2022 ESG Report; Corporate Governance, Supply Chain Management (Page 47) Ethics & Compliance Program Code of Business Ethics & Conduct Our employees are required to complete annual training on our Code of Business Ethics and Conduct. Additionally, our Code expresses our expectation that all our business partners, including subcontractors, suppliers, vendors, and business intermediaries, operate in a manner that is consistent with our commitment to diversity, integrity, and sustainability. We have audited our ethics program across our global operations through program assessments generally occurring on a three-year cadence. Read more about our approach to professional integrity in the following sources: Our Purpose & Values Supplier Code of Conduct Ethics & Compliance Policies FY22 Annual Report; Part I, Item 1, Human Capital (Pages 4-5)
SV-PS-510a.2	Total amount of monetary losses as a result of legal proceedings associated with professional integrity	We address and resolve all issues associated with professional integrity. Booz Allen has not incurred monetary losses during the reporting period as a result of material legal proceedings associated with professional integrity.
Activity Metrics
SV-PS-000.A	Number of employees by: (1) full-time and part-time, (2) temporary, and (3) contract	Refer to the 2022 ESG Report, Empower Diverse Talent (Page 15) for information on our permanent employees as of March 31, 2022. Of these, 643 were part-time. In addition to our permanent employees, 4,654 of our workers were temporary/independent contractors.
SV-PS-000.B	Employee hours worked, percentage billable	The company monitors all hours worked by employees. We do not report total number of employees hours worked or percentage billable as that is Booz Allen confidential information. See also: Code of Business Ethics & Conduct (Page 26)

Data in this report primarily reflects performance and operations during our 2022 fiscal year, which ended March 31, 2022. Unless otherwise noted, references to years or fiscal years are those ending on March 31.

Descriptions of our practices, policies, and programs may reflect more current information, where appropriate in the circumstances.