August 10, 2018
VIA EDGAR AND OVERNIGHT DELIVERY
Securities and Exchange Commission
Division of Corporation Finance
100 F Street, N.E.
Washington, D.C. 20549
Attn: | Amanda Kim, Staff Accountant |
Craig Wilson, Sr. Chief Accountant
Re: | FORTINET, INC |
Form 10-Q for the Quarterly Period ended March 31, 2018
Filed May 8, 2018
File No. 001-34511
Ladies and Gentlemen:
We are submitting this letter on behalf of Fortinet, Inc. (the “Company”) in response to comments from the staff (the “Staff”) of the Securities and Exchange Commission (the “Commission”) received by electronic mail on July 30, 2018 that relate to the Company’s Form 10-Q for the quarterly period ended March 31, 2018 (File No. 001‑34511), filed with the Commission on May 8, 2018. The numbered paragraphs below correspond to the numbered comments in the Staff’s letter and the Staff’s comments are presented in bold italics.
United States Securities and Exchange Commission
Division of Corporation Finance
August 10, 2018
2
Form 10-Q for the Quarterly Period Ended March 31, 2018
Notes to Condensed Consolidated Financial Statements
2. REVENUE RECOGNITION, page 7
1. | We note that you disclose that your sales arrangements contain multiple distinct performance obligations. However, it appears that the FortiGuard security subscription and FortiCare technical support services are bundled with hardware products and software licenses, the FortiOS operating system present in all your FortiGate appliances are updated by the Forticare technical support services, and the FortiGate hardware and software licenses are sold with a broad set of security services enabled by the FortiGuard security subscription. Please explain how your disclosure addresses the appropriateness of not combining these promised goods and services into one performance obligation. We refer you to ASC 606-10-25-19 through 25-21 and ASC 606-10-55-140D through 606-10- 55-140F. |
Response:
The Company advises the Staff that it evaluated whether the FortiGate hardware appliance (referring to the physical appliance) or software licenses (referring to virtual machines), FortiGuard security subscription and FortiCare technical support services constitute multiple performance obligations or should be combined to form a single performance obligation under ASC 606-10-25-19 through 25-21. Based on this evaluation, as discussed in detail below, the Company concluded that the FortiGate hardware appliance and software licenses, with the embedded FortiOS software, (collectively referred to herein as “FortiGate Products”), are capable of being distinct and distinct in the context of the contract from the security subscription and technical support services, and as such should be accounted for as a separate performance obligation. FortiGate Products are separately identifiable within the contract and are not highly interdependent or interrelated with the FortiCare support or FortiGuard security subscription services. The customer will still economically benefit from the built-in security and networking functionalities and capabilities of the FortiGate Products even without the optional FortiCare support and FortiGuard security subscription services. The Company expanded its disclosures in its Form 10-Q for the quarterly period ended June 30, 2018 to address the appropriateness of not combining these promised goods and services into one performance obligation.
The Company performed an extensive evaluation of the specific functionalities and capabilities of the FortiGate Products when implementing ASC 606. The Company’s FortiGate Products include a broad set of key built-in security and networking functionalities and capabilities including firewall, software-defined wide area network (SD-WAN), data leak prevention, virtual private network (VPN), switch and wireless controller and wide area network (WAN) acceleration that customers benefit from when purchasing FortiGate Products without purchasing the FortiCare support and FortiGuard security subscription services.
The Company considered the guidance outlined in ASC 606-10-25-19 through 25-21 in determining whether a promised good or service (or a bundle of goods and services) is distinct. ASC 606-10-25-19 states the following:
A good or service that is promised to a customer is distinct if both of the following criteria are met:
1. The customer can benefit from the good or service either on its own or together with other resources that are readily available to the customer (that is, the good or service is capable of being distinct) and
2. The entity’s promise to transfer the good or service to the customer is separately identifiable from other promises in the contract (that is, the promise to transfer the good or service is distinct within the context of the contract).
United States Securities and Exchange Commission
Division of Corporation Finance
August 10, 2018
3
Both of these criteria must be met to conclude that the good or service is distinct. If these criteria are met, the individual good or service must be accounted for as a separate unit of accounting (i.e., a performance obligation).
Capable of being distinct
ASC 606-10-25-20 provides clarity on this first criterion:
“A customer can benefit from a good or service in accordance with paragraph 606-10-25-19(a) if the good or service could be used, consumed, sold for an amount that is greater than scrap value, or otherwise held in a way that generates economic benefits. For some goods or services, a customer may be able to benefit from a good or service on its own. For other goods or services, a customer may be able to benefit from the good or service only in conjunction with other readily available resources. A readily available resource is a good or service that is sold separately (by the entity or another entity) or a resource that the customer has already obtained from the entity (including goods or services that the entity will have already transferred to the customer under the contract) or from other transactions or events. Various factors may provide evidence that the customer can benefit from a good or service either on its own or in conjunction with other readily available resources. For example, the fact that the entity regularly sells a good or service separately would indicate that a customer can benefit from the good or service on its own or with other readily available resources.”
The Company determined that the FortiGate Products, the FortiCare support services and the FortiGuard security subscriptions are each capable of being distinct.
The FortiGate Products have multiple built-in security and networking functionalities and capabilities from which customers can derive economic benefit on a standalone basis, as discussed above. The FortiCare support services provide access to technical support experts, firmware upgrades and flexible hardware replacement services. The FortiGuard security services provide access to regular updates for application control, anti-spam, web filtering, threat intelligence services, intrusion prevention service, industrial security and cloud access security broker. The FortiGuard security services are available as an additional application or feature in the FortiGate Products. This FortiGuard security application receives the regular updates to protect the customers’ security deployment from the latest attacks and threats. The FortiCare subscription or FortiGuard security subscription services have benefits to a customer when used with the FortiGate Products that have been delivered or made readily available. However, customers have purchased the FortiGate Products only for its specific features like firewall, VPN or SD-WAN.
Distinct within the context of the contract
The Company considered the three indicators provided in ASC 606-10-25-21 to determine whether the nature of the Company’s promise to the customer is to transfer (a) multiple goods or services or (b) a combined item that comprises the multiple promised goods or services in the contract. These indicators revolve around whether there is a two-way dependency between the promised goods and services and whether there is significant integration and customization or modification. In conjunction with assessing those three indicators, the Company also considered KPMG Revenue Recognition guidance which states that:
“The distinct within the context of the contract evaluation depends on whether the promised goods or services are separately identifiable. This is the case if they have a transformative relationship on each other, rather than merely an additive relationship to each other.
- Transformative relationship. Two goods or services that have a transformative relationship are combined into a single performance obligation. Goods and services have a transformative relationship when they each significantly affect each other such that they create a combined item(s) that is more than or different from the sum of the component parts of services. To have a transformative relationship, each of the goods or services needs to significantly affect each other.
United States Securities and Exchange Commission
Division of Corporation Finance
August 10, 2018
4
- Additive relationship. Two goods or services that have an additive relationship are separately identifiable and not combined into a single performance obligation. An additive relationship exists when only one good or service significantly affects or depends on the other....”
The Company sells standalone FortiGate Products without the FortiCare support or FortiGuard security subscription services and these services are not critical to the utility of the FortiGate Products. The FortiCare support or FortiGuard security subscription services are additive as these services provide additional functionality but are not critical or transformative. There is no significant service the Company provides to integrate the FortiGate Products and services into a combined output.
The Company concluded that the FortiGate Products are distinct within the context of the contract from FortiCare support services because the FortiGate Products remain highly functional without the updates and the technical support. This conclusion is consistent with Example 11, Case A beginning in FASB ASC 606-10-55-141 illustrating a fact pattern where technical support and software updates are distinct when the software is delivered before the other goods and services and it remains functional without the updates and the technical support. As a result, the example concludes the customer can benefit from each of the goods and services either on their own or together with the other goods and services that are readily available.
The Company also concluded that the FortiGate Products are distinct within the context of the contract from FortiGuard security subscription services that can be purchased by the customer in its discretion. FortiGuard security subscription services are not highly interdependent or interrelated with the FortiGate Products because the Company would be able to fulfill its promise to deliver the functionalities of the FortiGate Products even if the customer did not purchase any services. FortiOS includes an application to run FortiGuard subscription services that the customer can choose to purchase. If these optional services are purchased, they do not modify or customize the functionalities of FortiGate Products.
The Company considered the example given in ASC 606-10-55-140D through 140F. The example illustrates scenarios where the provision of one promise is integral to the customer’s ability to derive or maintain benefit from another promise, such that the entity cannot fulfill its combined promise without providing both items. In applying the separately identifiable principle, the example also highlights the notion of utility and how the promised service is critical to maintain the intended use and benefit of the other promise. The Company believes this example is not applicable to the Company’s FortiGate Products as the FortiGate Products have significant standalone functionalities and capabilities as discussed above that will continue to provide utility to the customer even without the services. The level of interaction and interdependence between the FortiGate Products and the services is not transformative as they do not result in an offering that is greater than the sum of the component goods and services.
In response to the Staff’s comment, the Company expanded its disclosures in its Form 10-Q for the quarterly period ended June 30, 2018 as follows (changes are italicized and only paragraphs with changes are included below):
Under Topic 606, we determine revenue recognition through the following steps:
•identification of the contract, or contracts, with the customer,
•identification of the performance obligations in the contract, including evaluation of performance obligations as to being distinct goods or services in a contract,
•determination of the transaction price,
•allocation of the transaction price to the performance obligations in the contract, and
•recognition of revenue when, or as, we satisfy a performance obligation.
United States Securities and Exchange Commission
Division of Corporation Finance
August 10, 2018
5
Product revenue primarily consists of sales of hardware and software licenses of our FortiGate and Fabric products. We derive a substantial majority of product sales from our FortiGate products. Our FortiGate products include a broad set of built-in security and networking features and functionalities, including firewall, SD-WAN, data leak prevention, VPN, switch and wireless controller and WAN acceleration, among others.
Our sales contracts typically contain multiple deliverables, such as hardware, software license, security subscription, technical support services and other services, which are generally capable of being distinct and accounted for as separate performance obligations. We evaluated the criteria to be distinct under Topic 606 and concluded that the hardware and software license were distinct and distinct in context of the contract from the security subscription and technical support services as the customer can benefit from the hardware and license without the services and the services are separately identifiable within the contract. We allocate the transaction price to each performance obligation based on relative standalone selling price. We determine standalone selling price based on the historical pricing and discounting practices for those services when sold separately. We determine standalone selling price for a product or service by considering multiple historical factors including, but not limited to, cost of products, gross margin objectives, pricing practices, geographies and the term of the service contract that fall within a reasonably range as a percentage of list price. Revenue is reported net of sales tax.
* * *
United States Securities and Exchange Commission
Division of Corporation Finance
August 10, 2018
6
Should the Staff have additional questions or comments regarding the foregoing, please do not hesitate to contact me at (650) 335-7631, or, in my absence, Ran D. Ben-Tzur at (650) 335-7613.
Sincerely, |
/s/ Jeffrey R. Vetter |
Jeffrey R. Vetter |
cc:
Ken Xie, Chief Executive Officer and Chairman
Keith Jensen, Chief Financial Officer
John Whittle, Esq., Vice President of Corporate Development,
General Counsel and Corporate Secretary
Fortinet, Inc.
Ran D. Ben-Tzur, Esq.
Ari Haber, Esq.
Fenwick & West LLP