News

Wednesday, February 01, 2012
U.S. Micro Earns Prestigious SOC 2SM Designation

U.S. Micro Corporation, a pioneer and innovator in the IT asset disposition (ITAD) industry, today announced it has achieved the American Institute of Certified Public Accountants’ (AICPA) Service Organization Controls (SOC) 2, Type II designation. The company earned this coveted validation of its controls relevant to security, processing integrity and confidentiality after undergoing an intensive examination. Independent auditors evaluated and tested various U.S. Micro Corporation controls, including those related to data elimination; information security; disposition; electronic inventory counts; human resources; change management; information systems operations; and required COSO-level controls.

The move by U.S. Micro to undergo a SOC 2SM examination is unique within the $5 billion ITAD industry.

Jim Kegley, founder, president and CEO of U.S. Micro, said: "Our board of directors and management decided to pursue SOC 2 because U.S. Micro’s process and service offerings exceed the requirements of existing industry certifications and what our competitors offer. We wanted a highly respected third party to confirm what we offer customers. By earning this designation, we are raising the bar for IT asset disposition standards and vendors."

A SOC 2SM, Type II examination is intended to help a broad range of stakeholders understand a company’s internal controls related to security, availability, processing integrity, confidentiality, and privacy. SOC designations are increasingly preferred and/or required of vendors doing business with public companies. Examinations must be performed by an independent, certified auditor, in accordance with attestation standards established by the AICPA.

As large companies focus more on the potential risks of data breaches and environmental considerations related to retired IT assets, greater scrutiny is being placed on ITAD vendors and their ability to safely and responsibly dispose of assets.

Kegley asserts that third party audits will become more prevalent. "Large companies – and increasingly smaller ones – want assurance that IT assets will be handled properly after retirement and won’t end up costing millions and ruining their reputations if data is mishandled," he said. "Having a third party assessment of controls – like SOC 2SM – is an important evolution for the ITAD industry."

The proliferation of IT equipment and corresponding need for ITAD services is well documented. For example, the International Data Corporation (IDC) estimated an installed base of 338.3 million PCs in the U.S. in 2010 and a 20.5 percent annual retirement rate, pointing to a need for ITAD vendors with highly developed controls and processes to ensure proper disposal.

U.S. Micro Corporation
Since 1995, U.S. Micro Corporation has been a major innovator and leader in enterprise IT data security. Headquartered in Las Vegas, Nev., U.S. Micro serves Fortune 500 companies that demand the highest levels of data security and environmental stewardship. Committed to a 100 percent no landfill policy, the company refurbishes and sells approximately 90 percent of the equipment it processes; the remaining 10 percent is EPA-compliantly recycled at its Next-Generation IT Demanufacturing and Distribution Center in Las Vegas. U.S. Micro is R2, G.R.A.D.E. (Green Recycling Asset Disposal for the Enterprise), ISO 14001:2004 and Payment Card Industry (PCI) certified. It is also a Microsoft Authorized Refurbisher and holds the American Institute of Certified Public Accountants’ (AICPA) Service Organization Controls (SOC) 2, Type II designation.