While cetifications and standards may be beneficial, they must be meaningful, enforceable and adequately address security and environmental concerns. Many industry standards are only baselines for responsible disposition. At U.S Micro, we strive to exceed not just meet these standards. Below are examples of industry certifications that demonstrate this goal.
U.S. Micro set the bar high for the ITAD industry with its Service Organization Controls (SOC) Reports, Type 2 certification (previously SAS 70). The American Institute of Certified Public Accountants (AICPA) awards the prestigious designation based on their independent assessment of a company’s control procedures, including their effectiveness and maturity. The SOC 2SM report is intended to meet the needs of a broad range of users that need to understand the internal controls of a company as they relate to security, processing integrity, confidentiality and privacy.
PCI DSS sets standards to ensure the safe handling of payment cardholder information; it covers prevention, detection and appropriate reaction to security incidents. The certification was awarded to U.S. Micro after an audit of its internal controls and processes related to handling data on retired IT devices. U.S. Micro pursued the certification because sensitive payment card data could potentially be stored on numerous devices that it processes.
This highly-coveted certification grants U.S. Micro rights to preinstall Windows software and provide genuine Windows licenses for systems the company refurbishes and sells. U.S. Micro has been a MAR since 2008; only companies that can demonstrate a strong track record of refurbishing equipment as well as technical competence and extensive security capabilities can attain this certification. While there are thousands of refurbishers in the U.S., there are typically less than fifteen companies who maintain this status. Work with an established MAR when purchasing refurbished equipment to ensure the Windows software is legally provided.
The Responsible Recycling (R2) certification establishes standards for the environmentally responsible disposition of IT equipment, including maximizing reuse whenever possible and setting guidelines for disposal such as no use of landfills. R2 is the most widely accepted certification of its kind among IT recyclers. The environmental management system U.S. Micro chose as part of its R2 certification is ISO 14001:2004. U.S. Micro earned the R2 and ISO certifications after undergoing an independent audit that evaluated and tested its policies governing waste management, data security, employee health and safety, public health and the environment, and its chain of custody processes.
U.S. Micro's Environmental , Health, & Safety Policy is located here: EHS Policy