While cetifications and standards may be beneficial, they must be meaningful, enforceable and adequately address security and environmental concerns. Many industry standards are only baselines for responsible disposition. At U.S Micro, we strive to exceed not just meet these standards. Below are examples of industry certifications that demonstrate this goal.
For additional information, download a U.S. Micro white paper that discusses the differences between R2 and e-Stewards®, as well as the dangers of relying exclusively on certifications when evaluating ITAD vendors.
U.S. Micro set the bar high for the ITAD industry with its Service Organization Controls (SOC) Reports, Type 2 certification (previously SAS 70). The American Institute of Certified Public Accountants (AICPA) awards the prestigious designation based on their independent assessment of a company’s control procedures, including their effectiveness and maturity. The SOC 2SM report is intended to meet the needs of a broad range of users that need to understand the internal controls of a company as they relate to security, processing integrity, confidentiality and privacy.
U.S. Micro submits annually to a third party forensic audit of its disk sanitization process for effectiveness, thoroughness and auditability. The review includes an evaluation of U.S. Micro’s disk wiping technology and detailed analysis of numerous disk drives wiped using the technology. Through evaluation of U.S. Micro’s procedures, the audit also confirms compliance with two industry standards: United State Department of Defense 5220.22 and NIST 800-88.
• United States Department of Defense 5220.22-M
U.S. Micro utilizes a software-based data sanitization method certified by the National Industrial Security Program (NISP). This process maintains security when wiping data from customer assets.
• NIST 800-88
U.S. Micro follows the Network Information Security & Technology (NIST) standardization guide to determine sanitization processes for various media before disposal or reuse. This is another precaution U.S. Micro takes to ensure that all customer data is wiped from retired assets before leaving their site.
PCI DSS sets standards to ensure the safe handling of payment cardholder information; it covers prevention, detection and appropriate reaction to security incidents. The certification was awarded to U.S. Micro after an audit of its internal controls and processes related to handling data on retired IT devices. U.S. Micro pursued the certification because sensitive payment card data could potentially be stored on numerous devices that it processes.
This highly-coveted certification grants U.S. Micro rights to preinstall Windows software and provide genuine Windows licenses for systems the company refurbishes and sells. U.S. Micro has been a MAR since 2008; only companies that can demonstrate a strong track record of refurbishing equipment as well as technical competence and extensive security capabilities can attain this certification. While there are thousands of refurbishers in the U.S., there are typically less than fifteen companies who maintain this status. Work with an established MAR when purchasing refurbished equipment to ensure the Windows software is legally provided.
G.R.A.D.E has become the standard in the industry for recognizing outstanding asset decommissioning services. U.S. Micro is one of only seven companies who are IDC G.R.A.D.E certified. IDC analyzes seven areas of the retirement process, and how it relates to recycling of the assets, including planning, corporate social responsibility, asset management, data security, environmental stewardship, cost avoidance and ROI, and operations management. This certification acknowledges U.S. Micro’s commitment to provide superior recycling to its customers, as well as refurbishing or recycling retired assets to ensure components do not end up in landfills. IDC is a wholly-owned subsidiary of International Data Group (IDG), the world’s leading technology media, events and research company.
The Responsible Recycling (R2) certification establishes standards for the environmentally responsible disposition of IT equipment, including maximizing reuse whenever possible and setting guidelines for disposal such as no use of landfills. R2 is the most widely accepted certification of its kind among IT recyclers. The environmental management system U.S. Micro chose as part of its R2 certification is ISO 14001:2004. U.S. Micro earned the R2 and ISO certifications after undergoing an independent audit that evaluated and tested its policies governing waste management, data security, employee health and safety, public health and the environment, and its chain of custody processes.
U.S. Micro's Environmental , Health, & Safety Policy is located here: EHS Policy