While cetifications and standards may be beneficial, they must be meaningful, enforceable and adequately address security and environmental concerns. Many industry standards are only baselines for responsible disposition. At U.S Micro, we strive to exceed not just meet these standards. Below are examples of industry certifications that demonstrate this goal.
For additional information, download a U.S. Micro white paper that discusses the differences between R2 and e-Stewards®, as well as the dangers of relying exclusively on certifications when evaluating ITAD vendors.
AICPA SOC 2SM (previously SAS 70)
U.S. Micro set the bar high for the ITAD industry with its Service Organization Controls (SOC) Reports, Type 2 certification (previously SAS 70). The American Institute of Certified Public Accountants (AICPA) awards the prestigious designation based on their independent assessment of a company’s control procedures, including their effectiveness and maturity. The SOC 2SM report is intended to meet the needs of a broad range of users that need to understand the internal controls of a company as they relate to security, processing integrity, confidentiality and privacy.
Third Party Forensic Audits
U.S. Micro submits annually to a third party forensic audit of its disk sanitization process for effectiveness, thoroughness and auditability. The review includes an evaluation of U.S. Micro’s disk wiping technology and detailed analysis of numerous disk drives wiped using the technology. Through evaluation of U.S. Micro’s procedures, the audit also confirms compliance with two industry standards: United State Department of Defense 5220.22 and NIST 800-88.
• United States Department of Defense 5220.22-M
U.S. Micro utilizes a software-based data sanitization method certified by the National Industrial Security Program (NISP). This process maintains security when wiping data from customer assets.
• NIST 800-88
U.S. Micro follows the Network Information Security & Technology (NIST) standardization guide to determine sanitization processes for various media before disposal or reuse. This is another precaution U.S. Micro takes to ensure that all customer data is wiped from retired assets before leaving their site.
Payment Card Industry Data Security Standard (PCI DSS)
PCI DSS sets standards to ensure the safe handling of payment cardholder information; it covers prevention, detection and appropriate reaction to security incidents. The certification was awarded to U.S. Micro after an audit of its internal controls and processes related to handling data on retired IT devices. U.S. Micro pursued the certification because sensitive payment card data could potentially be stored on numerous devices that it processes.
Microsoft Authorized Refurbisher (MAR)
This highly-coveted certification grants U.S. Micro rights to preinstall Windows software and provide genuine Windows licenses for systems the company refurbishes and sells. U.S. Micro has been a MAR since 2008; only companies that can demonstrate a strong track record of refurbishing equipment as well as technical competence and extensive security capabilities can attain this certification. While there are thousands of refurbishers in the U.S., there are typically less than fifteen companies who maintain this status. Work with an established MAR when purchasing refurbished equipment to ensure the Windows software is legally provided.
International Data Corporation (IDC) Green Recycling Asset Disposal for the Enterprise (G.R.A.D.E.) Certification
G.R.A.D.E has become the standard in the industry for recognizing outstanding asset decommissioning services. U.S. Micro is one of only seven companies who are IDC G.R.A.D.E certified. IDC analyzes seven areas of the retirement process, and how it relates to recycling of the assets, including planning, corporate social responsibility, asset management, data security, environmental stewardship, cost avoidance and ROI, and operations management. This certification acknowledges U.S. Micro’s commitment to provide superior recycling to its customers, as well as refurbishing or recycling retired assets to ensure components do not end up in landfills. IDC is a wholly-owned subsidiary of International Data Group (IDG), the world’s leading technology media, events and research company.
R2 & ISO 14001:2004
The Responsible Recycling (R2) certification establishes standards for the environmentally responsible disposition of IT equipment, including maximizing reuse whenever possible and setting guidelines for disposal such as no use of landfills. R2 is the most widely accepted certification of its kind among IT recyclers. The environmental management system U.S. Micro chose as part of its R2 certification is ISO 14001:2004. U.S. Micro earned the R2 and ISO certifications after undergoing an independent audit that evaluated and tested its policies governing waste management, data security, employee health and safety, public health and the environment, and its chain of custody processes.
Quality, Environmental, Health & Safety Policy
U.S. Micro's Quality, Environmental , Health, & Safety Policy is located here: QEHS Policy
888-USMICRO (876-4276) Las Vegas: 702-998-7900 Atlanta: 770-437-0706
Las Vegas Headquarters
7608 West Teco Ave, Las Vegas, NV 89113
Atlanta Facility
7000 Highlands Parkway, Suite 160 Smyrna, GA 30082
Dallas Facility
1075 South Beltline, Suite 500, Coppell, TX 75019
Copyright © 2011 U.S. Micro. All rights reserved. Professional Website Design by DBurns Design.