Micron Trust Center

Valuing Customers, Earning Trust, and Building Strong Relationships

+

Our commitment starts here

At Micron, we realize that addressing the challenges of today’s digital landscape requires steadfast commitment to protecting the trust relationship we have with our customers.

We embrace the unpredictability and constant threat to cybersecurity by leveraging the industry standard NIST (National Institute of Standards and Technology) Cybersecurity Framework; ensuring our workforce is trained and ready for any kind of disruption.

We provide transparency about our privacy practices and ensure our customers understand the choices they have regarding their privacy rights and Personal Information. See the Micron Privacy Notice for more information.

A comprehensive strategy for maintaining trust

Learn more about how Micron predicts, prevents, and responds to
ever-changing threats to ensure your trust in partnering with us.

Laptop Security

At Micron, cybersecurity is structured based on the National Institute of Standards and Technology (NIST) Cybersecurity Framework, using it as a capability guide to appropriately staff functional categories for appropriate responses. Reviews of process, procedures, and capabilities are performed on an ongoing basis and incorporate elements of relevant cases.

Micron is committed to ensuring the efficient flow of cargo by enhancing the integrity and security of Micron goods while in the global supply chain. To demonstrate this commitment, Micron holds certifications in C-TPAT (United States, Tier III) and the AEO (Japan, Taiwan, and China). Micron also works with distribution partners to implement international standards, such as TAPA, at warehousing operations.

Governance:

Micron has current certifications in:

  • US C-TPAT and AEO programs in Japan, China, and Taiwan
  • ISO 9001/IATF 16949

Other internal standards leverage TAPA FSR-TSR protocols.

Micron has a corporate security team that employs industry standards and best practices to ensure the physical safety of our employees, products, and assets. Our Global Security Operations framework includes equal input from all sites, and demonstrates a ‘one mission’ posture to shape the direction and conduct of security globally through evaluation and partnership.

Governance:

Micron follows the following standards:

  • ANSI/ASIS Security management Standard PAP-1 2012, Security Operations (Programs and Systems)
  • ANIS/SHRM Workplace Violence Prevention and Intervention WVPI.1-2011)
  • ANSI/ASIS Conformity Assessment and Auditing Management Systems of Private Security Operations PSC2-2012)
  • ASIS GDL FPSM-2009 Facilities Physical Security Measures Guideline)
  • ASIS Protection of Assets Manual (POA) 2014)
162a blue

Business Continuity Plans, Crisis Management Plans, and Disaster Recovery Plans are in place today.

Governance:

Micron’s BCP/CM/DR Program follows the industry standard, called the “All Hazards Approach". This means that Micron develops the plans to correctly assess impact, set cadence for meetings with SMEs, make recovery plans, and communicate them to the business and customers.

For more information, visit Business Continuity.

As part of our integrated Quality Management System (QMS), we promote risk-based thinking throughout our QMS. Team members are trained and guided in risk management concepts and execution to ensure that the needs and expectations of Micron’s interested parties are protected from risk at all levels of the organization. Risk-based thinking ensures that we consider risk and opportunity in a holistic manner, at all levels of our organization, and on a continual basis, to ensure the continuing suitability of our QMS to deliver its intended results.

Governance:

Micron’s QMS is certified to:

  • ISO9001:2015
  • IATF16949:2016

For more information, visit Quality.

160 blue

Responsible Sourcing

透過向供應商進行理念溝通,我們努力在整個供應鏈中複製責任採購的供應鏈作業規範。藉由分析並管理每個戰略供應商的相對風險,我們更能確保全球各據點都能做好萬全準備,以實踐永續生產,並將產品交付給客戶 ─ 同時堅守業界和美光的永續發展標準。

For more information, visit Sourcing Responsibly.

Sourcing Risk

Micron’s supply chain risk and resiliency program has global processes, tools and resources in place that we continue to mature and improve to ensure a resilient, compliant and sustainable supply chain.

For more information, read Sourcing Risk Management.

常見問與答

Download FAQs

Cybersecurity (15)
Does your company have a documented, and adhered to, information security program which is consistent with industry standards and best practices?

Yes. Micron leverages the NIST Cybersecurity Framework. For more information, please visit the NIST web site at: https://www.nist.gov/

Does your company have a formally adopted Information Security Policy that is communicated to employees on a periodic basis?

Yes. Micron has information security policies that are communicated to employees upon hire, and refresher training is required every 2 years thereafter.

Does your company perform security and vulnerability testing to assess network, system, and application security?

Yes. Micron performs targeted annual third-party penetration testing.

Does your company have a formal program in place for access control and identity management that follows industry best practices?

Yes. Micron has built its standards based on industry best practices to govern the identity of our team members and their access rights.

Are all data and system access rights assigned to individuals according to their documented responsibilities and the principle of least privilege (including by segregation in shared environments)?

Yes. Micron is aligned to industry best practices regarding least privilege access for our team members.

Are all user and privileged accounts, that are assigned to individuals, required to have strong passwords, password rotation, failed authentication locks, and session timeouts?

Yes. Micron leverages a privileged account management (PAM) system to manage Micron's privileged accounts.

Are there processes in place to ensure the immediate removal of badge and network/application/systems access for employees, contractors, and third parties upon termination, or when access is no longer required?

Yes. Micron has a separation process that involves several groups to ensure full and complete removal of access of departing individuals.

To preserve the confidentiality, integrity, and availability of data, does your company use industry standard cryptographic and key management techniques that include strong encryption of data across untrusted/public networks and, in the case of highly restricted data, at rest in all locations where data is stored?

Yes. Micron encrypts data at rest and in-transit.

Does your company have a formal incident response plan which follows industry best practices, has a formal notification process, and incorporates ongoing training, testing, and communication processes?

Yes. Micron has a formal incident response plan that follows industry best practices.

Does your company have a documented, and adhered to, risk management program which performs on-going risk identification, including third-party associated risks, and that incorporates mitigation efforts?

Yes. Micron has a risk management program that performs ongoing risk identification (internal risks, and those identified in our supply chain and third-party suppliers) and tracks mitigation efforts and their effectiveness.

Are employees, contractors, and third parties required to sign an NDA, or confidentiality agreement, as terms of employment?

Yes. All employees and contractors are required to sign an NDA.

Does your company have a formal change management program that follows industry standards and best practices to manage changes to the corporate infrastructure, systems, and applications? Does the change management program include testing, business impact analysis, and management approvals where appropriate?

Yes. Micron has a formal change management program based on the ITIL framework.

Does your company develop solutions that are designed using industry standard secure-coding practices (Examples: Microsoft’s Software Development Lifecycle, Digital Software Security Touchpoints, OWASP standards, or Sans Top 25), and is information security addressed throughout the development lifecycle?

Yes. Micron has a robust SDLC (Software Development Lifecycle) based on industry best practices and guidelines.

Is there a formal vulnerability monitoring process for operating systems, applications, and other IT infrastructure that has controls in place for identifying any security vulnerabilities, and that includes a patching process and remediation timeframes based on risk?

Yes. Micron has a formal vulnerability management program that continually identifies and patches any known vulnerabilities in our environment.

Are there approved security and hardening standards for network devices and controls in place (such as strong encryption methods) to ensure network devices are configured in accordance to these standards?

Yes. Micron has developed several reference architecture guidelines to ensure our environment is configured to least privileged access.

Physical Security (1)
Does Micron physically secure their facilities?
  • Yes. Micron locations have any combination of the following physical security treatments in place:
    • Access car readers
    • Security cameras
    • Border fencing
    • Metal detectors
    • X-ray machines
    • Restricted on-site camera usage
  • Other security measures performed by Security personnel include entrance screenings, patrolling, restricted area audits, passive and active monitoring via security cameras.
Logistics Security (1)
Does Micron ensure that product has not been tampered with from a security perspective?

Yes. To ensure product is not compromised, Micron uses a combination of physical site security measures and programs at the manufacturing site, the Finished Goods warehouse, with all qualified logistics providers, and depending on product type, there is even tamper-evident features included on the shipping packaging.

Business Continuity and Disaster Recovery (3)
Do you test your plans on a regular cadence?

Yes. Micron tests the plans each year.

Do you use authentic scenarios?

Yes. Micron tests with different scenarios (like earthquakes, cyber, labor, fires, typhoons, etc.) to make sure the plans are effective.

Does Micron use standard BC/CM/DR tests?

Yes. Micron uses a combination of tabletop, structured, and failover testing methods.

Process Risk Management (4)
Does Micron promote risk-based thinking within its team?

Yes. Our Quality Management System (QMS) processes are at the core of what we do at Micron to ensure end-to-end customer satisfaction and product quality. Promoting the use of Risk-Based Thinking throughout our QMS framework creates a global awareness of risk at any level of the organization, from a specific location to the entire corporation .

Does Micron perform process risk management?

Yes. Process risk management at Micron focuses on the identification of risk within the context of the organization, and the mitigation of what could potentially affect the intended outputs of our QMS processes.

Does Micron consider customer expectations when identifying process risk?

Yes. We look at the needs and expectations of our interested parties, and then determine factors that could impact our ability to meet the intended process outputs or our customers’ requirements. Identified risks are scored using industry best practices to determine the severity of the risks relative to process or company objectives. Mitigation plans are developed and implemented when necessary.

Is there a specific role or team at Micron who is accountable for process risk management?

Yes. QMS process owners are accountable for ensuring the process risk management activities are performed.

+
Powered by Translations.com GlobalLink OneLink SoftwarePowered By OneLink