Valuing Customers, Earning Trust, and Building Strong Relationships
At Micron, we realize that addressing the challenges of today’s digital landscape requires steadfast commitment to protecting the trust relationship we have with our customers.
We embrace the unpredictability and constant threat to cybersecurity by leveraging the industry standard NIST (National Institute of Standards and Technology) Cybersecurity Framework; ensuring our workforce is trained and ready for any kind of disruption.
We provide transparency about our privacy practices and ensure our customers understand the choices they have regarding their privacy rights and Personal Information. See the Micron Privacy Notice for more information.
Our global cybersecurity organization initiated its response plan as soon as the industry-wide open-source Apache Log4j2 vulnerability was made public and immediately began assessing our environment to determine actual risk. We have taken additional measures to ensure that our systems and customer information are protected from this vulnerability, and we continue to diligently monitor, assess and enhance our measures over time.
At Micron, cybersecurity is structured based on the National Institute of Standards and Technology (NIST) Cybersecurity Framework, using it as a capability guide to appropriately staff functional categories for appropriate responses. Reviews of process, procedures, and capabilities are performed on an ongoing basis and incorporate elements of relevant cases.
Micron is committed to ensuring the efficient flow of cargo by enhancing the integrity and security of Micron goods while in the global supply chain. To demonstrate this commitment, Micron holds certifications in C-TPAT (United States, Tier III) and the AEO (Japan, Taiwan, and China). Micron also works with distribution partners to implement international standards, such as TAPA, at warehousing operations.
Governance:
Micron has current certifications in:
Other internal standards leverage TAPA FSR-TSR protocols.
Micron has a corporate security team that employs industry standards and best practices to ensure the physical safety of our employees, products, and assets. Our Global Security Operations framework includes equal input from all sites, and demonstrates a ‘one mission’ posture to shape the direction and conduct of security globally through evaluation and partnership.
Governance:
Micron follows the following standards:
Business Continuity Plans, Crisis Management Plans, and Disaster Recovery Plans are in place today.
Governance:
Micron’s BCP/CM/DR Program follows the industry standard, called the “All Hazards Approach". This means that Micron develops the plans to correctly assess impact, set cadence for meetings with SMEs, make recovery plans, and communicate them to the business and customers.
For more information, visit Business Continuity.
As part of our integrated Quality Management System (QMS), we promote risk-based thinking throughout our QMS. Team members are trained and guided in risk management concepts and execution to ensure that the needs and expectations of Micron’s interested parties are protected from risk at all levels of the organization. Risk-based thinking ensures that we consider risk and opportunity in a holistic manner, at all levels of our organization, and on a continual basis, to ensure the continuing suitability of our QMS to deliver its intended results.
Governance:
Micron’s QMS is certified to:
For more information, visit Quality.
Responsible Sourcing
By communicating our expectations to our suppliers, we strive to have responsible supply chain practices replicated throughout our supply chain. By profiling and managing the relative risks of each of our strategic suppliers, we better ensure that our global operations are prepared for continuous production and product delivery to our customers — while upholding industry and Micron standards relating to sustainability.
For more information, visit Sourcing Responsibly.
Sourcing Risk
Micron’s supply chain risk and resiliency program has global processes, tools and resources in place that we continue to mature and improve to ensure a resilient, compliant and sustainable supply chain.
For more information, read Sourcing Risk Management.
Yes. Micron leverages the NIST Cybersecurity Framework. For more information, please visit the NIST web site at: https://www.nist.gov/
Yes. Micron has information security policies that are communicated to employees upon hire, and refresher training is required every 2 years thereafter.
Yes. Micron performs targeted annual third-party penetration testing.
Yes. Micron has built its standards based on industry best practices to govern the identity of our team members and their access rights.
Yes. Micron is aligned to industry best practices regarding least privilege access for our team members.
Yes. Micron leverages a privileged account management (PAM) system to manage Micron's privileged accounts.
Yes. Micron has a separation process that involves several groups to ensure full and complete removal of access of departing individuals.
Yes. Micron encrypts data at rest and in-transit.
Yes. Micron has a formal incident response plan that follows industry best practices.
Yes. Micron has a risk management program that performs ongoing risk identification (internal risks, and those identified in our supply chain and third-party suppliers) and tracks mitigation efforts and their effectiveness.
Yes. All employees and contractors are required to sign an NDA.
Yes. Micron has a formal change management program based on the ITIL framework.
Yes. Micron has a robust SDLC (Software Development Lifecycle) based on industry best practices and guidelines.
Yes. Micron has a formal vulnerability management program that continually identifies and patches any known vulnerabilities in our environment.
Yes. Micron has developed several reference architecture guidelines to ensure our environment is configured to least privileged access.
Yes. To ensure product is not compromised, Micron uses a combination of physical site security measures and programs at the manufacturing site, the Finished Goods warehouse, with all qualified logistics providers, and depending on product type, there is even tamper-evident features included on the shipping packaging.
Yes. Micron tests the plans each year.
Yes. Micron tests with different scenarios (like earthquakes, cyber, labor, fires, typhoons, etc.) to make sure the plans are effective.
Yes. Micron uses a combination of tabletop, structured, and failover testing methods.
Yes. Our Quality Management System (QMS) processes are at the core of what we do at Micron to ensure end-to-end customer satisfaction and product quality. Promoting the use of Risk-Based Thinking throughout our QMS framework creates a global awareness of risk at any level of the organization, from a specific location to the entire corporation .
Yes. Process risk management at Micron focuses on the identification of risk within the context of the organization, and the mitigation of what could potentially affect the intended outputs of our QMS processes.
Yes. We look at the needs and expectations of our interested parties, and then determine factors that could impact our ability to meet the intended process outputs or our customers’ requirements. Identified risks are scored using industry best practices to determine the severity of the risks relative to process or company objectives. Mitigation plans are developed and implemented when necessary.
Yes. QMS process owners are accountable for ensuring the process risk management activities are performed.
