DESIGN TOOLS
Company

Micron customer trust center

Valuing customers, earning trust and building strong relationships

Our commitment starts here

At Micron, we realize that addressing the challenges of today’s digital landscape requires steadfast commitment to protecting the trust relationship we have with our customers. We embrace the unpredictability and constant threat to cybersecurity by leveraging the industry standard NIST (National Institute of Standards and Technology) Cybersecurity Framework; ensuring our workforce is trained and ready for any kind of disruption.

We provide transparency about our privacy practices and ensure our customers understand the choices they have regarding their privacy rights and Personal Information.

Micron privacy notice

A comprehensive strategy for maintaining trust

Cybersecurity


At Micron, cybersecurity is structured based on the National Institute of Standards and Technology (NIST) Cybersecurity Framework, using it as a capability guide to appropriately staff functional categories for appropriate responses. Reviews of process, procedures, and capabilities are performed on an ongoing basis and incorporate elements of relevant cases.

Logistic Security


Micron is committed to ensuring the efficient flow of cargo by enhancing the integrity and security of Micron goods while in the global supply chain. To demonstrate this commitment, Micron holds certifications in C-TPAT (United States, Tier III) and the AEO (Japan, Taiwan, and China). Micron also works with distribution partners to implement international standards, such as TAPA, at warehousing operations.

Governance
Micron has current certifications in:

  • US C-TPAT and AEO programs in Japan, China, and Taiwan
  • ISO 9001/IATF 16949

Other internal standards leverage TAPA FSR-TSR protocols.

Physical Security


Micron has a corporate security team that employs industry standards and best practices to ensure the physical safety of our employees, products, and assets. Our Global Security Operations framework includes equal input from all sites, and demonstrates a ‘one mission’ posture to shape the direction and conduct of security globally through evaluation and partnership.

Governance
Micron follows the following standards:

  • ANSI/ASIS Security management Standard PAP-1 2012, Security Operations (Programs and Systems)
  • ANIS/SHRM Workplace Violence Prevention and Intervention WVPI.1-2011)
  • ANSI/ASIS Conformity Assessment and Auditing Management Systems of Private Security Operations PSC2-2012)
  • ASIS GDL FPSM-2009 Facilities Physical Security Measures Guideline)
  • ASIS Protection of Assets Manual (POA) 2014)

Business Continuity and Disaster Recovery


Business Continuity Plans, Crisis Management Plans, and Disaster Recovery Plans are in place today.

Governance
Micron’s BCP/CM/DR Program follows the industry standard, called the “All Hazards Approach". This means that Micron develops the plans to correctly assess impact, set cadence for meetings with SMEs, make recovery plans, and communicate them to the business and customers.

For more information, visit Business Continuity.

Process Risk Management


As part of our integrated Quality Management System (QMS), we promote risk-based thinking throughout our QMS. Team members are trained and guided in risk management concepts and execution to ensure that the needs and expectations of Micron’s interested parties are protected from risk at all levels of the organization. Risk-based thinking ensures that we consider risk and opportunity in a holistic manner, at all levels of our organization, and on a continual basis, to ensure the continuing suitability of our QMS to deliver its intended results.

Governance
Micron’s QMS is certified to:

  • ISO9001:2015
  • IATF16949:2016

For more information, visit Quality.

Sourcing Risk Management


Responsible Sourcing:
By communicating our expectations to our suppliers, we strive to have responsible supply chain practices replicated throughout our supply chain. By profiling and managing the relative risks of each of our strategic suppliers, we better ensure that our global operations are prepared for continuous production and product delivery to our customers — while upholding industry and Micron standards relating to sustainability.

For more information, visit Sourcing Responsibly.

Sourcing Risk:
Micron’s supply chain risk and resiliency program has global processes, tools and resources in place that we continue to mature and improve to ensure a resilient, compliant and sustainable supply chain.

For more information, read Sourcing Risk Management.

Information security at Micron

Micron Technology strives to ensure the best possible security for all of the company's assets, including products, processes, tools, intellectual property, privileged or confidential information. We are committed to addressing issues as they arise.

close-up shot of fingers typing on a laptop keyboard

Micron security resources

Frequently asked questions

Yes. Micron leverages the NIST Cybersecurity Framework. For more information, please visit the NIST web site at: https://www.nist.gov/

Yes. Micron has information security policies that are communicated to employees upon hire, and refresher training is required every 2 years thereafter.

Yes. Micron performs targeted annual third-party penetration testing.

Yes. Micron has built its standards based on industry best practices to govern the identity of our team members and their access rights.

Yes. Micron is aligned to industry best practices regarding least privilege access for our team members.

Yes. Micron leverages a privileged account management (PAM) system to manage Micron's privileged accounts.

Yes. Micron has a separation process that involves several groups to ensure full and complete removal of access of departing individuals.

Yes. Micron encrypts data at rest and in-transit.

Yes. Micron has a formal incident response plan that follows industry best practices.

Yes. Micron has a risk management program that performs ongoing risk identification (internal risks, and those identified in our supply chain and third-party suppliers) and tracks mitigation efforts and their effectiveness.

Yes. All employees and contractors are required to sign an NDA.

Yes. Micron has a formal change management program based on the ITIL framework.

Yes. Micron has a robust SDLC (Software Development Lifecycle) based on industry best practices and guidelines.

Yes. Micron has a formal vulnerability management program that continually identifies and patches any known vulnerabilities in our environment.

Yes. Micron has developed several reference architecture guidelines to ensure our environment is configured to least privileged access.

  • Does Micron physically secure their facilities?
    Yes, Micron locations have any combination of the following physical security treatments in place:
    - Access car readers
    - Security cameras
    - Border fencing
    - Metal detectors
    - X-ray machines
    - Restricted on-site camera usage
    - Other security measures performed by Security personnel, which include entrance screenings, patrolling, restricted area audits, passive and active monitoring via security cameras
  • Does Micron ensure that product has not been tampered with from a security perspective?
    Yes. To ensure product is not compromised, Micron uses a combination of physical site security measures and programs at the manufacturing site, the Finished Goods warehouse, with all qualified logistics providers, and depending on product type, there is also tamper-evident features included on the shipping packaging.
  • Do you test your plans on a regular cadence?
    Yes. Micron tests the plans each year.
  • Do you use authentic scenarios?
    Yes.  Micron tests with different scenarios (like earthquakes, cyber, labor, fires, typhoons, etc.) to make sure the plans are effective.
  • Does Micron use standard BC/CM/DR test?Yes. Micron uses a combination of tabletop, structured, and failover testing methods.
    Yes. Micron uses a combination of tabletop, structured, and failover testing methods.
     
  • Does Micron promote risk-based thinking within its team?
    Yes. Our Quality Management System (QMS) processes are at the core of what we do at Micron to ensure end-to-end customer satisfaction and product quality. Promoting the use of Risk-Based Thinking throughout our QMS framework creates a global awareness of risk at any level of the organization, from a specific location to the entire corporation.
  • Does Micron perform process risk management?
    Yes. Process risk management at Micron focuses on the identification of risk within the context of the organization, and the mitigation of what could potentially affect the intended outputs of our QMS processes.
  • Does Micron consider customer expectations when identifying process risk?
    Yes. We look at the needs and expectations of our interested parties, and then determine factors that could impact our ability to meet the intended process outputs or our customers’ requirements. Identified risks are scored using industry best practices to determine the severity of the risks relative to process or company objectives. Mitigation plans are developed and implemented when necessary.
  • Is there a specific role or team at Micron who is accountable for process risk management?
    Yes. QMS process owners are accountable for ensuring the process risk management activities are performed.

Related links