Quality and Safety
Quality is an integral part of Mercury’s business principles. While quality is first and foremost about best-in-class products, it is also about delivering on our Mercury Assured Promise of earnestly combining our unique Culture, Values and Vision to turn ideas into results for our customers, delivering trusted and secure solutions at the speed of innovation. In addition, Mercury knows that our people are our most valuable asset and is committed to providing a safe and healthy workplace for all of our team members, contractors, visitors and the public.
| CLICK TO JUMP DOWN TO CONTENT |
|---|
| Our Quality Policy |
| Safety |
| Cyber and Industrial Security |
Our Quality Policy
Mission Assurance is at the heart of Mercury Systems—we are committed to delivering trusted, high-performance solutions that meet all requirements, on time, every time.
We will achieve this by:
- Aligning Quality Culture with Strategic Goals — Ensuring our Quality Culture supports our policies, vision, mission, values, business objectives, and Mercury's strategy.
- Driving Operational Excellence — Developing innovative, reliable, and secure solutions that meet Aerospace & Defense industry needs.
- Proactively Managing Risk — Identifying and mitigating risks to enhance product integrity, reliability, product safety and informational security.
- Fostering a Culture of Quality and Accountability — Encouraging all employees to embrace and integrate Quality into everything they do.
- Continuously Improving Performance — Leveraging data-driven insights to optimize processes, measure success, and drive innovation.
Mercury Systems locations registered to the following Quality Management Systems Standards
- Alpharetta, GA: ISO 9001:2015 and AS9100:2016 (pdf)
- Andover, MA: ISO 9001:2015 and AS9100:2016 (pdf)
- Chantilly, VA: ISO 9001:2015 and AS9100:2016 (pdf)
- Cypress, CA: ISO 9001:2015 and AS9100:2016 (pdf)
- Gulf Breeze, FL: ISO 9001:2015 and AS9100:2016 (pdf)
- Hudson, NH: ISO 9001:2015 and AS9100:2016 (pdf)
- Huntsville, AL: ISO 9001:2015 and AS9100:2016 (pdf)
- Marriottsville, MD: ISO 9001:2015 (pdf)
- Oxnard, CA: ISO 9001:2015 and AS9100:2016 (pdf)
- Peachtree Corners, GA: ISO 9001:2015 (pdf)
- Phoenix, AZ: Defense Microelectronics Activity accreditation from the Department of Defense (pdf)
- DMM - ISO 9001:2015 and AS9100:2016 (pdf)
- Platform Systems - AS9100D and ISO 9001:2015 (pdf)
- USMO - ISO 9001:2015 and AS9100:2016 (pdf)
- Torrance, CA:
- ISO 9001:2015 and AS9100D (pdf)
- CMMI-DEV v2.2 (pdf)
- Upper Saddle River, NJ: ISO 9001:2015 (pdf)
- West Caldwell, NJ: ISO 9001:2015 and AS9100:2016 (pdf)
- Geneva, Switzerland:
- Madrid, Spain
- Reading, United Kingdom: ISO 9001:2015 and AS9100:2016 (pdf)
Additional Certifications
Mercury IPC Membership Certificate
- Hudson, NH:
- Phoenix, AZ - USMO:
Safety
We are committed to providing a safe and healthy work environment that protects our people, customers, vendors and the public from injury. Team members at every level are responsible and accountable for our safe operations and safety program. Complete and active participation by everyone, every day, in every job is necessary to ensure our safety.
We have adopted internal health and safety policies. It’s the responsibility of management to adhere to these standards in the design and implementation of our policies, procedures, work instructions and daily practices. It is the responsibility of every team member to protect his or her own health and safety by working in compliance with the law and by following company policy.
Many national and local laws protect employees from unsafe working conditions. These laws differ among different jurisdictions and subject matter. We expect our team members and vendors to respect and comply with these legal protections.
Our OSHA injury rate data for our sites in the U.S. is reported below for the three most recent calendar years.
|
|
|||||
|
Calendar Year
|
# of recordable cases
|
# of employee labor hours worked
|
OSHA recordable incident rate
|
Incidents with lost days/ restricted days/ transferred
|
DART Rate
|
|
2024
|
5
|
4,236,400
|
0.24
|
1
|
0.05
|
|
2023
|
7
|
4,051,487
|
0.34
|
1
|
0.04
|
|
2022
|
6
|
3,670,370
|
0.32
|
0
|
0.00
|
Additionally, there have been zero fatalities at our sites in calendar years 2021, 2022, and 2023.
Cyber and Industrial Security
In the past decade, our robust investment in research and development has led to the generation of a substantial amount of intellectual property. As we continue to innovate, acquire new companies and develop new capabilities, we expect to continue to benefit from an increase in outsourced subsystem development work by our prime defense contractor customers and U.S. government customers. At the same time, intelligence collection and information theft by malicious adversaries globally is emerging as a fast-growing common threat.
Scaling and effectively managing our risk portfolio will be a priority as growth continues in the A&D sector, maintaining trust with our customers and keeping their data secure. That growth reinforces our commitment to maintaining regulatory compliance and industry best practices. Specifically, we are aware that nation-state adversaries continually seek to gain insights and compromise the defense supply chain, and have observed on numerous occasions with other companies the severe negative impacts that successful security attacks can have on a business’ reputation with key stakeholders, including customers and investors.
Mercury's executive leadership team has tasked our Information Technology, Cybersecurity and Security teams with the responsibility for developing, maintaining and communicating a comprehensive security strategy to:
- establish a framework that ensures the principles of confidentiality, integrity, and availability of our information resources;
- ensure compliance with applicable statutory, regulatory and contractual compliance obligations, such as the Securities and Exchange Commission's Sarbanes-Oxley Act and the Department of Defense's Cybersecurity Maturity Model Certification (CMMC);
- implement adequate administrative and technical safeguards to protect our information resources and reduce cybersecurity risk;
- implement adequate administrative and technical safeguards to protect our information resources and reduce cybersecurity risk; and
- implement physical safeguards and training programs to ensure continuous education of our workforce.
With the global cyber landscape continually changing, and new threats appearing daily, a dedicated team and scalable architecture with layers of defenses is critical to defending valuable data entrusted to us. We are also aware that we have a downstream responsibility to help suppliers secure their systems and processes, as demonstrated in our efforts to evaluate and assist the next tier of our supply chain. We continue to mature our third party management practices to assess supplier cybersecurity practices and have engaged a third party to ensure suppliers’ readiness to meet regulatory requirement. Our mission is for Mercury and our suppliers to successfully obtain CMCC certification.
We have also invested and paid particular attention to developing processes to mitigate risks of acquiring and integrating new companies along with their employees and systems into our systems and protocols. We remain committed to continue modeling based on industry best practices.
We have insurance policies that cover us in the event of certain types of information security breaches.
Our diligent work on our security has been consistently recognized through audits and awards:
- Cybersecurity Audit. After a comprehensive third-party audit, Mercury received a letter of assurance confirming it has satisfactory controls in place for cybersecurity requirements of the Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7012 and the National Institute of Standards and Technology Special Publication (NIST SP) 800-171. The five-week assessment established that Mercury implemented satisfactory controls and is compliant with all 110 controls. Additionally, Mercury has earned a NIST SP 800-171 High Assessment from the Defense Industrial Base Cyber Security Assessment Center (DIBCAC). Ensuring these regulations flow through the entire supply chain is critical to the success of the DFARS/NIST cybersecurity initiative. Mercury has received objective verification of having a “complete” cybersecurity controls program in place, demonstrating its commitment to helping its customers meet their trusted supply chain requirements.
- Industrial Security Awards. We have deployed and have been relying upon a best-in-class industrial security program as evidenced by being recognized by the Defense Counterintelligence Security Agency (DCSA) with the James S. Cogswell Outstanding Industrial Security Achievement Award over the last several years. The Cogswell Award is the most prestigious honor that the DCSA can bestow to a U.S.-cleared company. Less than 1% of the 13,000+ cleared contractor facilities in the National Industrial Security Program receive this award annually. The Cogswell Award is based on many factors, including dedication to education and training programs, management support, security staff experience, and most importantly, the employees of a company. This award is a testament to our corporate commitment and the best practices of all Mercury team members for their unwavering support of our nation’s security.
Downstream Responsibility
We continue to look at the next tier of the supply chain, evaluate their maturity and help those suppliers take affordable steps to make them more secure.
Training
We regularly train our employees about industrial and cybersecurity matters, with enhanced training for employees in special positions. We leverage the latest threat intelligence and vendor content to ensure our user training and anti-phishing campaigns represent the current threats our employees are likely to encounter. We routinely test our workforce through simulated phishing campaigns, including corrective action instructions for employees who click on links in the simulated attacks.