Quality and Safety

Quality and Safety

Quality is an integral part of Mercury’s business principles. While quality is first and foremost about best-in-class products, it is also about delivering on our Mercury Assured Promise of earnestly combining our unique Culture, Values and Vision to turn ideas into results for our customers, delivering trusted and secure solutions at the speed of innovation. In addition, Mercury knows that our people are our most valuable asset and is committed to providing a safe and healthy workplace for all of our team members, contractors, visitors and the public. 

Our Quality Policy

We deliver what we promise, when we promise it, and what we deliver meets customer expectations.

How do we accomplish this? 

• By engaging our external customers and listening to what they tell us
• By establishing and meeting Quality objectives for products and processes that are based on customers' expectations
• By providing hardware, software and service solutions that function as described and are delivered on time
• By monitoring and measuring the results vs. objectives and taking action when they are not met
• By continuously improving the effectiveness of our Quality System
   

Mercury Systems locations registered to the following Quality Management Systems Standards

Alpharetta, GA: ISO 9001:2015 (pdf)
Andover, MA: ISO 9001:2015 and AS9100:2016 (pdf)
Chantilly, VA: ISO 9001:2015 and AS9100:2016 (pdf)
Cypress, CA: ISO 9001:2015 and AS9100:2016 (pdf)
Duluth, GA: ISO 9001:2015 and AS9100:2016 (pdf)
Fremont, CA: ISO 9001:2015 (pdf)
Hudson, NH: ISO 9001:2015 and AS9100:2016 (pdf)
Huntsville, AL:
Mercury Defense Systems - AS9100:2016 (pdf)
Embedded Sensor Processing - ISO 9001:2015 and AS9100:2016 (pdf)
Mesa, AZ: AS9100D and ISO 9001:2015 (pdf)
Oxnard 300 Del Norte, CA: ISO 9001:2015 and AS9100:2016 (pdf)
Oxnard, 400 Del Norte, CA: ISO 9001:2015 and AS9100:2016 (pdf)
Phoenix, AZ - MSS: ISO 9001:2015 and AS9100:2016 (pdf) 
Phoenix, AZ - USMO: ISO 9001:2015 and AS9100:2016 (pdf)
Phoenix, AZ - USMO: IPC 1791 Qualified Manufacturer’s Listing (pdf)
West Caldwell, NJ: ISO 9001:2015 and AS9100:2016 (pdf)
West Lafayette, IN: ISO 9001:2015 and AS9100:2016 (pdf)
Geneva, Switzerland: ISO 9001:2015 and AS9100:2016 (pdf)
Madrid, Spain: ISO 9001:2015 (pdf)
Reading, United Kingdom: ISO 9001:2015 and AS9100:2016 (pdf)

Safety 

We are committed to providing a safe and healthy work environment that protects our people, customers, vendors and the public from injury. Team members at every level are responsible and accountable for our safe operations and safety program. Complete and active participation by everyone, every day, in every job is necessary to ensure our safety. 

We have adopted internal health and safety policies. It’s the responsibility of management to adhere to these standards in the design and implementation of our policies, procedures, work instructions and daily practices. It is the responsibility of every team member to protect his or her own health and safety by working in compliance with the law and by following company policy. 

Many national and local laws protect employees from unsafe working conditions. These laws differ among different jurisdictions and subject matter. We expect our team members and vendors to respect and comply with these legal protections. 

Our OSHA injury rate data for our sites in the U.S. is reported below for the three most recent calendar years. 

Cyber and Industrial Security 

In the past decade, intelligence collection and information theft by adversaries all over the globe has emerged as a growing threat. At the same time, our robust investment in research and development has led to the generation of substantial intellectual property. As we continue to innovate, acquire new companies and develop new capabilities, we expect to continue to benefit from an increase in outsourced subsystem development work by our prime defense contractor customers and U.S. government customers.

As our customers have entrusted us with more of their data, and with our rapid growth in the aerospace and defense (A&D) space, our visibility has increased. Our growing presence reinforces the importance of our commitment to ensuring the highest standard of security practices. Specifically, with our increased prominence, nation-state adversaries have taken note of our role in the defense supply chain. Concurrently, as the defense primes have strengthened their security posture, the next tier of the defense supply chain has been identified as a potential weaker link that nation-states look to compromise. Further, as we have seen on numerous occasions in the media, successful cyberattacks can have severe negative impacts on a business’ reputation with key stakeholders, including customers and investors.

To mitigate risk of compromise and reputation risk, we have heightened our focus on implementing processes that reliably safeguard information, identify malicious activity and educate our workforce. With the cyber landscape continually changing, and new threats appearing daily, a strong team and scalable architecture with layers of defenses is critical to defending valuable data.

Given our rapid organic and inorganic growth, we have paid particular attention to developing processes to mitigate risks of acquiring and integrating new companies along with their employees and systems into our systems and protocols.

We are also aware that we have a downstream responsibility, as demonstrated in our efforts to evaluate the next tier of our supply chain, to help suppliers secure their systems and processes.

Our good work has been recognized and we remain committed to modeling industry best practices:

• Cybersecurity Audit. After a comprehensive third-party audit in 2019, Mercury received a letter of assurance confirming it has satisfactory controls in place for 100% of the cybersecurity requirements of the Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7012 and the National Institute of Standards and Technology Special Publication (NIST SP) 800-171A. The five-week assessment, conducted by Cytellix Corporation, the cybersecurity division of Information Management Resources Inc., established that Mercury implemented satisfactory controls and complied with all 110 information protection requirements. Ensuring these regulations flow through the entire supply chain is critical to the success of the DFARS/NIST cybersecurity initiative, which is quickly becoming a mandatory requirement for winning new defense contracts. Mercury is one of a small percentage of companies that have received objective verification of having a “complete” cybersecurity controls program in place, demonstrating its commitment to helping its customers meet their trusted supply chain requirements.

• Industrial Security Award. We have deployed and have been relying upon a best-in-class industrial security program as evidenced by superior ratings from the U.S. Defense Counterintelligence and Security Agency (DCSA). DCSA has recognized four of Mercury’s facilities with the James S. Cogswell Outstanding Industrial Security Achievement Award over the last several years. The Cogswell Award is the most prestigious honor that the DCSA can bestow to a U.S.-cleared company. Less than 1% of the 13,000+ cleared contractor facilities in the National Industrial Security Program receive this award annually. The Cogswell Award is based on many factors, including dedication to education and training programs, management support, security staff experience, and most importantly, the employees of a company. This award is a testament to our corporate commitment and the best practices of all Mercury team members for their unwavering support of our nation’s security. Mercury’s facilities in Andover, Massachusetts; Hudson, New Hampshire; West Lafayette, Indiana; and Phoenix, Arizona, have all received Cogswell awards. 

Acquisitions and Growth

We are continuously searching for ways to improve the security posture of the Mercury network, especially given our strategic growth objectives, which include a continued and rapid pace of acquiring companies and capabilities. As a result, we remain focused on mitigating risks associated with the acquisition of new companies and employees.

We perform a full security assessment of the acquired company prior to connecting it to our network. The acquired company will be integrated with standard Mercury network hardware, end-user devices, business applications and engineering tools. Our One Mercury approach ensures that we are not jeopardizing our security posture for the sake of business growth.

Insiders represent a challenging threat to defend. We are continually evaluating new technologies to help detect abnormal behavior of those who access our network on a daily basis. We leverage third-party resources so that between Mercury IT personnel and third parties we monitor our network 24/7.

Downstream Responsibility

We also continue to look at the next tier of the supply chain, evaluate their maturity and help those suppliers take affordable steps to make them more secure.

DCSA has recognized cybersecurity as the base of defense base security. Signs point toward defense suppliers being rated, similar to a credit rating, on their ability to protect customer assets and deliver products uncompromised under a Cybersecurity Maturity Model Certification framework.

Training

As the cyber threat landscape evolves so has our user training. We leverage the latest threat intelligence and vendor content to ensure our user training and anti-phishing campaigns represent the current threats our employees are likely to encounter. We routinely test our workforce through simulated phishing campaigns, including corrective action instructions for employees who click on links in the simulated attacks.