| |
 |
ISMS Cases 1. Tohoku Ricoh Co., Ltd. (Manufacturing
Company in Japan)
|
Tohoku Ricoh has instituted "patrolling
by the company head." The head of the company leads the initiative
by personally patrolling the worksite to make information security-related
diagnoses. This section introduces a variety of Tohoku Ricoh's
initiatives that help daily ISMS management take root as part of
its routines.
Tohoku Ricoh: An
Overview |
 |
|
|
|
View of Tohoku Ricoh |
| |
 |
Established in 1967 in Miyagi Prefecture's
Shibata-machi as a manufacturing arm of Ricoh, Tohoku Ricoh is engaged
in planning, development, manufacturing and sales of office automation
devices, bar-code system devices and electronic devices. Of special
note is its digital duplicator, which is manufactured based on end-to-end
synchronized production of parts, units and finished products for
improved productivity.
Course of Events
Leading to ISMS Certification |
|
|
|
In January 2004, preparations began primarily
by the members of the Information Security Committee, who launched
activities to build ISMS, including the identification of information
assets, risk assessments, education for all employees and specification
of rules. Tohoku Ricoh was awarded ISMS unified certification in
December 2004. To achieve information security in day-to-day tasks,
it is implementing activities to make ISMS part of daily business
operations and become part of routines.
For information security, thorough day-to-day
management and ongoing activities to bring improvements are the
two crucial factors. As a corporate citizen and member of the information
network society, Tohoku Ricoh believes that ISMS, of the many management
platforms the company uses, is an essential and integral element
of its CSR management. Based on this belief, it has launched activities
that are driven by "safety and health concerns" and "ISMS
concerns."
(1) Departmental patrolling
An Information Security Committee has been
established to promote the implementation of ISMS in daily practice.
This committee is headed by the Chief Information Security Officer
(CISO) and composed of members nominated by the respective departments.
It performed risk assessments and came up with "six key factors
affecting management" and "15 basic rules," to elevate
the security level company-wide and to encourage the implementation
of ISMS in daily routines.
As part of its efforts to ensure compliance with the basic rules,
monthly patrolling is carried out individually by departments. The
members responsible for implementing ISMS make visual inspections
and interview members of each department to confirm the state of
compliance. Remarks by inspectors, as well as postinspection improvements
carried out by departments, are reported to the Committee, which
then shares the information. Initially, remarks predominantly concerned
the basics. But in fiscal 2006 the number of recommendations for
improvement by the members responsible for the promotion of ISMS
and reports of information security-related weaknesses discovered
by employees grew, signifying a higher level of employee awareness.
Looking ahead, Tohoku Ricoh is in a position to further enhance
information security efforts through departmental patrolling and
through the conventional PDCA-based management cycle carried out
by individual departments.
(2) Patrolling by the company head
|
The head of Tohoku Ricoh
patrolling the worksite |
| |
 |
In addition to the departmental patrolling,
Tohoku Ricoh's head personally and regularly patrols the worksite.
To confirm and verify the state of compliance with the basic rules,
this patrolling provides visual inspections of the worksite to:
(1) review remarks made during previous patrolling and subsequent
improvements achieved, (2) check the state of progress relative
to annual goals, (3) confirm specific actions to be taken in the
next fiscal year, and (4) evaluate the state of progress of ISMS
promotion activities in daily practice. He also directly interviews
employees to determine the state of implementation and their levels
of awareness. Through these inspections, full compliance with basic
matters has already been confirmed.
Furthermore, Tohoku Ricoh strives to improve the coordination of
PDCA cycles between the departments of Tohoku Ricoh and those of
the Ricoh Group. Although the PDCA cycle has been in use since departmental
patrolling was introduced, Tohoku Ricoh is aware that some additional
mechanisms are needed to facilitate the use of the PDCA cycle by
individual departments [Figure 1].
ISMS and CP Management Cycle
(PDCA for activities aimed at bringing improvements) [Figure
1] |
![ISMS and CP Management Cycle(PDCA for activities aimed at bringing improvements) [Figure 1]](img/case1_im01.gif) |
In past creation and implementation stages
of ISMS, Tohoku Ricoh emphasized "full execution of risk management
(social responsibility and prevention of incidents)," emphasizing
confidentiality. In the current stage of the implementation and
promotion of ISMS, Tohoku Ricoh also stresses information use and
its application toward business growth (greater trust accorded by
society, contribution to business activity, and ongoing improvements).
The Ricoh Group stresses (1) participation by all employees, (2)
daily management and ongoing improvements, and (3) in-house application
of ISMS to manage information security. Tohoku Ricoh's management
practice conforms to these underlying approaches. Additionally,
attempts are made to skillfully use and apply IT to promote ISMS
and to present the applications to customers.
As the awareness of information security grows, the need for products
with built-in ISMS features is also on the rise, along with the
planning for such products. To address this need, Tohoku Ricoh developed
a new product* that reflects the desire to reduce hard-copy outputs.
On sale through Ricoh and Ricoh Group sales companies since March
2007, the product can also help bring about the paperless state,
which Tohoku Ricoh promotes as part of its campaigns to encourage
information use and reduce risks associated with hard-copy documents.
Looking forward, the company plans to step up its in-house risk
management and information-use efforts, while being sensitive to
the balance between information security and information use.
| * |
Satelio DUO Series: A newly released product and the first
digital duplicator featuring automated, high-speed two-sided
printing (printing speed of 240 pages per minute (or 120
sheets in double-sided printing) on A4 or B5 paper.) |
|
|
|
|
