| |
 |
ISMS Cases 3. Ricoh Sales Co., Ltd. (Sales Company
in Japan)
|
Ricoh Sales Co., Ltd. is a documents-focused
solutions and service provider, selling Ricoh products and providing
aftersales assistance. The entire company, which is committed to
developing information security systems that customers can trust,
and to delivering peace of mind and security, worked toward and
successfully obtained ISMS certification. The day-to-day practice,
to keep the employees' awareness of security high and to reinforce
the security-oriented culture, is explained below.
Focusing on Human
Elements |
 |
|
|
|
Three action areas for
stronger security |
| |
 |
Information security measures at Ricoh Sales
are anchored on three key groups of factors: physical, technological
and human. It should be noted that there is no such thing as a 100%
fail-safe IT security measure. Also, from the corporate management
point of view, cost effectiveness must be considered when selecting
these measures. After concentrating on these points, Ricoh Sales
turned its focus to human factors. It came to the conclusion that,
in regard to information security measures, it is crucial to foster
a culture that says "no" to wrongdoing and to develop a mechanism
that prevents employees from doing wrong. In the same way, measures
to increase individuals' commitment to compliance are crucial
in the protection of customers' privacy.
For a culture that says "no" to wrongdoing, the challenge
is to instill in the workplace a climate where leaking information
and other misconduct cannot possibly take place, and such things
are never tolerated. To help foster this culture, Ricoh Sales uses
easy-to-understand education approaches to familiarize employees
with ISMS policies and standards that employees must comply with.
At the same time, daily management includes applying the "Clear
Desk" and "Clear Screen"1 rules and rules concerning PC
operations.
In addition, information security activities have been on the management
agenda for MQ-UP,2 a company-wide, long-standing endeavor. Along
with other items on the agenda, it is subject to monthly self-checks.
Results of the checks are counted up and reported to the committee
as business management issues. The results are then reflected in
the development of new measures and mechanisms.
The effort of Ricoh Sales to create a culture that says "no"
to wrongdoings is based on the PDCA cycle. The effort requires the
participation of every person in the company from senior management
to rank-and-file members. Developing a mechanism that does not permit
any wrongdoing involves creating solid information systems that
don't yield to any malicious attack on the information the company
holds by employees or third parties, and it requires strictly implementing
rules. Details on this mechanism are not elaborated on here due
to space limitations.
| 1 |
An information security initiative
requiring employees to lock their PCs and clear their desks
when stepping out of the office. |
| 2 |
MQ-UP (Management Quality-Up) is designed
to boost the quality of corporate management with the goal
of improving the quality of the corporation so that it remains
worthy of customers' trust. The initiative is carried
out across the organization primarily by marketing/sales
divisions and companies of the Ricoh Group. It is a corporate
reform undertaking that addresses, in addition to information
security, a broad range of topics including compliance,
management quality, and environmental protection. |
| Pages displaying the MQ-UP
(Management Quality Up) self-checks |
 |
New Work Style
in Practice |
|
|
|
Having put in place technological measures
to ensure information security, Ricoh Sales now faces the great
challenge of controlling information in hardcopy formats, which
exists throughout the offices. To address this issue, Ricoh Sales
enforces the "Clear Desk" and "Clear Screen" rules to
alleviate the risk of information divulging, promotes the "paperless
state" to reduce unnecessary hard-copy output containing information,
and encourages conversion into electronic data for easy control.
These steps have an impact that goes far beyond information security,
as they also contribute significantly to the environment. Positive
benefits such as these, combined with the additional advantage of
reduced space and printing costs, allow the initiatives to be rightfully
called "work-style reform," so there are three types of positive
effects. To demonstrate these initiatives in action, Ricoh Sales
created "live offices" called "ViCreA."3
| 3 |
ViCreA stands for Value Innovation
Creative Area. |
|
"ViCreA" live office |
| |
 |
ViCreA is a series of business offices where
the members of the office demonstrate, through their actions, initiatives
to meet the challenges of work-style reform. Open to the public,
ViCreA live offices are located at 18 Ricoh Sales locations, in
addition to ViCreA Central at Ricoh Sale's head office, as described
below.
Because the environment surrounding security constantly changes,
reviews must be conducted on an ongoing basis. It is crucial to
put into action measures that can trigger spiraling-up effects from
the PDCA cycle. It is also important to launch measures considered
realistic and feasible in view of time and monetary constraints
and organizational culture. Ricoh Sales, with its renewed commitment,
continues to implement measures for better information security.
Map of ViCreA locations
 |
|
|
|
|
