| |
 |
In December 2004, the Ricoh Group
obtained unified Information Security Management System
(ISMS) certification for 91 Ricoh companies in Japan.
Group companies and business sites were then instructed
to fine-tune the know-how gained in the preparatory work
for ISMS certification to suit their day-today operations
in order to create secure enterprises.
In fiscal 2006, the Group was re-assessed for ISMS conformity
and successfully renewed its unified ISMS certification.
And Ricoh companies outside Japan continue to work hard
to obtain ISMS certification.
|
Group Companies
Outside Japan with
ISMS Certification |
 |
|
|
During fiscal 2006, 20 organizations
and 22 companies outside Japan applied for ISMS certification,
and the following were certified for the first time [Figure
1]:
Sales companies
REBV (Netherlands), RHU (Hungary), RUK (UK), RFR (France),
RNL (Netherlands), RBB (Belgium), NRGML (UK), NRGD (Netherlands),
NRGBenelux (Benelux), NRGI (UK-based company with operations
in a few countries), NRGItaly (Italy), NRGSouth-Africa
(South Africa), RA (Singapore), and RAP (Australia)
Manufacturing companies
REI (USA), RIF (France), RPL (UK), SRCB (China), RAI+REX
Shenzhen (China), SRF (China), RST (China), and RIL (Hong
Kong)
| Companies that obtained
ISMS certification in fiscal 2006 [Figure 1] |
![Companies that obtained ISMS certification in fiscal 2006 [Figure 1]](img/isms_img01.gif) |
|
ISMS certification
logos |
| |
 |
Sales companies in North America,
Central and South America and Europe and production and
logistics facilities in China are also planning to work
toward ISMS certification. Ricoh expects that a total
of around 150 Ricoh companies, including 91 in Japan and
22 outside Japan, which are already certified and subject
to reassessment every three years for renewal, will have
been brought under the unified ISMS certificate in fiscal
2007.
|
Encouraging Information
Security |
 |
|
|
Throughout the Ricoh Group, consistent
information security management that combines protecting privacy
and promoting ISMS is being carried out as a cross-organizational
endeavor.
Following the transformation of ISMS into the international standard
ISO 27001 in October 2005, the Group reviewed the standards and
Japanese domestic standards (JIS Q 27001) previously adapted.
The Group also applied for an ISMS assessment for extension and
for greater conformity.
In parallel, Ricoh conducted workshops to answer employees'
questions and to familiarize them with hands-on experiences of
departments.
|
Seminar attended by internal auditors |
| |
 |
It is the view at Ricoh that managers,
who are day-to-day leaders, play a very important role in implementing
ISMS. For this reason, Ricoh trains personnel to be able to guide
and put into practice "the prevention of incidents affecting
information security" and "the execution of the PDCA*
cycle in daily business operations." In fiscal 2006, 26 of
these seminars were carried out, attended by about 750 participants.
Information security depends, to a large extent, on individual
ethics and knowledge. The Ricoh Group considers employee education
a priority focus area, and offers a variety of ISMS-related education
and training courses in addition to those described above.
(Please refer to "Information Security
Education" for more details.)
| * |
Plan-Do-Check-Act - a management technique in which planning,
execution, evaluation and improvement steps are carried
out in turn. The improvement achieved in the previous
sequence leads to a new, higher level of planning, and
this encourages the maintenance of quality and gradual
achievement of quality-related improvements and ongoing
business improvements. |
Sharing Information
Security Levels |
|
|
|
|
Information security management structure at the Ricoh
Group |
| |
 |
The Ricoh Group is engaged in a
broad range of activities from research and development, design
and production to sales and servicing.
To maintain the security of the information assets held by the
Group, the information must be evaluated in terms of its value
and the level of management required. It must then be classified
either as "information assets whose management is to be relegated
to appropriate management units that have their information security
policies," or "information assets that are subject to
Group-wide, uniform security management policies."
A set of common security standards for all Ricoh Group companies
is being prepared by a committee whose members are from various
departments throughout the company. To be known as the Ricoh Group
Rules, these common standards are scheduled for implementation
in fiscal 2007.
As these efforts demonstrate, the Ricoh Group has launched many
initiatives to transform the Group into "a genuinely secure
enterprise," with ISMS certification the starting point.
The Group will step up its efforts in this area so that these
activities will become part of daily routines and will take root
in the workplace.
Screen displaying common standards
for information security
|
|
|
|
