Information security overview

To be a company that society wishes to grow and develop

In the future, companies will need to fulfill their responsibilities to society while at the same time increasing corporate value and generating profits, their original role as a corporation. Continuous growth and development of a company cannot be achieved without the sustainable growth and development of society. As a corporate citizen, the Ricoh Group recognizes that fulfilling our social responsibility is fundamental to our management, and we aim to enhance our corporate value by simultaneously creating economic value and fulfilling our social responsibility.

We believe that information security is essential for the Ricoh Group, whose business domain is in the field of information, to be able to deliver products and services that customers can use with peace of mind. Thus, the Ricoh Group formulated the "Ricoh Group Information Security Basic Policy" and the "Information Security Basic Policy for Products and Services" and ensures that these policies are fully known throughout the Group. In addition, we have positioned our information security efforts as an activity in which all employees participate, promoting day-to-day management and continuous improvement at worksites and on the front lines of business. And based on those, we practice active in-house use of our own products and services to provide value to our customers.

Conceptual overview of the Ricoh Group’s information security

Ricoh Group Information Security Basic Policy

1. Establishment of an information security management organization

Each organizational leader establishes a system to allow that organization to implement optimal information security management.

2. Creation of an information security policy and management based on that

Each organization creates a security policy based on the value of its information assets and manages day-to-day operations by applying policy-based control measures.

3. Deployment of cross organizational units

Cross organizational units will be deployed for the purpose of optimally operating information security management at the Ricoh Group.

4. Provision of information security training

Proper training will be provided to all employees and business partners in order to have security requirements thoroughly known and understood.

5. Audit and improvement

Operation of the information security management system will be periodically audited and continuously improved.

6. Discipline

All employees are required to abide by the regulations of this information security management system, and in case of violation, will be disciplined accordingly.

Establishing and enhancing an “information security culture”

A solid foundation is needed to undertake information security. Anchored on the Group ISMS (Information Security Management System), the Ricoh Group’s information security management aims to develop an organizational culture that leads to all employees spontaneously carrying out secure actions in their day-to-day business activities without consciously following rules and directions. The Ricoh Group strives to establish and enhance this “information security culture” as we call it, based on these three activities: (1) participation by all employees, (2) day-to-day management and continual improvement, and (3) in-house use.

(1) Participation by all employees

Customers are the starting point of all actions initiated by the Ricoh Group. In the course of delivering value to customers, all employees engaged in the Group’s business activities—from product planning, development and manufacturing to sales and servicing—think of customer needs and requirements from the customers’ viewpoints and make the most of the technical, marketing and customer information needed for their respective responsibilities and tasks. Information security management is not carried out by a select group of departments or task domains alone; rather, it is considered a comprehensive endeavor that requires the participation of senior management, managers, and employees as well as cooperating business partners.

(2) Day-to-day management and continual improvement

Information security management is meaningful only if it is practiced without fail by all employees in the course of their day-to-day activities. The Ricoh Group makes sure that common standards and rules are firmly in place and education and training programs are fully thoroughly implemented. To ensure that employees put them into practice in day-to-day tasks, efforts such as self-management by each employee, periodic checks by supervisors, and audits by experts are also carried out, and corrective actions are taken promptly for improvements. Continual improvement is promoted while making effective use of the PDCA (plan-do-check-act) cycle for improvement by all levels of personnel from employees and managers to leaders and senior management, which in turn raises the level of security.

Process of day-to-day management and continual improvement

(3) In-house use

Ricoh Group companies routinely make use in-house of security products and solutions we developed, based on the firm foundations of information security management that comes out of continual improvement with the participation of all employees. Those products and solutions are intended for customers to solve a broad range of issues that obstruct the creation of a secure enterprise. Using those ourselves allows Ricoh to verify product utility and to incorporate any needed improvement before delivery to customers.

Delivery of new value to customers through efforts to improve security

The Ricoh Group is working to foster an “information security culture” of the highest level through participation by all employees, day-to-day management and continual improvement, and in-house use. Based on those actions, we strive to fully enforce risk management with the goal of fulfilling corporate social responsibility. For customers, these actions also yield new value in the form of strategic products and systems as well as consulting, know-how and more.

Security for products and services

To further gain customers’ trust, efforts are being made to obtain certification by a third-party organization for security functions of strategic products including digital MFPs and printers.

• Security for products and services

Information security solutions

The Ricoh Group provides information security solutions that help customers solve problems and achieve secure and efficient business innovation. We accumulate know-how gained from in-house use of those solutions, and upon confirmation of their utility, pass the know-how on to customers as proposals and solutions.

Integration with other management systems

At the Ricoh Group, we believe that, to quickly respond to changes in internal and external environments, information security should be administered and managed by incorporating appropriate management measures and processes into day-to-day business operations. This principle was put into practice when Japan’s Personal Information Protection Act came into effect in April 2005. IT control-related changes prescribed in Japan’s Financial Instruments and Exchange Act also have been dealt with in an integrated manner based on a single, unified management system, rather than as individual changes and additions.