A brand trusted by the information society
For the Ricoh Group, with its business emphasis on the information sector, efforts to protect information are indispensable if customers are to use Ricoh products and services with peace of mind. Therefore, we involve all employees in efforts to ensure information security. Measures are in place to encourage continuous improvement in daily information security management in each organization within the Group and to actively utilize Ricoh products and services for in-house use. In addition, the Ricoh Group develops and provides functions to maintain information security and protect customers from exposure to various risks during the use of Ricoh products.
Information security management
To validate the trust that society places in us, the Ricoh Group involves all its employees in continuous improvement of information security management. Our aim is to balance utility and protection, simplifying the secure use of information by people with legitimate access rights—including business partners—while preventing unauthorized access and leaks.
In the present business environment, the way information is processed with evolving information and communication technology has led to the appearance of previously unknown information risks. The Ricoh Group promotes effective information security activities and will, through ingenuity and improvements in IT technology packaging and operation methods, respond to new threats to the security of information while seeking to promote creative and original use and application of information.
Reinforcing our information security culture
The primary goal of the Ricoh Group’s Information Security Management System (ISMS) is to have all employees engage in proactive, security-conscious behavior as a matter of course, beyond simply following legal requirements or rules. We call this our “information security culture,” and reinforce it in three ways: (1) participation by all employees, (2) daily management and continuous improvement, and (3) company practices.
In particular, daily use of our products and services becomes in effect a continuous exercise in solving problems related to information security, and allows us to confirm the results of our efforts. The processes we achieve in this way are then passed on to our customers.
In addition, we run e-learning programs for all Ricoh Group employees in Japan, and about 40,000 people have taken part in these educational opportunities. These programs feature content related to adherence of existing basic rules as well as enforcement of rules pertaining to new fields of application, such as social networking services, which have emerged along with advances in IT.
In response to changing social conditions, the Ricoh Group revises its Ricoh Group Standard and Common Standard for Information Security, promotes awareness through e-learning, verifies status through internal audits and then makes corrections as necessary. The Group cycles through an integrated PDCA management system, driving information security upward to a higher level.
ISMS certification status
The Ricoh Group obtained uniform ISMS certification (ISO 27001) in December 2004. Since then, we have maintained our certification through annual inspections by external organizations and recertification inspections every three years. In December 2013, we underwent our third recertification inspection. As of December 2013, a total of 70 companies—23 within Japan and 47 overseas—have received ISMS certification.
Over the past, we have carefully tracked world trends, from the configuration of information security systems to the establishment of global management systems, constantly improving upon a variety of issues. Going forward, we will promote certification overseas, ensure thorough compliance through our Common Standard for Information Security, and strive to enhance efficiency. Through such initiatives over the next 10 years, we will shift to ISO/IEC 27001:2013 (JIS Q 27001:2014).
Information security incidents
In the fiscal year ended March 31, 2014, there was one major information security incident that required disclosure to an external organization.
Security in products and services: MFPs
As the information society grows, we are increasingly exposed to a variety of new external threats, such as computer viruses, leaks of personal information and unauthorized access to systems. For MFPs, one of many different kinds of IT machines that also connect to networks, the Ricoh Group was quick to tackle measures to prevent incidents, such as leaks of important information assets used by customers and falsification of data. We consider all possible threats that may affect documents—digital and paper-based—from the creation of a document through to its processing, storage, preservation and disposal, and develop and build into our products certain functions to protect documents from such threats and ensure security while maintaining ease of use.
In our efforts to make customers feel more secure and comfortable in their choice of Ricoh products, we are keen to obtain international certification and qualifications, including ISO/IEC 15408 the security function certification backed by an objective third party, and Common Criteria (CC)*.
The Ricoh Group provides customers with products matched to respective office environments and security policies while promoting various approaches, such as the creation of secure network environments and the solutions to support such environments, which underpins safe and secure office environments.
Security threats in offices
In February 2010, the Ricoh Group marked a world’s first, obtaining Common Criteria certification conforming to international security function standards (IEEE 2600.1) for an MFP, the imagio MP 5000SP/4000SP (launched in February 2008), thereby validating the security functions built into our MFPs and printers. Since then, we have continued to expand the menu of products conforming to stated standards and have developed a broad lineup of CC-certified products.
* CC: Common Criteria for information technology security evaluation (ISO/IEC 15408)
Common Criteria is an international standard for information security that provides assurance that the process of specification, implementation and evaluation of a computer security product has been conducted in a rigorous and repeatable manner. Customers can use CC to confirm that a product meets their security requirements and compare security specifications across different products.
Award-winning RICOH ProcessDirector Delivering Results
CCS Printing taps Ricoh for secure delivery of two million pages per month
CCS Printing, a U.S. company that provides digital and offset print, graphic design and web development, needed the right security solution for two million documents each month. Eventually, the company chose Ricoh Production Print Solutions LLC (RPPS), a U.S. subsidiary, because of Ricoh’s leadership in the software print environment.
Underpinning Ricoh’s success in this field is the award-winning RICOH ProcessDirector work solution, a key component of Ricoh’s industry-first centralized critical communications suite of solutions. This recently enhanced solution also features a redesigned visual interface for workflow building as well as new printer connections. The enhancements support RICOH ProcessDirector to streamline print operations, improve process integrity, increase operator productivity and lower costs.
CCS Printing’s decision to go with RPPS was based on the technological superiority of RICOH ProcessDirector. The technology allows the company to track and report in real-time on the more than two million documents it processes each month. Moreover, these seamless capabilities help CCS Printing meet Health Insurance Portability and Accountability Act (HIPAA) requirements, ensuring that each document ends up in the correct envelope.
“We’ve had a long, successful relationship with the Ricoh team, so when we began our search for a software solution, we didn’t have to look very far. We evaluated the competition, but they were no match for RICOH ProcessDirector,” said Kevin Sullivan, president of CCS Printing. “At CCS Printing, we feel very confident working with a company that not only understands our core business, but also the transactional environment. Ricoh has proven to be that company for us.”
RICOH ProcessDirector also addresses security concerns, boasting state-of-the-art features to ensure that no sensitive materials are ever at risk.