In fiscal 2013, cyber attacks, particularly targeted attacks seeking to breach the information system of a particular company or organization, posed a major threat. At the Ricoh Group, the website of a subsidiary was targeted by such an attack, which, regrettably, caused inconvenience to our customers. (Please refer to “6. Using IT to Prevent Recurrence of Information Security Incidents” below.)
Under the watchword of “workstyle innovation,” business process innovation is promoted by introducing in-house SNS. As a result, remarkable changes are occurring in office environments and the behavior of individual employees. We are indeed leading more convenient lives through the utilization of smart devices and thanks to the expansion and regular use of cloud services. This increased convenience, however, also poses far-reaching new risks. To address the situation, we are working to raise employees’ awareness of the updated Ricoh Family Group Information Security Measures, enhance IT security measures (e.g. introducing full disk encryption for externally portable PCs) and improve related operational methods so as to make the confidentiality and availability of information compatible.
In response to changes made to the social environment, the Ricoh Group is promoting its PDCA management system to boost the information security level, specifically by revising Ricoh Group standard rules and the Ricoh Family Group Information Security Measures, providing employees with education through e-learning, performing checks and improving information security through internal audits.
Since its initial attainment of unified ISMS certification in December 2004, the Ricoh Group has successfully updated its certification by passing annual audits and triennial renewal audits conducted by a third-party auditor. We were audited for the third renewal in fiscal 2013 and we will retain our certification in fiscal 2014.
As of December 2013, a total of 66 Ricoh Group companies (19 in Japan and 47 overseas) have been certified. There were no additional certifications during the fiscal year, either by a domestic or overseas company. For the scope of the certification, please refer to the list of Ricoh ISMS registrations (in Japanese) prepared by an external certification body.
Plan for Fiscal 2014
In fiscal 2014, we will undergo an annual audit to maintain our certification. We have thus been updating and maintaining certification for over a decade by responding to technological innovations and other changes in our business environment, including the emergence of new workstyles, expansion and regular use of cloud services and the utilization of smart devices. We also intend to accomplish the transition to ISO/IEC 27001:2013 (JIS Q 27001: 2014) during the fiscal year.