The Ricoh Group has declared our commitment to fulfilling corporate social responsibility from a global perspective in all aspects of management, while aiming to be a company that society as a whole wishes to grow and develop. This introduces the Ricoh Group’s vision of information security and information security management initiatives.
In the future, companies will need to fulfill their responsibilities to society while at the same time increasing corporate value and generating profits, their original role as a corporation. Continuous growth and development of a company cannot be achieved without the sustainable growth and development of society. As a corporate citizen, the Ricoh Group recognizes that fulfilling our social responsibility is fundamental to our management, and we aim to enhance our corporate value by simultaneously creating economic value and fulfilling our social responsibility.
We believe that information security is essential for the Ricoh Group, whose business domain is in the field of information, to be able to deliver products and services that customers can use with peace of mind. Thus, the Ricoh Group formulated the "Ricoh Group Information Security Basic Policy" and the "Information Security Basic Policy for Products and Services" and ensures that these policies are fully known throughout the Group. In addition, we have positioned our information security efforts as an activity in which all employees participate, promoting day-to-day management and continuous improvement at worksites and on the front lines of business. And based on those, we practice active in-house use of our own products and services to provide value to our customers.
Conceptual overview of the Ricoh Group’s information security
As a member of the global information society, the Ricoh Group works to increase the usefulness of information. And in response to the trust invested by society, we recognize the importance of all information assets, including customer information, and have established the necessary information security management system. With this management system, Ricoh will maintain and enhance corporate ethics efforts concerning legal compliance, and will further ensure safety and reliability in the information society.
As a member of the global information society, the Ricoh Group works to increase the usefulness of information. And in response to the trust invested by society, we recognize the importance of all information assets, including customer information, and have established the necessary information security management system. With this management system, Ricoh will maintain and enhance corporate ethics efforts concerning legal compliance, and will further ensure safety and reliability in the information society.
1. Establishment of an information security management organization
Each organizational leader establishes a system to allow that organization to implement optimal information security management.
2. Creation of an information security policy and management based on that
Each organization creates a security policy based on the value of its information assets and manages day-to-day operations by applying policy-based control measures.
3. Deployment of cross organizational units
Cross organizational units will be deployed for the purpose of optimally operating information security management at the Ricoh Group.
4. Provision of information security training
Proper training will be provided to all employees and business partners in order to have security requirements thoroughly known and understood.
5. Audit and improvement
Operation of the information security management system will be periodically audited and continuously improved.
6. Discipline
All employees are required to abide by the regulations of this information security management system, and in case of violation, will be disciplined accordingly.
We at the Ricoh Group believe that information security activities must be carried out above and beyond the level required by law. As a member of the global information society, we work to increase the usefulness of information. And in response to the trust invested by society, we promote information security management with the participation of all employees to enable continual improvements. As a for-profit organization, we also need to work to generate profits. The Ricoh Group strives to balance information use and information protection by using information in a secure manner with those with whom it should be shared, including business partners, while preventing information from being leaked to unintended parties. We have positioned this level of profit generation with an appropriate balance between use and protection as “information security-based management,” and we will continue to work toward this goal.
Information security initiatives
A solid foundation is needed to undertake information security. Anchored on the Group ISMS (Information Security Management System), the Ricoh Group’s information security management aims to develop an organizational culture that leads to all employees spontaneously carrying out secure actions in their day-to-day business activities without consciously following rules and directions. The Ricoh Group strives to establish and enhance this “information security culture” as we call it, based on these three activities: (1) participation by all employees, (2) day-to-day management and continual improvement, and (3) in-house use.
Customers are the starting point of all actions initiated by the Ricoh Group. In the course of delivering value to customers, all employees engaged in the Group’s business activities—from product planning, development and manufacturing to sales and servicing—think of customer needs and requirements from the customers’ viewpoints and make the most of the technical, marketing and customer information needed for their respective responsibilities and tasks. Information security management is not carried out by a select group of departments or task domains alone; rather, it is considered a comprehensive endeavor that requires the participation of senior management, managers, and employees as well as cooperating business partners.
Information security management is meaningful only if it is practiced without fail by all employees in the course of their day-to-day activities. The Ricoh Group makes sure that common standards and rules are firmly in place and education and training programs are fully thoroughly implemented. To ensure that employees put them into practice in day-to-day tasks, efforts such as self-management by each employee, periodic checks by supervisors, and audits by experts are also carried out, and corrective actions are taken promptly for improvements. Continual improvement is promoted while making effective use of the PDCA (plan-do-check-act) cycle for improvement by all levels of personnel from employees and managers to leaders and senior management, which in turn raises the level of security.
Process of day-to-day management and continual improvement
Ricoh Group companies routinely make use in-house of security products and solutions we developed, based on the firm foundations of information security management that comes out of continual improvement with the participation of all employees. Those products and solutions are intended for customers to solve a broad range of issues that obstruct the creation of a secure enterprise. Using those ourselves allows Ricoh to verify product utility and to incorporate any needed improvement before delivery to customers.
The Ricoh Group is working to foster an “information security culture” of the highest level through participation by all employees, day-to-day management and continual improvement, and in-house use. Based on those actions, we strive to fully enforce risk management with the goal of fulfilling corporate social responsibility. For customers, these actions also yield new value in the form of strategic products and systems as well as consulting, know-how and more.
To further gain customers’ trust, efforts are being made to obtain certification by a third-party organization for security functions of strategic products including digital MFPs and printers.
The Ricoh Group provides information security solutions that help customers solve problems and achieve secure and efficient business innovation. We accumulate know-how gained from in-house use of those solutions, and upon confirmation of their utility, pass the know-how on to customers as proposals and solutions.
At the Ricoh Group, we believe that, to quickly respond to changes in internal and external environments, information security should be administered and managed by incorporating appropriate management measures and processes into day-to-day business operations. This principle was put into practice when Japan’s Personal Information Protection Act came into effect in April 2005. IT control-related changes prescribed in Japan’s Financial Instruments and Exchange Act also have been dealt with in an integrated manner based on a single, unified management system, rather than as individual changes and additions.