Main content Main content

ISMS Certification/Cybersecurity Maturity Assessment

Obtaining ISMS Certification in Japan and Overseas

ISMS Certification Status in Japan and Overseas

Ricoh Group companies in Japan obtained unified ISMS certification in December 2004. We took this a step further in 2006 when our overseas group companies also started the process of acquiring certification. Since then, we have been working towards establishing an information security promotion system across the Group. We set a policy on obtaining ISMS certification among companies and organizations which contact and serve customers and receive requests from customers or external bodies to obtain certification.

In FY2021, we renewed our certification after passing the annual audit. To date, a total of 52 group companies — 4 domestic and 48 overseas — have been certified, which is 85.4% of targeted companies and organizations (as of May 2022).

List of Certified Companies

In order to offer our products and related solution services to our customers and business partners, the Ricoh Group maintains ISMS certification at companies throughout the sales chain — including support, logistics and financial companies — and as necessary at some production, rental and software companies.

Cybersecurity Maturity Assessment

The Ricoh Group has a system in place whereby a third party checks the conformity and effectiveness of ISMS through internal and external audits.

The results of the external audits that were conducted continuously in FY2018 revealed the need to address the further enhancement of the cross organizational information security governance system. Based on the audit results, the Ricoh Group will work to establish a more robust cross organizational governance system.

Cybersecurity Maturity Assessment (including privacy protection)

  1. Governance, risk and compliance of security
  2. Security management of network boundary
  3. Security management of end point
  4. Security management of data
  5. Security management of applications
  6. Identity and access management (IAM)
  7. Security monitoring and fault management
  8. Security management of mobile and social media
  9. Security vulnerability management
  10. IT asset management and change and configuration management
  11. IT service continuity management
  12. Physical security management