The Ricoh Group declares its aspiration to be an enterprise whose growth and success are desired by the general public, and Ricoh is committed to the fulfillment, from a global perspective, of its corporate social responsibility in every business aspect. This section gives you an overview of information security as envisioned by the Ricoh Group.
Conceptual overview of the Ricoh Group's information security
Ricoh Group, as a citizen in the global information society, contributes toward useful information exchange. Recognizing the value of all information assets including those of our customers, Ricoh Group will establish an information security management system in order to maintain the trust and confidence of all stakeholders. Based on this management system, Ricoh will maintain and enhance its corporate ethics efforts concerning legal compliance, and will further ensure the integrity and trustworthiness of our role in the information society.
1. Establishment of information security management system
Each organizational leader establishes the system to allow that organization to optimally manage its information security requirements.
2. Creation of information security policy and management
Each organization creates a security policy that fits its value of information assets, and, based on such policy, develops appropriate measures for daily operational management.
3. Deployment of cross organizational units
Cross organizational units will be deployed for the purpose of optimally managing the Ricoh Group information security management system.
4. Provision of information security training
Proper training will be provided to all staff and appropriate business partners in order to have security requirements thoroughly known and understood throughout the entire group.
5. Audit and improvement
Once established, the information security management system will be periodically audited and continuously improved.
All staff are required to abide by the regulations of this information security management system, and, in case of violation, will be disciplined accordingly.
In order to protect the customer's information assets and make the best use of information assets, Ricoh Group will provide products, services and solutions that customer‘s can use with confidence, in harmony with your workplace and information security policy.
Compliance with laws and regulations takes precedence over the second principle and the third principle as a primarily.
2nd: Protection of information assets
It should protect each customer's information assets with each product, service, solution and give priority over the third principle on the premise of satisfying the first principle.
3rd: Maximize value provided
It should try to maximize the value provided to customers by each product, service and solution on the premise of satisfying the first principle and the second principle.
Note: The value here is the overall value of "products, services and solutions", not limited to information security.
Ricoh Group will comply with all applicable laws, guidelines for government, contractual obligations related to information security.
2. Customer Origination
Ricoh Group will endeavor to grasp the customer's needs for information security and to provide corresponding products, services and solutions.
3. Grasp and Correspondence to the environmental change
Ricoh Group will endeavor to grasp the environmental change of information security and to provide products, services and solutions suitable for that environment.
4. Correspondence to Information Security
Ricoh Group will, on an ongoing basis, monitor, analyze and respond to information security risks of products, services and solutions in a timely manner.
5. Information Security Management
Ricoh Group will create a organization to conduct and make continuous improvements of information security activities for products, services and solutions.
6. Customer value maximization
Ricoh Group will strive to provide products, services and solutions that combine convenience and safety.
Steps to business-oriented information security corporate management
The Ricoh Group has established the position of director in charge of information security (Corporate senior vice president). It positions information security as one of its top-priority management risk control items and requires the CEO to check the ongoing status as an evaluator. Moreover, reports on reviews of the information security-related systems and investment matters concerning information security are submitted to the Group Management Committee, a decision-making body, to which the board of directors has delegated authority.
In addition, the Ricoh Group holds a monthly global meeting with the persons in charge of security in each region to review the progress of the information security measures and discuss and establish the security policies and guidelines.
Information security management becomes real only if it is translated into practical and consistent action by all employees in the course of their daily activities. The Ricoh Group makes sure that standards and rules are firmly in place and education and training programs are fully administered. To ensure that employees put them into daily practice, self-management by each employee, periodic checks by supervisors and audits by internal and external auditors are also carried out, and corrective actions are taken promptly for improvements. The effective use of the PDCA-based management cycle by all levels of personnel from employees and managers to leaders and senior management results in continual improvement, which in turn enhances the level of security.
Process of daily management and continual improvement
To further gain customers’ trust, stepped-up efforts are being made to obtain certification by a third-party organization for security features of strategic products including digital MFPs and printers.