Main content Main content

An Overview

Deliver New Value from CSR
The Ricoh Group declares its aspiration to be an enterprise whose growth and success are desired by the general public, and Ricoh is committed to the fulfillment, from a global perspective, of its corporate social responsibility in every business aspect. This section gives you an overview of information security as envisioned by the Ricoh Group.

Basic Concept

Qualities of Companies that Society Wants to See Grow and Succeed

Increasingly, a corporation is required to fulfill its corporate social responsibility in addition to achieving the essential goals of enhancing corporate value and generating profit. It cannot grow and expand if society’s growth is not sustained. With the belief that fulfilling social responsibility as a good corporate citizen serves well as a foundation for corporate management, the Ricoh Group aims to enhance its corporate value by simultaneously creating economic value and fulfilling its social responsibility.
As a company whose business domain is linked to information fields, the Ricoh Group recognizes the importance of information security in pursuing its mission of delivering products and services that customers can use with peace of mind. For this reason, the Ricoh Group formulated the “Ricoh Group Information Security Basic Policy” and the “Ricoh Group Information Security Basic Regulations for Products, Services and Solutions” and ensures that these policies are fully known and understood throughout the Group. Moreover, it requires all of its employees to participate in information security initiatives and makes sure that daily management and continual improvement are carried out on shop floors and in offices. It also encourages the development of products and services reflecting the added value gained in the process and their active internal use before presenting them to customers.

Conceptual overview of the Ricoh Group's information security
Conceptual overview of the Ricoh Group's information security

Ricoh Group Information Security Basic Policy

[Basic Policy]

Ricoh Group, as a citizen in the global information society, contributes toward useful information exchange. Recognizing the value of all information assets including those of our customers, Ricoh Group will establish an information security management system in order to maintain the trust and confidence of all stakeholders. Based on this management system, Ricoh will maintain and enhance its corporate ethics efforts concerning legal compliance, and will further ensure the integrity and trustworthiness of our role in the information society.

[Immediate Actions]

1. Establishment of information security management system

Each organizational leader establishes the system to allow that organization to optimally manage its information security requirements.

2. Creation of information security policy and management

Each organization creates a security policy that fits its value of information assets, and, based on such policy, develops appropriate measures for daily operational management.

3. Deployment of cross organizational units

Cross organizational units will be deployed for the purpose of optimally managing the Ricoh Group information security management system.

4. Provision of information security training

Proper training will be provided to all staff and appropriate business partners in order to have security requirements thoroughly known and understood throughout the entire group.

5. Audit and improvement

Once established, the information security management system will be periodically audited and continuously improved.

6. Discipline

All staff are required to abide by the regulations of this information security management system, and, in case of violation, will be disciplined accordingly.

April, 2017
Yoshinori Yamashita
President and CEO
Ricoh Co., Ltd.

Ricoh Group Information Security Basic Regulations for Products, Services and Solutions

[Basic Policy]

In order to protect the customer's information assets and make the best use of information assets, Ricoh Group will provide products, services and solutions that customer‘s can use with confidence, in harmony with your workplace and information security policy.

[Basic Principles]

1st: Compliance

Compliance with laws and regulations takes precedence over the second principle and the third principle as a primarily.

2nd: Protection of information assets

It should protect each customer's information assets with each product, service, solution and give priority over the third principle on the premise of satisfying the first principle.

3rd: Maximize value provided

It should try to maximize the value provided to customers by each product, service and solution on the premise of satisfying the first principle and the second principle.
Note: The value here is the overall value of "products, services and solutions", not limited to information security.

[Action Guidelines]

1. Compliance

Ricoh Group will comply with all applicable laws, guidelines for government, contractual obligations related to information security.

2. Customer Origination

Ricoh Group will endeavor to grasp the customer's needs for information security and to provide corresponding products, services and solutions.

3. Grasp and Correspondence to the environmental change

Ricoh Group will endeavor to grasp the environmental change of information security and to provide products, services and solutions suitable for that environment.

4. Correspondence to Information Security

Ricoh Group will, on an ongoing basis, monitor, analyze and respond to information security risks of products, services and solutions in a timely manner.

5. Information Security Management

Ricoh Group will create a organization to conduct and make continuous improvements of information security activities for products, services and solutions.

6. Customer value maximization

Ricoh Group will strive to provide products, services and solutions that combine convenience and safety.

January, 2018
Yoshinori Yamashita
President and CEO
Ricoh Co., Ltd.

Establishing Business-Oriented Information Security Corporate Management while Balancing Information Use and Protection

The Ricoh Group believes that its information security activities must be carried out above and beyond the level required by law. As a member of the global information society, the group attempts to increase the usefulness of information. At the same time, it promotes information security management participated in by all employees to enable continual improvements, in response to the trust invested by society. As a for-profit organization, generating profits is another requirement. The Ricoh Group strives to achieve proactive information use and information protection in tandem so that information is shared in a secure manner within the Group and with its business partners while preventing the leakage of information to outsiders. The Ricoh Group aims to reach a level where profit is generated while a proper balance between information use and protection is maintained. This level is called “Business-Oriented Information Security Corporate Management.”

Steps to business-oriented information security corporate management
Steps to business-oriented information security corporate management

Information Security Promotion System

The Ricoh Group has established the position of director in charge of information security (Corporate senior vice president). It positions information security as one of its top-priority management risk control items and requires the CEO to check the ongoing status as an evaluator. Moreover, reports on reviews of the information security-related systems and investment matters concerning information security are submitted to the Group Management Committee, a decision-making body, to which the board of directors has delegated authority.

In addition, the Ricoh Group holds a monthly global meeting with the persons in charge of security in each region to review the progress of the information security measures and discuss and establish the security policies and guidelines.

Establishing a Corporate Information Security Culture

A solid foundation is needed to undertake information security. Anchored on the Group ISMS (Information Security Management System), the Ricoh Group’s information security management aims to develop organizational behavior leading to all employees spontaneously carrying out secure actions in their daily business conduct without consciously following rules and directions. The Ricoh Group strives to build and strengthen this “Corporate Information Security Culture,” as it is called by the Group, through these three cores: (1) participation by all employees, (2) daily management and continual improvement, and (3) company practices.


1) Participation by all employees

Customers are at the origin of all actions initiated by the Ricoh Group. In the course of delivering value to customers, all employees engaged in the Group’s business activities—which range from product planning, development and manufacturing to sales and servicing—think of customers’ needs and requirements from the customers’ viewpoints and make the most of the technical, marketing and customer information needed for their respective responsibilities and tasks. Information security management is not carried out by a select group of departments or task domains alone; rather, it is considered a comprehensive endeavor that requires the participation of all employees from senior management and executives to clerical workers as well as cooperating business partners.

2) Daily management and continual improvement

Information security management becomes real only if it is translated into practical and consistent action by all employees in the course of their daily activities. The Ricoh Group makes sure that standards and rules are firmly in place and education and training programs are fully administered. To ensure that employees put them into daily practice, self-management by each employee, periodic checks by supervisors and audits by internal and external auditors are also carried out, and corrective actions are taken promptly for improvements. The effective use of the PDCA-based management cycle by all levels of personnel from employees and managers to leaders and senior management results in continual improvement, which in turn enhances the level of security.

Process of daily management and continual improvement
Process of daily management and continual improvement

3) Company practices

Ricoh Group companies routinely use security products and solutions developed in-house, based on the firm foundations of information security management contributed to by all employees. Those products and solutions are intended for customers to solve a broad range of issues that obstruct the creation of a secure enterprise. Company practices allow verification of the product and service utility and allow Ricoh to incorporate any needed improvement before delivery to customers.

Delivery of New Value to Customers through Efforts to Boost Security

The Ricoh Group is working to foster an “information security culture” of the highest level through participation by all employees, daily management and continual improvement and company practices.
With these actions as the basis, it strives to fully enforce risk management with the goal of fulfilling its corporate social responsibility. For customers, these actions also yield new value in the form of strategic products and systems, consulting and know-how.


1) ISO/IEC 15408 certification

To further gain customers’ trust, stepped-up efforts are being made to obtain certification by a third-party organization for security features of strategic products including digital MFPs and printers.

Security for Ricoh Multifunction Printers

2) Information security solutions

Through the delivery of information security solutions, the Ricoh Group assists customers in problem solving and innovation that enable secure and efficient task handling. It builds up know-how gained from company practices and, upon confirmation of their utility, passes the know-how on to customers as proposals and solutions.

Integration with Other Management Systems

At the Ricoh Group, we believe that, to quickly respond to internal and external changes, information security should be administered and managed by incorporating appropriate management measures and processes into day-to-day business operations. This principle was put into practice when the Personal Information Protection Act came into effect in April 2005. Changes induced by the act as well as IT control-related changes and new elements in conformance with the Sarbanes-Oxley Act of the United States and the Financial Instruments and Exchange Law of Japan have been dealt with in an integrated manner based on a single, unified management system, rather than as individual changes and additions.