Ricoh 2014 Annual Report Download - page 46
Download and view the complete annual report
Please find page 46 of the 2014 Ricoh annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.Ricoh Group Sustainability Report 201445
• The Ricoh Group’s
information security
framework
➤ WEB 1 Scope of Ricoh ISMS registration:
www.ricoh.com/about/security/management/activity/
P
D
C
A
Realization of a secure society
Creating information value
Delivery of value to customers
Delivery of value to customers
Information
protection
Information
protection
Information
use
Information
use
Company
practices
Participation
by all
employees
Daily
management
and continual
improvement
Information Security
Information security management
To validate the trust that society places in us,
theRicoh Group involves all its employees in
continuous improvement of information security
management. Our aim is to balance utility
andprotection, simplifying the secure use of
information by people with legitimate access
rights—including business partners—while
preventing unauthorized access and leaks.
In the present business environment, the
way information is processed with evolving
information and communication technology has
led to the appearance of previously unknown
information risks. The Ricoh Group promotes
effective information security activities and
will, through ingenuity and improvements in IT
technology packaging and operation methods,
respond to new threats to the security of information
while seeking to promote creative and original use
and application of information.
Reinforcing our information security culture
The primary goal of the Ricoh Group’s Information
Security Management System (ISMS) is to have all
employees engage in proactive, security-conscious
behavior as a matter of course, beyond simply
following legal requirements or rules. We call this
our “information security culture,” and reinforce it
in three ways: (1) participation by all employees, (2)
daily management and continuous improvement,
and (3) company practices.
In particular, daily use of our products and
services becomes in effect a continuous exercise in
solving problems related to information security,
and allows us to conrm the results of our efforts.
The processes we achieve in this way are then
passed on to our customers.
In addition, we run e-learning programs for all
Ricoh Group employees in Japan, and about 40,000
people have taken part in these educational
opportunities. These programs feature content
related to adherence of existing basic rules as well
as enforcement of rules pertaining to new elds of
application, such as social networking services,
which have emerged along with advances in IT.
In response to changing social conditions, the
Ricoh Group revises its Ricoh Group Standard and
Common Standard for Information Security,
promotes awareness through e-learning, veries
status through internal audits and then makes
corrections as necessary. The Group cycles through
an integrated PDCA management system, driving
information security upward to a higher level.
ISMS certication status
The Ricoh Group obtained uniform ISMS
certication(ISO27001)inDecember2004.Since
then, we have maintained our certication through
annual inspections by external organizations and
recertication inspections every three years.
InDecember 2013, we underwent our third
recertication inspection. As of December 2013,
atotalof70companies—23withinJapanand47
overseas—have received ISMS certication.
Over the past, we havecarefully tracked world
trends, from the conguration of information
security systems to theestablishment of global
management systems, constantly improving upon
avariety of issues. Going forward, we will promote
certication overseas, ensure thorough compliance
through our Common Standard for Information
Security, and strive to enhance efciency. Through
such initiatives over the next 10 years, we will shift
toISO/IEC27001:2013(JISQ27001:2014). ➤ WEB1
Information security incidents
In the fiscal year ended March 31, 2014, there was
one major information security incident that required
disclosure to an external organization.
A brand trusted by the information society
For the Ricoh Group, with its business emphasis on the information sector, efforts toprotect
information are indispensable if customers are to use Ricoh products and services with
peace of mind. Therefore, we involve all employees in efforts to ensure information security.
Measures are in place to encourage continuous improvement in daily information security
management in each organization within the Group and toactively utilize Ricoh products
and services for in-house use. In addition, the Ricoh Group develops and provides functions
to maintain information security and protect customers from exposure to various risks during
the use of Ricoh products.