Ricoh 2014 Annual Report Download - page 46

Download and view the complete annual report

Please find page 46 of the 2014 Ricoh annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 106

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106

Ricoh Group Sustainability Report 201445
The Ricoh Group’s
information security
framework
WEB 1 Scope of Ricoh ISMS registration:
www.ricoh.com/about/security/management/activity/
P
D
C
A
Realization of a secure society
Creating information value
Delivery of value to customers
Delivery of value to customers
Information
protection
Information
protection
Information
use
Information
use
Company
practices
Participation
by all
employees
Daily
management
and continual
improvement
Information Security
Information security management
To validate the trust that society places in us,
theRicoh Group involves all its employees in
continuous improvement of information security
management. Our aim is to balance utility
andprotection, simplifying the secure use of
information by people with legitimate access
rightsincluding business partnerswhile
preventing unauthorized access and leaks.
In the present business environment, the
way information is processed with evolving
information and communication technology has
led to the appearance of previously unknown
information risks. The Ricoh Group promotes
effective information security activities and
will, through ingenuity and improvements in IT
technology packaging and operation methods,
respond to new threats to the security of information
while seeking to promote creative and original use
and application of information.
Reinforcing our information security culture
The primary goal of the Ricoh Group’s Information
Security Management System (ISMS) is to have all
employees engage in proactive, security-conscious
behavior as a matter of course, beyond simply
following legal requirements or rules. We call this
our “information security culture,” and reinforce it
in three ways: (1) participation by all employees, (2)
daily management and continuous improvement,
and (3) company practices.
In particular, daily use of our products and
services becomes in effect a continuous exercise in
solving problems related to information security,
and allows us to conrm the results of our efforts.
The processes we achieve in this way are then
passed on to our customers.
In addition, we run e-learning programs for all
Ricoh Group employees in Japan, and about 40,000
people have taken part in these educational
opportunities. These programs feature content
related to adherence of existing basic rules as well
as enforcement of rules pertaining to new elds of
application, such as social networking services,
which have emerged along with advances in IT.
In response to changing social conditions, the
Ricoh Group revises its Ricoh Group Standard and
Common Standard for Information Security,
promotes awareness through e-learning, veries
status through internal audits and then makes
corrections as necessary. The Group cycles through
an integrated PDCA management system, driving
information security upward to a higher level.
ISMS certication status
The Ricoh Group obtained uniform ISMS
certication(ISO27001)inDecember2004.Since
then, we have maintained our certication through
annual inspections by external organizations and
recertication inspections every three years.
InDecember 2013, we underwent our third
recertication inspection. As of December 2013,
atotalof70companies—23withinJapanand47
overseashave received ISMS certication.
Over the past, we havecarefully tracked world
trends, from the conguration of information
security systems to theestablishment of global
management systems, constantly improving upon
avariety of issues. Going forward, we will promote
certication overseas, ensure thorough compliance
through our Common Standard for Information
Security, and strive to enhance efciency. Through
such initiatives over the next 10 years, we will shift
toISO/IEC27001:2013(JISQ27001:2014). WEB1
Information security incidents
In the fiscal year ended March 31, 2014, there was
one major information security incident that required
disclosure to an external organization.
A brand trusted by the information society
For the Ricoh Group, with its business emphasis on the information sector, efforts toprotect
information are indispensable if customers are to use Ricoh products and services with
peace of mind. Therefore, we involve all employees in efforts to ensure information security.
Measures are in place to encourage continuous improvement in daily information security
management in each organization within the Group and toactively utilize Ricoh products
and services for in-house use. In addition, the Ricoh Group develops and provides functions
to maintain information security and protect customers from exposure to various risks during
the use of Ricoh products.