An Overview / Information Security at the Ricoh Group

Deliver New Value from CSR
The Ricoh Group, in its Corporate Social Responsibility Charter, declares its aspiration to be an enterprise whose growth and success are desired by the general public, and Ricoh is committed to the fulfillment, from a global perspective, of its corporate social responsibility in every business aspect. This section gives you an overview of information security as envisioned by the Ricoh Group as well as its basic approach and features.

Qualities of Companies that Society Wants to See Grow and Succeed

Increasingly, a corporation is required to fulfill its corporate social responsibility in addition to achieving the essential goals of enhancing corporate value and generating profit. It cannot grow and expand if society’s growth is not sustained. With the belief that fulfilling social responsibility as a good corporate citizen serves well as a foundation for corporate management, the Ricoh Group aims to enhance its corporate value by simultaneously creating economic value and fulfilling its social responsibility.
As a company whose business domain is linked to information fields, the Ricoh Group recognizes the importance of information security in pursuing its mission of delivering products and services that customers can use with peace of mind. For this reason, the Ricoh Group requires all of its employees to participate in information security initiatives and makes sure that daily management and continual improvement are carried out on shop floors and in offices. It also encourages the development of products and services reflecting the added value gained in the process and their active internal use before presenting them to customers. These efforts are Ricoh’s way of putting the Charter’s “conscientious corporate mindset” and “harmony with society” into practice.

Conceptual overview of the Ricoh Group's information security

Establishing Business-Oriented Information Security Corporate Management while Balancing Information Use and Protection

The Ricoh Group believes that its information security activities must be carried out above and beyond the level required by law. As a member of the global information society, the group attempts to increase the usefulness of information. At the same time, it promotes information security management participated in by all employees to enable continual improvements, in response to the trust invested by society. As a for-profit organization, generating profits is another requirement. The Ricoh Group strives to achieve proactive information use and information protection in tandem so that information is shared in a secure manner within the Group and with its business partners while preventing the leakage of information to outsiders. The Ricoh Group aims to reach a level where profit is generated while a proper balance between information use and protection is maintained. This level is called “Business-Oriented Information Security Corporate Management.”

Steps to business-oriented information security corporate management

Page Top

Establishing a Corporate Information Security Culture

A solid foundation is needed to undertake information security. Anchored on the Group ISMS (Information Security Management System), the Ricoh Group’s information security management aims to develop organizational behavior leading to all employees spontaneously carrying out secure actions in their daily business conduct without consciously following rules and directions. The Ricoh Group strives to build and strengthen this “Corporate Information Security Culture,” as it is called by the Group, through these three cores: (1) participation by all employees, (2) daily management and continual improvement, and (3) company practices.

1) Participation by all employees

Customers are at the origin of all actions initiated by the Ricoh Group. In the course of delivering value to customers, all employees engaged in the Group’s business activities—which range from product planning, development and manufacturing to sales and servicing—think of customers’ needs and requirements from the customers’ viewpoints and make the most of the technical, marketing and customer information needed for their respective responsibilities and tasks. Information security management is not carried out by a select group of departments or task domains alone; rather, it is considered a comprehensive endeavor that requires the participation of all employees from senior management and executives to clerical workers as well as cooperating business partners.

2) Daily management and continual improvement

Information security management becomes real only if it is translated into practical and consistent action by all employees in the course of their daily activities. The Ricoh Group makes sure that standards and rules are firmly in place and education and training programs are fully administered. To ensure that employees put them into daily practice, self-management by each employee, periodic checks by supervisors and audits by internal and external auditors are also carried out, and corrective actions are taken promptly for improvements. The effective use of the PDCA-based management cycle by all levels of personnel from employees and managers to leaders and senior management results in continual improvement, which in turn enhances the level of security.

Process of daily management and continual improvement

3) Company practices

Ricoh Group companies routinely use security products and solutions developed in-house, based on the firm foundations of information security management contributed to by all employees. Those products and solutions are intended for customers to solve a broad range of issues that obstruct the creation of a secure enterprise. Company practices allow verification of the product and service utility and allow Ricoh to incorporate any needed improvement before delivery to customers.

Page Top

Delivery of New Value to Customers through Efforts to Boost Security

The Ricoh Group is working to foster an “information security culture” of the highest level through participation by all employees, daily management and continual improvement and company practices.
With these actions as the basis, it strives to fully enforce risk management with the goal of fulfilling its corporate social responsibility. For customers, these actions also yield new value in the form of strategic products and systems, consulting and know-how.

1) ISO/IEC 15408 certification

To further gain customers’ trust, stepped-up efforts are being made to obtain certification by a third-party organization for security features of strategic products including digital MFPs and printers.

2) Information security solutions

Through the delivery of information security solutions, the Ricoh Group assists customers in problem solving and innovation that enable secure and efficient task handling. It builds up know-how gained from company practices and, upon confirmation of their utility, passes the know-how on to customers as proposals and solutions.

Integration with Other Management Systems

At the Ricoh Group, we believe that, to quickly respond to internal and external changes, information security should be administered and managed by incorporating appropriate management measures and processes into day-to-day business operations. This principle was put into practice when the Personal Information Protection Act came into effect in April 2005. Changes induced by the act as well as IT control-related changes and new elements in conformance with the Sarbanes-Oxley Act of the United States and the Financial Instruments and Exchange Law of Japan have been dealt with in an integrated manner based on a single, unified management system, rather than as individual changes and additions.