Factory Security

Nowadays, cyberattacks frequently occur and have become more sophisticated, complicated, elaborated, and making them more threatening.
Generally, the attackers tend to avoid to target any points in headquarters or other sites with high security strength, but instead, the attackers tend to attempt to infiltrate through the points of affiliated companies/facilities with comparably weak security governance. This facts are backed up by actual incidents in the recent news. In the manufacturing industry, as a part of supply chain, it has become an urgent issue to strengthen its security at factories in accordance with increase of collaborations with affiliated companies and facilities.

In this context, we, Ricoh Group, is not exception. Until a few years ago that we were not able to grasp the security measure status at each Ricoh Groupe factory. Then we needed to take an assessment to comprehend the situation about cybersecurity since there were loads of inadequacy in terms of security governance. In production process, there are devices & equipment implemented with computers such as measuring device and robots. They can be target(s) for the attackers because the latest security patches sometimes failed promptly to apply to these devices & equipment. When a part of production stops due to security incident, it could lead to a cease on the whole production line. This implies that there will be a threat causing hundreds of millions yen financial damage.

We, Ricoh Group, initiated the Factory Security Enhancement(Strengthening) Activities since year 2022, and as of year 2024, it has been implemented at some of factories across the group. We have planned to spread out these activities to other locations both in domestic and overseas based on the achievement so far seeking the completion of this activities to all factories of the group.

The goal of this activity is to reduce the security incident rate occurring at the production sites as much as possible, and to support all production sites being able to deliver safe and secure products to customers with a security perspective.

Recent security incidents have not only caused production stoppage at one site, but also can be a factor to give an impact on more than production sites, such as environmental pollution, disasters, and impacts on customer businesses. As a part of the BCP(※) activities, we will maintain the safety of the production process at our sites to prevent any security incidents from causing significantly inconvenience to residents in neighborhood of our sites, consumable products, part suppliers, and various others.

By reducing security risks at the manufacturing sites, we will maintain production circumstances secured. As a part of the BCP activity, we will continuously conduct risk reduction activity to prevent security incidents from affecting production by giving impact on the stable operation of digital equipment incorporated in the production process line.

Not only the production environment (equipment) but also various information (data) such as production data and customer data are required for stable production. With the recent digitalization, the amount of digital data has increased quicky, and security risks related to data have also increased rapidly, which makes it important to protect data for stable production. We will maintain the Confidentiality, Integrity, and Availability of various information (data) handled in the production process.

We will conduct security enhancement activity on three elements such as Human Resource, Process, and Technology. With close coordination with each element to increase the overall maturity level, we aim for continuous and stable reduction of factory security risks lead by the production site.

At actual production site, existing protection activities such as BCP, 5S, and TPM have already been implemented on a daily basis. We integrate security perspective into a daily activities as an additional element to the site where those protection activities have been carried out rather than just bringing in another newly security aspect in a manufacturing site. Subsequently, we seek to promote this security culture as our own responsibility.

We adopt standards/guidelines suitable for the production site from the viewpoint of measurement and evaluation of effectiveness. Recently, there have established standards and guidelines specific to production site both domestically and internationally. We will sort appropriate standards to resolve on-site security risks and comply with them. In order to keep up with rapid evolution of cyber attacks, we will not stick to only one standard but continually optimize the usage by using multiple standards and review them on annual basis.

Solve on-site issue and problem in timely manner, which will be valuable at the site​

Think about human resources, organizations, and processes first rather than technology. Awareness both of Humans and Organization will strengthen the security.

Select factories that manufacture important products to Ricoh and have advanced digital manufacturing practices as reference factory.
Deploy, domestically and internationally, asset & knowledge gained from the results of implemented measures at the reference factories

Find and determine the security level to be achieved both in short-term and medium-term, then, implement those measures. Make a use of factory security guideline, which include assessment actual examples, issued by the Ministry of Economy, Trade and Industry as an index of security standard for countermeasure.

For many years, at our manufacturing factories, we have been implementing risk management processes from the perspective of safe hygiene and natural disaster countermeasure. These processes have been administrated and operated under the direction by company-wide control department. But, these days, in order to respond to newly threats such as cyber attacks, we are seeking to integrate factory security risks to existing management system.

With the support by security control department, each factory site have established communication routes and response systems at security incidents. Furthermore, to increase the effectiveness of these systems and regulations, the improvement activities have been continuously conducted fulfilling with the actual circumstances of each factory through the periodical on-desk & on-site practices & trainings.

The governance of the factory security have kept evolving to strengthen comprehensive ability to response to newly threats by enhancing frameworks of traditional risk management.

The security rules and guidelines tailored to on-site levels have been created in line with individual factory characteristics and circumstances based on the standards defined in governance control. These approaches, as improving security level across all group plants, help maintaining the efficient and optimal operational management at the sites.

Here are provided 3 stages of basic & specialized education program to improve employees’ security awareness, their achievement of knowledge, Skill, and experiences, and strengthening security awareness.

Also, along with incorporating these training programs with BCP/5S/TPM activities, we put importance on urging our employees to consider any potential unwanted accidents as much as their own responsibility. To support the employees’ security awareness, we are providing various posts and educational movie clips, etc. in the facilities.