Information Disclosure and Information Security
Information Security Policy
Fuji Xerox has Information Disclosure Guidelines to ensure the transparency and fairness of management and corporate information and actively respond to the information disclosure needs of its stakeholders.
Moreover, in fiscal 1999, we enacted Rules for Handling of Corporate Information to ensure appropriate in-house communication and sharing of information, appropriate external information disclosure, and thorough protection of confidential information regarding the company as well as that of our customers and business partners
Information Disclosure Guidelines
Fuji Xerox will firmly maintain its basic stance of positively responding to internal and external demands for the disclosure of information, with a strong aspiration to achieve corporate transparency and fairness in order to fulfill its responsibility as a corporate citizen.
For this purpose, Fuji Xerox is committed to immediately disclosing any information which is considered to bring grave influence on the health and safety of employees and local residents or on the natural environment.
In fiscal 2005, Fuji Xerox stipulated Information Security Rules for the company and all of its affiliates. In fiscal 2006, we revised these rules to conform to ISO/IEC 27001:2005, an international standard for information security management systems. We also included a set of stricter rules for operations prone to information security-related incidents. Moreover, in fiscal 2008, we established Information Security Guidelines detailing operational procedures for information security.
- Please see Fuji Xerox Information Security Report for details.
Summary on Information Security
Fuji Xerox believes that an important element in the operation of our business is risk management; protection against external threats and internal vulnerabilities. Information security is considered a key part of risk management, and we have been implementing a variety of measures accordingly. We believe that the most critical risk in information security is the leakage of information, such as a leak of personal information or confidential information that has been entrusted to us by our customers. In order for our customers to feel safe in allowing us to maintain their information assets and for them to utilize our solution services, we will first establish an optimal information security structure within the company, and continuously implement the PDCA cycle to eliminate accidents and enhance the management of information security.
Concept of Information Security Governance
The approach of Fuji Xerox toward information security governance is based on the concept illustrated in the diagram below. We have been increasing the awareness of our employees on the policies and rules regarding information security, and have been ensuring that all incidents involving information security are properly reported. We have also been issuing the Information Security Report to inform our customers and partner companies of our activities and have them evaluate our efforts, thereby seeking to provide a higher level of information security governance.
Information Security Promotion System
The Risk Management Group of the General Affairs Department at Fuji Xerox headquarters is responsible for establishing a system to promote information security throughout the company, as part of its duties to oversee companywide risk management. This Group is seeking to promote information security throughout the company in an efficient manner by working together with the Information and Communications System Department, which is responsible for IT governance, and Fuji Xerox Information System Co., Ltd. (FXIS), which is responsible for the development and operation of IT infrastructure.
Fuji Xerox Initiatives in Fiscal 2013
We implemented the following measures in fiscal 2013 with a view to balancing strengthening of information security governance and improving productivity.
- Revised regulations and guidelines related to the realization of new ways of working, such as working at home, and the style of going directly to and from the home without stopping by the office.
- Implemented a new mobile environment for all sales and field SE staff for the purpose of enhancing productivity.
New mobile computers with enhanced security have been introduced and an environment to support them has been implemented so that our employees will no longer have to be based at the office, but will be able to work and communicate from anywhere, at anytime, and with anyone.
- Dealing with cyber attacks
Countermeasures against cyber attacks have been reviewed in accordance with the changes in work environment from using internal networks to the Internet, and the traditional preventative method of using firewalls has been changed to a multi-layered defense.
- Preventing leakage of trade secrets and technical information
Detailed measures have been taken from the perspective of risk management to fortify the company against external threats and internal weaknesses.
Acquisition Status of Information Security Management System Certification
Fuji Xerox and its affiliates promote acquisition of third-party certification of information security. The table below shows the acquisition status of Information Security Management System (ISMS) certification and the Privacy Mark.
Acquisition Status of Information Security Management System (ISMS) Certification and the Privacy Mark
|Company/Department||Date of ISMS Acquisition||Date of Privacy Mark Acquisition|
|Fuji Xerox Co., Ltd. (Fuji Xerox Global Services)||January 2004||–|
|Fuji Xerox Co., Ltd. Domestic Sales & Marketing and Domestic Sales Companies (Domestic Sales, All Customer Service Operations) Note 1||September 2005||–|
|Fuji Xerox System Service Co., Ltd. (Itabashi Office)||March 2004||March 2001|
|Fuji Xerox Information Systems Co., Ltd.||November 2005||–|
|Fuji Xerox Learning Institute Inc.||–||July 2005|
|11 independent prefectural distributors (12 offices)||2006~2007||–|
|Fuji Xerox of Shanghai Limited||March 2007||–|
|Fuji Xerox Korea Co., Ltd.||April 2007||–|
|Fuji Xerox of Shenzhen Ltd.||September 2007||–|
|Fuji Xerox Eco-Manufacturing (Suzhou) Co., Ltd.||June 2010||–|
|Fuji Xerox Singapore Pte Ltd.||April 2012||–|
|Fuji Xerox BusinessForce Pty. Limited Note 2||July 2013||–|
- Note 1 Including Fuji Xerox InterField Co., Ltd. and Fuji Xerox Service Creative Co., Ltd.
- Note 2 A wholly-owned subsidiary of the Fuji Xerox Document Management Solutions Pty. Limited (Australia) which became the subsidiary in October, 2012.
In fiscal 2014, we intend to continue implementing the following activities with the aim of both strengthening information security governance and increasing productivity.
- Update Information security regulations
Revisions will be made mainly to comply with ISO/IEC 27001:2013 that was revised last year, to reflect recent issues such as structural revisions, BYOD (Bring Your Own Device), the globalization of the rules, and other such immediate issues.
- Strengthen security governance of overseas affiliates
Efforts will be made to increase awareness and provide education on baseline security rules.
- Strengthen security management of confidential information entrusted to us by our customers
In order to gain even stronger trust from our customers, the acquired scope of ISMS certification will be expanded and the management of security of entrusted information will be further strengthened.
- Implement various education programs and develop promotion measures to increase awareness of information security.