CSR in the OKI Group Information Security
Strengthening of Information Security
System for Promoting Information Security
The OKI Group has established a system to ensure information security under the leadership of the Information Security Committee. The committee meets twice a year and makes companywide decisions and formulates policies about information security. It also reviews all activities related to information security (once a half year) and examines the results of information security audits (once a year). Furthermore, each business unit or group company has a information security promotion team that is responsible for addressing the measures decided by the Information Security Committee.
We have also established relevant rules and regulations for information security. We have examined customer information and data to be processed within the group, defined the types of information to be treated as confidential, and formulated regulations, administrative instructions and guidelines related to the processes of acquiring, generating and discarding such information.
System for Promoting Information Security
Regulations and Rules Related to Information Security
Information Security Education
As part of its systems for information protection, the OKI group offers information security education to all employees who use the information infrastructures belonging to the group. Each and every individual is asked to thoroughly protect information assets received from customers as well as highly confidential information assets belonging to OKI. For this reason, we widely communicate basic regulations and rules, and company standards regarding the use of our information networks, desktop computers and mobile computers through group training sessions and e-learning programs.
In fiscal 2010, we gave an e-learning program on information security for all employees of the group in October. The rate of participation in the program was almost 100%.
"Visualization" of How the Information Security Measures Have Been Entrenched in Partners and Suppliers
In order to improve the quality of information security throughout the supply chain, OKI has also checked the information security measures of its business partners and suppliers handling important confidential information since fiscal 2008. More specifically, we ask such companies to self-check their information security measures using a check list designed by us, evaluate the results of their self-checks using our own scoring system, and share the challenges found in this process with them.
In fiscal 2010, information security at our partners and suppliers in general made a progress, 4 points up from the previous year. They made a visible progress particularly in the categories, "regular change of passwords" and "access right control with personnel changes." It showed that their understanding of the importance of access control on an individual basis had greatly improved.
OKI-CSIRT for Prompt Response to Security Accidents
In order to enhance our preventive measures against threats to computer security and improve our capacity to respond to them, we established OKI-CSIRT (Computer Security Incident Response Team) as an organization specializing in responding to security accidents in September 2008. OKI-CSIRT publishes a report on computer viruses every month and offers technical assistance within the OKI Group while contributing to the Nippon CSIRT Association by promoting the sharing and resolution of security issues among its members through its involvement in the development of guidelines for measures against computer viruses.
In fiscal 2010, we established an activity to check the version of the security software used by each employee and ask the version upgrade thereof if necessary in order to further prevent virus attacks and other security risks.
Disseminating Information Security Measures to Business Sites in China
The OKI Group has started to disseminate its information security measures to business sites in China since fiscal 2008. As the IT environment in China is different from that in Japan, we have adopted an antivirus software program designated computer viruses detected in China. We have also improved the local help desk function, enhanced support for damages caused by computer viruses, and thus improved the virus elimination rate there.
In fiscal 2010, we launched a project to encrypt the hard drives of mobile PCs used in China and require the users of the approved mobile PCs to put the certificate sticker as we did in Japan.
Promotion of Acquiring ISMS Certification
The OKI Group is working to acquire the ISMS(*1) certification for divisions involved in building and operating internal information systems and for divisions engaged in general system design development, in order to improve the reliability of network solution construction and related services.
In fiscal 2010, OKI Software a new company established through the merger of three software-related companies of the group as part of the group's reorganization project, acquired the ISMS certification. Five companies and seven business units of the OKI Group are ISMS- certified organizations as of June 2011.
Business Units / Group Companies That Have Acquired the ISMS Certification (as of June, 2011)
| Name of Business Unit / Group Company | Initial Registration Date |
|---|---|
| Japan Business Operations Co., Ltd. (Operation Dept. Inspection and Training Dept.) |
January 30, 2004 |
| Oki Consulting Solutions Co., Ltd. | September 20, 2006 |
| Oki Software Co., Ltd. | December 21, 2007 |
| Oki Customer Adtech Co., Ltd. | January 31, 2004 |
| Oki Electric Industry Co., Ltd. (OKI System Center) | August 4, 2003 |
| Oki Electric Industry Co., Ltd. (Government & Public Business Div., Enterprise Business Div., Government & Public Systems Div. and Information Systems Div. at Shibaura site) |
December 27, 2004 |
| Oki Electric Industry Co., Ltd. (Information Planning Div.) |
February 14, 2003 |
- *1: ISMS
Information Security Management System
