CSR in the OKI Group Information Security
Strengthening of Information Security
System for Promoting Information Security
The OKI Group has established a system to ensure information security under the leadership of the Information Security Committee. The committee meets twice a year and makes companywide decisions and formulates policies about information security. It also reviews all activities related to information security (once a half year) and examines the results of information security audits (once a year). Furthermore, each business unit or group company has a information security promotion team that is responsible for addressing the measures decided by the Information Security Committee.
We have also established relevant rules and regulations for information security. We have examined customer information and data to be processed within the group, defined the types of information to be treated as confidential, and formulated regulations, administrative instructions and guidelines related to the processes of acquiring, generating and discarding such information.
System for Promoting Information Security
Regulations and Rules Related to Information Security
Information Security Education
As part of its systems for information protection, the OKI group offers information security education to all employees who use the information infrastructures belonging to the group. Each and every individual is asked to thoroughly protect information assets received from customers as well as highly confidential information assets belonging to OKI. For this reason, we widely communicate basic regulations and rules, and company standards regarding the use of our information networks, desktop computers and mobile computers through group training sessions and e-learning programs.
In fiscal 2011, we gave an e-learning program on information security for all employees of the group in October. The rate of participation in the program was almost 100%.
"Visualization" of How the Information Security Measures Have Been Entrenched in Partners and Suppliers
In order to improve the quality of information security throughout the supply chain, OKI has checked the information security measures of its business partners and suppliers handling important confidential information. More specifically, we have asked such companies to self-check their information security measures using a check list designed by us, evaluated the results of their self-checks using our own scoring system, and shared the challenges found in this process with them since fiscal 2008.
In fiscal 2011, the number of business partners "highly evaluated" according to our criteria increased by 9 points from the previous fiscal year. They made a visible progress particularly in technological measures such as password updates and security consciousness about the management of confidential information. These results show that security measures have been steadily entrenched in our business partners.
OKI-CSIRT for Prompt Response to Security Accidents
In order to enhance our preventive measures against threats to computer security and improve our capacity to respond to them, we established OKI-CSIRT(*1) as an organization specializing in responding to security accidents in September 2008. OKI-CSIRT publishes a report on computer viruses every month and offers technical assistance within the OKI Group. It also contributes to prompt information sharing and problem solving through participation in the Nippon CSIRT Association (NCA) and cooperation with other outside organizations.
In fiscal 2011, OKI-CSIRT reinforced its partnerships with NCA, CSIRT of other corporations, and relevant governmental agencies about measures against cyber attacks. More specifically, it obtained information on targeted emails(*2), blocked them, and shut down information leakage routes.
Disseminating Information Security Measures to Business Sites in China
The OKI Group has started to disseminate its information security measures to business sites in China since fiscal 2008. As the IT environment in China is different from that in Japan, we have adopted an antivirus software program designated computer viruses detected in China. We have also improved the local help desk function, enhanced support for damages caused by computer viruses, and thus improved the virus elimination rate there.
In fiscal 2011, we further promoted the project for mobile PCs launched in fiscal 2010. We encrypted the hard drives of mobile PCs in order to prevent information leakage in case of theft or loss, and made the users of the approved mobile PCs put the certificate sticker as we did in Japan.
Promotion of Acquiring ISMS Certification
The OKI Group is working to acquire the ISMS(*3) certification for divisions involved in building and operating internal information systems and for divisions engaged in general system design development, in order to improve the reliability of network solution construction and related services. Five companies and seven business units of the OKI Group are ISMS-certified organizations as of June 2012.
Business Units / Group Companies That Have Acquired the ISMS Certification (as of June, 2012)
| Name of Business Unit / Group Company | Initial Registration Date |
|---|---|
| Japan Business Operations Co., Ltd. (Operation Dept. Inspection and Training Dept.) |
January 30, 2004 |
| Oki Consulting Solutions Co., Ltd. | September 20, 2006 |
| Oki Software Co., Ltd. | December 21, 2007 |
| Oki Customer Adtech Co., Ltd. | January 31, 2004 |
| Oki Electric Industry Co., Ltd. (OKI System Center) | August 4, 2003 |
| Oki Electric Industry Co., Ltd. (Government & Public Systems Marketing & Sales Div., Enterprise Systems Marketing & Sales Div., Information Systems Div. and Public Systems Business Div. at Shibaura site) |
December 27, 2004 |
| Oki Electric Industry Co., Ltd. (Information Planning Div.) |
February 14, 2003 |
