Sustainability

Governance

Information Security Strengthening of Information Security

Strengthening of Information Security

System for Promoting Information Security

The OKI Group is building a robust IT infrastructure to support its business growth. As part of this effort, we are working to strengthen information security from the perspective of minimizing management risks. As our Risk Management Committee has defined "electronic information leakage" and "cyber attack" as common risks, we have made it clear that measures for information security are an important part of management and we are proceeding with them.

Based on the OKI Group Security Basic Policy, the OKI Group has established a system to ensure information security and works to properly manage and protect company and customer information. OKI's Information Planning Division reviews all activities related to information security, and each business unit or group company has a information security promotion team that is responsible for addressing the measures decided by OKI's Information Planning Division.

We have also established relevant rules and regulations for information security. We have examined customer information and data to be processed within the group, defined the types of information to be treated as confidential, and formulated regulations, administrative instructions and guidelines related to the processes of acquiring, generating and discarding such information.

System for Promoting Information Security

We in the OKI Group have enhanced protection of personal information based on the Privacy Policy. We have committed to the protection of personal information under the leadership of our Chief Privacy Officer. Privacy managers have been appointed in all divisions and subsidiaries. OKI is taking measures based on regulations related to personal information protection in Europe, Asia, and other overseas business regions. The website of each Group company has a cookie banner that complies with applicable regional and national privacy protection legislation and cookie regulations.

Regulations and Rules Related to Information Security

Three Perspectives of Information Security System

In the OKI Group we use the three perspectives shown in the diagram below to broadly promote information security measures for computers, networks and information systems.

Information Security Education

As part of its systems for information protection, the OKI group offers information security education to all employees who use the information infrastructures belonging to the group. Each and every individual is asked to thoroughly protect information assets received from customers as well as highly confidential information assets belonging to OKI. For this reason, we widely communicate basic regulations and rules, and company standards regarding the use of our information networks, desktop computers and mobile computers through group training sessions and e-learning programs.

In fiscal year 2022, information security training was provided to all employees by e-learning in August. Closely related to this is personal information protection, for which we also provided training at the same time, and almost 100% of employees received this training.

Sharing and Remedying Issues with Suppliers

Aiming at an improved information security level across the supply chain, we at OKI continuously verify how information security measures are implemented at suppliers to whom we provide critical confidential information. Here, we ask our suppliers to carry out self-evaluations and to score themselves based on check lists prepared by us. In this way, suppliers and OKI are sharing issues and remedying any problem points found.

OKI-CSIRT for Prompt Response to Security Incidents

We have established an organization specializing in security incident response called OKI-CSIRT(*1), which collaborates with external organizations, such as the Nippon CSIRT Association, CSIRT in other companies and ministries/agencies, in order to enhance our preventive measures against threats to computer security in the group and improve our capacity to respond to them.
In fiscal year 2022, we conducted training in accordance with the incident response manual and worked to strengthen our ability to respond to cyber attacks.

  • *1 CSIRT:Computer Security Incident Response Team

Strengthening the OKI Group's Measures

The OKI Group has promoted information security measures at overseas sites, including such actions as laying down information security guidelines in each country and region, appointing security managers at each site, and adopting control tools. In fiscal year 2022, we made the enhancements below in response to unauthorized file server access during the previous fiscal year.

  • Introducing EDR (Endpoint Detection and Response)(*2) for all Group PCs and servers, and expanding 24/7 monitoring by external organizations to include the United States and Asia
  • Introducing WAFs (Web Application Firewalls)(*3) for OKI's websites as a countermeasure against DDoS attacks (distributed denial-of-service attacks)
  • Conducting penetration tests(*4) for the Group's remote access environments
  • *2 EDR: Endpoint Detection and Response (technology that continuously monitors and responds to threats at the endpoint (terminal) of a computer system)
  • *3 WAF: web application firewall (a type of security that protects web applications from attacks aimed at exploiting their vulnerabilities)
  • *4 penetration tests: a way to test a system for vulnerabilities by attempting an actual cyber attack

Acquisition of ISMS Certification

The OKI Group has acquired the ISMS(*5) certification for divisions involved in building and operating internal information systems, and for divisions engaged in general system design development, in order to improve the reliability of network solution construction and related services. We are continually working to increase the number of Japanese OKI Group subsidiaries with ISMS certification. In fiscal year 2023, following the reorganization of OKI, we consolidated ISMS certification in the Marketing & Sales, Business, Technology, Production & Procurement departments to strengthen information security.

  • *5 ISMS: Information Security Management System

Reports on misuse of public research funds and misconduct related to research
activities can also be filed from the page that opens when you click the above button.

Special Contents

      Contact

      Contact