Information Security Strengthening of Information Security

Strengthening of Information Security

The OKI Group is building an IT infrastructure to support business growth. One of the ways we are working to minimize management risks is by enhancing information security. We have identified electronic information leaks and cyberattacks as risks common to the Group, as outlined by the Risk Management Committee. We clearly demonstrate that information security measures are one of the top priority areas for management as we are advancing initiatives.

In line with the OKI Group Information Security Basic Policy, we have created related regulations and operational rules. We also defined confidential information to include both customer data entrusted to us and internally processed data. Based on this definition, we are establishing rules, detailed procedures, and guidelines that cover the entire life cycle of this data-from acquisition and creation to disposal.

In accordance with the Information Security Basic Policy, we are also promoting a wide range of visibility, support, and protection measures. Furthermore, we established OKI-CSIRT(*) as a specialized security incident response organization tasked with strengthening our ability to prevent and respond to incidents utilizing the framework of Information Security Management System (ISMS; ISO 27001).

To enhance the reliability of system development and provision of related services, the OKI Group has obtained ISMS certification for its internal information system development and operation divisions, as well as its system design and development divisions. We are continuously working to expand ISMS certification across our Group in Japan. In fiscal year 2023,following organizational changes at OKI, we integrated ISMS certification for our sales; business; and development, production, and procurement divisions to enhance information security. As a technical measure, we have reinforced our measures against unauthorized access by such means as incorporating multi-factor authentication into our internal authentication system.

System for Promoting Information Security

We in the OKI Group have enhanced protection of personal information based on the Privacy Policy. We have committed to the protection of personal information under the leadership of our Chief Privacy Officer. Privacy managers have been appointed in all divisions and subsidiaries. OKI is taking measures based on regulations related to personal information protection in Europe, Asia, and other overseas business regions. The website of each Group company has a cookie banner that complies with applicable regional and national privacy protection legislation and cookie regulations.

• OKI Group Information Security Basic Policy

Regulations and Rules Related to Information Security

Three Perspectives of Information Security System

In the OKI Group we use the three perspectives shown in the diagram below to broadly promote information security measures for computers, networks and information systems.

Information Security Education

As part of its systems for information protection, the OKI group offers information security education to all employees who use the information infrastructures belonging to the group. Each and every individual is asked to thoroughly protect information assets received from customers as well as highly confidential information assets belonging to OKI. For this reason, we widely communicate basic regulations and rules, and company standards regarding the use of our information networks, desktop computers and mobile computers through group training sessions and e-learning programs.

In fiscal year 2023, information security training was provided to all employees by e-learning in August. Closely related to this is personal information protection, for which we also provided training at the same time, and almost 100% of employees received this training.

Sharing and Remedying Issues with Suppliers

Aiming at an improved information security level across the supply chain, we at OKI continuously verify how information security measures are implemented at suppliers to whom we provide critical confidential information. Here, we ask our suppliers to carry out self-evaluations and to score themselves based on check lists prepared by us. In this way, suppliers and OKI are sharing issues and remedying any problem points found.

OKI-CSIRT for Prompt Response to Security Incidents

We have established an organization specializing in security incident response called OKI-CSIRT(*1), which collaborates with external organizations, such as the Nippon CSIRT Association, CSIRT in other companies and ministries/agencies, in order to enhance our preventive measures against threats to computer security in the group and improve our capacity to respond to them.

• *1 CSIRT:Computer Security Incident Response Team

Acquisition of ISMS Certification

The OKI Group has acquired the ISMS(*2) certification for divisions involved in building and operating internal information systems, and for divisions engaged in general system design development, in order to improve the reliability of network solution construction and related services. We are continually working to increase the number of Japanese OKI Group subsidiaries with ISMS certification. In fiscal year 2023, following the reorganization of OKI, we consolidated ISMS certification in the Marketing & Sales, Business, Technology, Production & Procurement departments to strengthen information security.

• *2 ISMS: Information Security Management System

---

• Sustainability TOP
• Sustainability Management
  • Charter of Corporate Conduct/Code of Conduct
    • OKI Group Charter of Corporate Conduct
    • OKI Group Code of Conduct
  • OKI Compliance Commitment
• Environment
  • Environmental Management
    • OKI Group Environmental Vision 2030/2050
    • Risks and Opportunities
    • Environmental Activity Plan
    • OKI Group Environmental Management
    • Efforts for Conserving Biodiversity
    • Collaboration with external organizations
    • External Awards
  • Contributing to the Environment with Products and Services
    • OKI Environmentally Contributing Products
    • OKI Eco Products
    • Examples of Environmental Contributions
    • Operation of Chemical Substance Management System
  • Approach by Businesses Toward Environmental Conservation
    • Global Warming Prevention Activities
    • Resource-Saving and Recycling Activities
    • Chemical Substance Management and Reduction Activities
    • Addressing Water Risk
  • Environmental Data
    • Scope1,2,3
    • Energy Usage and CO2 Emissions
    • Waste and Resource Circulation
    • Water Resources
    • Chemical Substance Usage and Emissions
    • Environmental Accounting
  • Green Procurement Standard
  • Collection and recycling of used products
  • Progress of the OKI Group's Environmental Activities
    • -1980
    • 1981-1990
    • 1991-2000
    • 2001-2010
    • 2011-2020
    • 2021-
• Social
  • Respect for Human Rights
    • OKI Group Human Rights Policy
  • Human Resources Management
    • Basic Approach to Human Resources
    • Initiatives for Fostering an Organizational Culture Where Employees Can Proactively Take on Challenges
    • Promotion of Diversity and Inclusion (D&I)
    • Initiatives to support employee growth
    • Promotion of office development and support for balancing work and private life
    • Initiatives for Health Management, Occupational Health and Safety
  • OKI's Efforts for Quality Assurance
    • Structure
    • Key Initiatives
    • Quality Education
    • OKI Group's Approach to Universal Design
  • Procurement
    • OKI Group Procurement Policies
    • Purchasing Procedure
    • Fair Purchasing Practices
    • Building Relationships of Trust with Suppliers
    • CSR Procurement Initiatives
  • Philanthropy
    • Environmental Protection
    • Social Welfare
    • Education Support
    • Disaster relief activities
    • OKI 100 Yen fund of Love activities
• Governance
  • Corporate Governance
  • Risk Management/Compliance
    • Steady Promotion of Risk Management
    • Ensuring Full Compliance
    • Fair Trade
  • Information Security
    • Strengthening of Information Security
    • Enhancing the Protection of Personal Information
• ESG Data
• Report
  • OKI Report Archives
  • CSR Report Archives
  • Environmental Report Archives

About OKI

• Corporate Information
• Investor Relations
• Sustainability
• Environmental Conservation
• Philanthropy
• Research & Development
• International Procurement
• OKI Technical Review

Contact

Reports on misuse of public research funds and misconduct related to research
activities can also be filed from the page that opens when you click the above button.