your information. our solutions. a secure combination ... · your security. our priority. we...
TRANSCRIPT
![Page 1: Your information. Our solutions. A secure combination ... · Your security. Our priority. We appreciate that your business information is a primary asset. If sensitive details end](https://reader034.vdocuments.us/reader034/viewer/2022050118/5f4eb609a6847937ac42b207/html5/thumbnails/1.jpg)
ricoh-europe.com/securitymatters
Secure solutions for secure business.
Your information. Our solutions. A secure combination.
![Page 2: Your information. Our solutions. A secure combination ... · Your security. Our priority. We appreciate that your business information is a primary asset. If sensitive details end](https://reader034.vdocuments.us/reader034/viewer/2022050118/5f4eb609a6847937ac42b207/html5/thumbnails/2.jpg)
Click here for our security solutions overview
Your security. Our priority.We appreciate that your business information
is a primary asset. If sensitive details end up in
the wrong hands, the risks to your profitability
and image are unacceptable. As much information
exists within paper or electronic documents,
it is vital that this information is protected.
Our solutions are designed to effectively integrate
with your existing security infrastructure, policies
and procedures. These can be tailored to exactly
match your needs. And naturally, all information
is treated with the strictest confidence.
We have identified five key areas that you need
to consider as a priority.
Document Processes & Protection
User Identification & Authorisation
Systems Configuration & Devices
Network Protection
Monitoring & Auditing
![Page 3: Your information. Our solutions. A secure combination ... · Your security. Our priority. We appreciate that your business information is a primary asset. If sensitive details end](https://reader034.vdocuments.us/reader034/viewer/2022050118/5f4eb609a6847937ac42b207/html5/thumbnails/3.jpg)
Document Processes & Protection
Throughout their entire lifecycle documents need protection. From capture, store and manage to output, distribution and even scheduled destruction, the core principles of confidentiality, integrity and accessibility are critical to the management of your information capital. We help keep documents safe and secure throughout every stage of the process – from secure scanning, document management and retention to secure printing, controlled accessibility and sharing of information.
User Identification & Authorisation
Authentication and Administration work seamlessly together so that only the right people can access the right information. By using options such as passwords, ID cards or biometric identification, unauthorised access can be denied to those who are not permitted, keeping your information capital safe and secure.
Systems Configuration & Devices
Providing a secure environment for storage of information capital and its authorised usage is a key driver in the development of our products and their operating systems. Our latest devices come equipped with proprietary software to protect data against opportunistic or targeted threats. Even at the end of a device’s life, we offer services to protect information.
Network Protection
We offer protection to ensure that information cannot be stolen, modified or falsified and then re-inserted back into your network. Our range of solutions and tools allow you to encrypt network communications, quickly disable all ports that are not used and control ‘safe’ client address lists to prevent hackers and other malicious parties from gaining access.
Monitoring & Auditing
A range of tools can help manage the security of your environment. Logs of activities such as authentication attempts and setting changes are recorded to enable auditing for security-related events. Management tools with customisable reporting can provide visibility of many actions executed on our devices. These provide a traceable record of print, copy and fax activity by device, user, workgroup or project. This allows more effective security as well as cost management.
ricoh-europe.com/securitymatters
Click here for our security solutions overview
![Page 4: Your information. Our solutions. A secure combination ... · Your security. Our priority. We appreciate that your business information is a primary asset. If sensitive details end](https://reader034.vdocuments.us/reader034/viewer/2022050118/5f4eb609a6847937ac42b207/html5/thumbnails/4.jpg)
Click here for our security solutions overview
Knowledge and information have a value. At Ricoh,
we call it your Information Capital. It is an essential
driver for all business. It gives competitive
advantage. Yet your business information is
subject to increasing threats in this digital age.
AN OPeN SAfeModern technology has opened up an area of
considerable concern in data security. To give
just one example, since 2002 nearly every digital
copier device in the industry has been built with
hard drives. These are essential for the production
process and efficient operation. However, they can
store a latent image of processing data as well as
address data and documents intentionally stored
for printing on demand.
Without effective management, they can present
a possible weakness – rather like leaving an
office safe open with highly sensitive data such
as personal customer data, employee records,
business plans and strategies inside. This could
be an issue, especially when the copier eventually
leaves your site.
Security Matters
![Page 5: Your information. Our solutions. A secure combination ... · Your security. Our priority. We appreciate that your business information is a primary asset. If sensitive details end](https://reader034.vdocuments.us/reader034/viewer/2022050118/5f4eb609a6847937ac42b207/html5/thumbnails/5.jpg)
Click here for our security solutions overview
HOw COMPANIeS Are vUlNerAble‘95 pages of pay stubs with names, addresses
and social security numbers. 300 pages of
individual medical records. These are a
fraction of the ten of thousands of documents
downloaded from previously leased copiers’.
As highlighted by the controversial report on CBS
News April 2010, the extraction of data is not only
a great deal easier than many of us may think but
is also an emerging trend throughout the world
which unnecessarily exposes companies
to risk.
Security MattersCoupled with this there are regulatory and legal
requirements to protect sensitive information.
However, independent research* shows that in
some businesses, such data remains unprotected.
Although there is a high awareness of risks
to document security, just 47%^ of European
business leaders are able to confirm that they
have a policy in place to control the printing of
customer information.
This makes companies more vulnerable to security
breaches, whether accidental or intentional,
through people or groups, both internal and
external to the business environment.
“Modern technology has opened
up an area of considerable
concern in data security.
* Coleman Parkes Research Ltd, 2009 – Ricoh Document Governance Survey
^ Average across Financial Services, Professional Services, Public Sector and Telecoms/Utilities/Media
![Page 6: Your information. Our solutions. A secure combination ... · Your security. Our priority. We appreciate that your business information is a primary asset. If sensitive details end](https://reader034.vdocuments.us/reader034/viewer/2022050118/5f4eb609a6847937ac42b207/html5/thumbnails/6.jpg)
Click here for our security solutions overview
There have been several well publicised examples
across Europe where sensitive information such
as health records, bank details and even classified
government documents have been lost without
any security to protect the data. Besides impacting
a company’s reputation, security breaches can
be costly.
In the motor racing industry, a 780 page
document containing technical information
about ferrari’s f1 car was found in possession
of a Mclaren designer. The sport’s governing
body considered the effect to ferrari’s
competitive advantage was so damaging that
Mclaren was heavily fined and stripped of its
championship points for the season.
In 2011, an employee of York City Council in
england sent out sensitive information wrongly
collected from a shared printer. The Council
has been penalised by the Information
Commissioner’s Office (ICO) for breaching the
Data Protection Act.
Following an investigation the ICO found there
was a lack of quality control and management
supervision. As a result, the Council has had
to sign an undertaking to ensure no personal data
is printed when unnecessary and introduce new
quality control checks when documents are being
sent out as well.
Business Impact
![Page 7: Your information. Our solutions. A secure combination ... · Your security. Our priority. We appreciate that your business information is a primary asset. If sensitive details end](https://reader034.vdocuments.us/reader034/viewer/2022050118/5f4eb609a6847937ac42b207/html5/thumbnails/7.jpg)
Click here for our security solutions overview
If confidential information is leaked it can impact
your business via:
Intellectual Property rights: Loss of business
investment in Research and Development
Customer Information: Personal information is
protected by legislation. Fines can be imposed
if regulations are not met
Commercial Information: Commercial advantage
can be lost if sensitive or confidential information
is leaked
Third-party information: Information handled
through outsourcing activities. Customers can lose
trust and confidence in the outsourcer and may
resort to financial compensation
Business Impact
“Just 47% of European
business leaders are able to
confirm that they have a policy
in place to control the printing
of customer information.
![Page 8: Your information. Our solutions. A secure combination ... · Your security. Our priority. We appreciate that your business information is a primary asset. If sensitive details end](https://reader034.vdocuments.us/reader034/viewer/2022050118/5f4eb609a6847937ac42b207/html5/thumbnails/8.jpg)
Click here for our security solutions overview
The issue of security is not a new trend for Ricoh.
We have always taken a consistent and global
approach to secure information - for ourselves as
well as for our customers. In 2004, we gained ISO
27001 worldwide certification for our head office
and manufacturing sites (which over the following
years was extended for all our individual sites).
This is a credential of trust because to us the trust
of our customers is essential to forming long-term
partnerships.
Our thought-leadership is clearly demonstrated
right from the earliest stages of the design of our
hardware and software. In fact in 2002, we were
the first to receive ISO/IEC 15408 certification for
a digital multifunctional product. Now our
latest devices have obtained Common Criteria
certification conforming to IEEE 2600.1, an
international standard for IT security products.
Thought Leadership
“In 2004, we gained ISO 27001
worldwide certification for
Information Security
Management.
![Page 9: Your information. Our solutions. A secure combination ... · Your security. Our priority. We appreciate that your business information is a primary asset. If sensitive details end](https://reader034.vdocuments.us/reader034/viewer/2022050118/5f4eb609a6847937ac42b207/html5/thumbnails/9.jpg)
Click here for our security solutions overview
DefININg THe MeASUreSWe have developed a portfolio to help
organisations manage and protect Confidentiality,
Integrity and Availability of information.
By implementing security measures, businesses
can monitor office equipment and safeguard
against information leaks and loss.
SAfegUArDINg YOUr INTereSTSOur consultants also work with customers to
identify solutions, services and define policies
which balance security and management with the
need for flexibility and efficiency.
By creating a secure infrastructure that evolves
as technology advances, your business is armed
with a reassuring combination of confidence
and confidentiality.
Thought Leadership
“creating a secure
infrastructure… gives
your business a reassuring
combination of confidence
and confidentiality.
![Page 10: Your information. Our solutions. A secure combination ... · Your security. Our priority. We appreciate that your business information is a primary asset. If sensitive details end](https://reader034.vdocuments.us/reader034/viewer/2022050118/5f4eb609a6847937ac42b207/html5/thumbnails/10.jpg)
Document Processes & Protection
Capture
Store & Manage
Output
Distribution
User Identification & Authorisation
Authentication
Authorisation
Systems Configuration & Devices
MfPs & Printers
Device Management
Network Protection
Monitoring & Auditing
Document Processes & Protection
Document Processes & ProtectionKeeping your sensitive information, secure.• Doyouhaveconcernsthatsensitivepaperdocuments
can be mislaid or not easily accessed by those who need them?
• Areyourprintseverpickedupbysomeoneelse by mistake?
• Howdoyouensurethatelectronicdocumentsarenotintercepted and possibly tampered with or information is not mislaid?
Given the potential risks to your information capital, it follows that from paper based to electronic, documents need protection throughout their entire lifecycle. During every stage of the document process, from capture, store and manage to output, distribution and scheduled destruction, the core principles of confidentiality, integrity and accessibility are critical.
Credentials
Security Solutions Overview
glossary
Case Studies
We can provide solutions so that only the right people can access the right information. For example, paper documents can be scanned and converted to secure electronic files and stored in a central database. Here they can be protected with access control but still be easily searchable and accessible to authorised users with powerful search and retrieval tools. To further improve authenticity and integrity, digital signatures can be added to documents before users exchange them electronically. The sharing of information can be controlled by managing distribution destinations – such as the sending of scanned documents to predetermined folders, ‘scan to me’, redaction of sensitive information and secure printing.
Improved processes like these help increase efficiency and well as ensuring that your business has complete control over the management of its documents.
![Page 11: Your information. Our solutions. A secure combination ... · Your security. Our priority. We appreciate that your business information is a primary asset. If sensitive details end](https://reader034.vdocuments.us/reader034/viewer/2022050118/5f4eb609a6847937ac42b207/html5/thumbnails/11.jpg)
Document Processes & Protection
Capture
- Secure Conversion
Store & Manage
Output
Distribution
User Identification & Authorisation
Authentication
Authorisation
Secure ConversionObjeCTIve: • Protect sensitive information in line with company
security policies/adhere to regulations such as data protection laws
• Merging vulnerable paper documents into secure electronic workflow
• Enabling accessibility of authorised users to paper and electronic documents
rISK: • Problem ensuring all the right people have access
to documents, both paper and electronic
• Difficulty in auditing who has access to paper documents
• ISO 12.5.4 Information leakage (risk clause ISO27002)
• Unauthorised viewing or tampering of sensitive documents
• Paper documents could be mislaid in distribution or duplicate copies exist
SOlUTION:• Our intuitive MFP displays provide simple access to workflows for document scanning and distribution
• Only authorised users can access MFP functions such as scanning, and send to destinations that can be pre-defined by an administrator
• Users can also create password protected PDFs from scanned documents - allows them to set security controls for recipient’s viewing, editing/printing
• To improve document integrity, scanned documents can be previewed on a Ricoh MFP before sending. Plus a digital signature can be added, ensuring information has not been altered since it was sent by confirming that a document scanned on the MFP is intact. Digital signatures also verify the identity of the creator
• Paper documents can be scanned and electronic documents captured to be routed directly into a Document Management System. In the DMS they can be protected with access controls but are also easily searchable and accessible to authorised users
• To help with document classification metadata can be added at Ricoh MFPs or the desktop; for fast retrieval, documents are organised into searchable and well-structured electronic formats; full or zonal Optical Character Recognition (OCR) permits indexing capability for reduced manual administration
• Encryption over SSL (Secure Sockets Layer) – uses a private key to encrypt data scanned from Ricoh MFPs to server using secure connection
Document Processes & Protection
Systems Configuration & Devices
MfPs & Printers
Device Management
Network Protection
Monitoring & Auditing
Credentials
Security Solutions Overview
glossary
Case Studies
![Page 12: Your information. Our solutions. A secure combination ... · Your security. Our priority. We appreciate that your business information is a primary asset. If sensitive details end](https://reader034.vdocuments.us/reader034/viewer/2022050118/5f4eb609a6847937ac42b207/html5/thumbnails/12.jpg)
Document Processes & Protection
Capture
- Electronic Document Management Document Integrity PDF/A for File Preservation
Store & Manage
Output
Distribution
User Identification & Authorisation
Authentication
Authorisation
Electronic Document ManagementObjeCTIve: • To ensure data availability, confidentiality and integrity
• Information made available when needed. Seamless integration of storage and document processing with security controls
rISK:• Documents are mislaid or inaccessible either in manual paper processes or locally stored electronic files
• Unauthorised access to documents and information
• Tampering or undetected modification of documents
SOlUTION:We provide solutions to capture and index paper and electronic documents and route into centralised electronic storage with powerful management capabilities.
AvAILABILITY: • Full integration with Ricoh MFPs enables easy selection and scanning directly into the appropriate business process folder
• Electronic folder structures are created for a trusted archive which stores hundreds of document types. Powerful search capabilities give fast access for finding a file or information within a file within seconds
• Company documents are centrally available and the information capital is protected so should an individual employee leave, it remains accessible
CONFIDENTIALITY:• Safeguards information with role-based access control
• Allows assignment of granular and fully customisable security permissions. Security models can be defined for user roles, groups or individual databases
• Roles can be tightly integrated to an Active Directory/LDAP to simplify the user experience while keeping information secure. (Requires server options)
DATA INTEGRITY:Manages changes and aids compliance by ensuring information accuracy with audit/logging trails and check-in/out version Control with server options.
• Ensures data cannot be modified undetectably
• Shows which document is the latest or published version
• Prevents unauthorised overwriting or changes to documents
• Records management features enable tasks such as an automatic date expiration which allows you to set the
length of time files are to be kept before they are required to be automatically destructed in line with regulations or policies
• Browser-based access can be restricted to read only access
Document Processes & Protection
Systems Configuration & Devices
MfPs & Printers
Device Management
Network Protection
Monitoring & Auditing
Credentials
Security Solutions Overview
glossary
Case Studies
![Page 13: Your information. Our solutions. A secure combination ... · Your security. Our priority. We appreciate that your business information is a primary asset. If sensitive details end](https://reader034.vdocuments.us/reader034/viewer/2022050118/5f4eb609a6847937ac42b207/html5/thumbnails/13.jpg)
Document Processes & Protection
Capture
Electronic Document Management - Document Integrity PDF/A for File Preservation
Store & Manage
Output
Distribution
User Identification & Authorisation
Authentication
Authorisation
Assuring Integrity of DocumentsObjeCTIve: • Provide solutions to ensure confidence that a document
has not been tampered with and is as sent originally
rISK: • Information in a file is altered after it was originally sent
• Mistakes can be made when manually Bates Stamping onto paper in this time-consuming process
SOlUTION:• Digital Signature: To improve document authenticity
and integrity, users can add a digital signature to PDF documents. A digital signature can be added to documents at a Ricoh MFP or, for electronic documents, on a desktop
• The signature gives assurance that information hasn’t been altered since sent. It also verifies the signer’s digital identity
• Digital signatures are now accepted by law in many countries
• The document version history lets recipients see when the document was signed and see when any changes were made. This history is encrypted and stored inside the PDF and can be viewed via the signatures pane
• A certificate creation tool is also available – this allows the user to create a digital certificate for digital signature via Ricoh MFPs
• If scanning original documents and applying the digital signature are both done by a Ricoh MFP at the same time, it helps prevent the scanned document being changed unintentionally before signing, or being signed by an unscrupulous person
• bates Stamping: Is a widely respected and often key requirement in legal, medical and business areas
• Users can automatically apply Bates Stamps to electronic documents from their desktop to uniquely label and identify each page of a PDF
• The stamp appears as a header or footer on specified pages and can contain additional information
• Bates Stamps and Page Numbering can be applied in manual or batch mode with flexibility in location, structure and sequencing
• PDf watermarks: These can be added from a desktop even if they didn’t exist in the original - to include ISMS information security level, for example
Document Processes & Protection
Systems Configuration & Devices
MfPs & Printers
Device Management
Network Protection
Monitoring & Auditing
Credentials
Security Solutions Overview
glossary
Case Studies
![Page 14: Your information. Our solutions. A secure combination ... · Your security. Our priority. We appreciate that your business information is a primary asset. If sensitive details end](https://reader034.vdocuments.us/reader034/viewer/2022050118/5f4eb609a6847937ac42b207/html5/thumbnails/14.jpg)
Document Processes & Protection
Capture
Electronic Document Management Document Integrity - PDF/A for File Preservation
Store & Manage
Output
Distribution
User Identification & Authorisation
Authentication
Authorisation
PDF/A for File PreservationObjeCTIve: • The long-term preservation of electronic documents for
confidence in archiving and Document Management
• Ensure that those documents will be able to be retrieved and rendered with a consistent and predictable result in the future
rISK: • With different tools and systems used to create, store and
render files, there is a danger files are not displayed in the same way over time
• Need to electronically archive documents in a way that will ensure preservation of their contents over an extended time period
SOlUTION:• ISO 19005-1 defines ‘a file format based on PDF, known
as PDF/A, which provides a mechanism for representing electronic documents in a manner that preserves their visual appearance over time, independent of the tools and systems used for creating, storing or rendering the files’
• The standard ensures documents can be exactly reproduced for years to come
• We provide methods of scanning direct to PDF/A via Ricoh MFPs or converting different electronic file formats to PDF/A on a desktop
• PDF/A is a subset of PDF which leaves out features not suited to long-term archiving. This requires that the PDF/A documents are 100% self-contained with everything necessary for displaying the document the same every time, embedded in the file
• A PDF/A is not reliant on information from other sources such as font programmes and hyperlinks
Document Processes & Protection
Systems Configuration & Devices
MfPs & Printers
Device Management
Network Protection
Monitoring & Auditing
Credentials
Security Solutions Overview
glossary
Case Studies
![Page 15: Your information. Our solutions. A secure combination ... · Your security. Our priority. We appreciate that your business information is a primary asset. If sensitive details end](https://reader034.vdocuments.us/reader034/viewer/2022050118/5f4eb609a6847937ac42b207/html5/thumbnails/15.jpg)
Document Processes & Protection
Capture
Store & Manage
Output
Distribution
User Identification & Authorisation
Authentication
Authorisation
Secure PrintingObjeCTIve: • Maintain confidentiality by suspending document printing
until the authorised user identifies themselves at the device by authenticating
• Secure print data while, in transit, during process and while stored on the device
rISK: • Hard copy documents uncollected by users left in output
trays. Anyone passing by can browse through or remove prints left on the output tray
• Users having to rush across the office to retrieve a sensitive document
• Falls under the following Standard control clauses (ISO27002):
10.7.1 Management of removable media
10.8.1 Information exchange policies and procedures
11.3.3 Clear desk and clear screen policy
• Print data can be intercepted in transit, during process and while stored on the device
SOlUTION:• Access to Ricoh printers and MFPs can be controlled so
that users have to authenticate at the device in order to release their prints
• Ricoh has a number of different authentication methods from a simple PIN, username and password, or with an ID card - even using existing entrance access card infrastructure
• Simplest device based functionality selected in the driver; user authenticates by entering a password or PIN (Personal Identification Number) at the device control panel. Print jobs can be deleted from the server if not collected by a certain time. (Requires a hard drive)
- The password used for locked printing can be encrypted to protect against wiretapping
Document Processes & Protection
- Secure Printing Copy Data Security Watermarking Archiving Print Jobs
Systems Configuration & Devices
MfPs & Printers
Device Management
Network Protection
Monitoring & Auditing
Credentials
Security Solutions Overview
glossary
Case Studies
1 of 2
![Page 16: Your information. Our solutions. A secure combination ... · Your security. Our priority. We appreciate that your business information is a primary asset. If sensitive details end](https://reader034.vdocuments.us/reader034/viewer/2022050118/5f4eb609a6847937ac42b207/html5/thumbnails/16.jpg)
Document Processes & Protection
Capture
Store & Manage
Output
Distribution
User Identification & Authorisation
Authentication
Authorisation
Secure PrintingSOlUTION:• For increased flexibility, alongside secure printing, other
server and server-less solutions offer all the benefits of shared centralised MFPs or printers without compromising document security:
- Print jobs can be released by the authorised person from a choice of more than one device, or even any device on the network
- User manages own print queue and can delete unwanted material
- Queue automatically deleted if not collected e.g. after 24 hours
- Documents stored on the printer are encrypted so information cannot be compromised if hard drive leaves the site
• When integrated with card authentication, users simply swipe an ID card instead of remembering a password which may be disclosed to others
For a higher level of security, users may have to swipe a card, in addition to using a password before their print is released
• Mask Print information: Authenticated users can only view their own “Spool Printing” list, printer job history, and error log, other users’ information will be masked using asterisks (“****”)
- When User Authentication is not enabled, it is possible to view the list of Locked Print documents created by all users, however all filenames are displayed as asterisks (“****”)
- When User Authentication is enabled, the user cannot view any information on this list until authenticated. However, even after successfully logging in, the user can only view a list of his or her own Locked Print documents (the filenames for which are displayed as is, without asterisks)
• Print data can be encrypted while in transit using SSL
• Secure print data during processing:
- Only unique Ricoh protocols are used for the exchange of data internally within the device this prevents illegal access to any program or data
- Each MFP function runs as an independent process preventing illegal access to networks and internal programs from an outside line
• Print data can be encrypted while it’s stored in the device using 256 bit Advanced Encryption Standard
Document Processes & Protection
- Secure Printing Copy Data Security Watermarking Archiving Print Jobs
Systems Configuration & Devices
MfPs & Printers
Device Management
Network Protection
Monitoring & Auditing
Credentials
Security Solutions Overview
glossary
Case Studies
2 of 2
![Page 17: Your information. Our solutions. A secure combination ... · Your security. Our priority. We appreciate that your business information is a primary asset. If sensitive details end](https://reader034.vdocuments.us/reader034/viewer/2022050118/5f4eb609a6847937ac42b207/html5/thumbnails/17.jpg)
Document Processes & Protection
Capture
Store & Manage
Output
Distribution
User Identification & Authorisation
Authentication
Authorisation
Copy Data SecurityObjeCTIve: • Control unauthorised copying by embedding patterns which
greys the document to prevent duplication on other MFPs
rISK: • An illegal attempt is made to copy a document
SOlUTION:• Unauthorised Copy Control is a unique Ricoh feature. It
embeds patterns and text under printed text, eliminating the risk of unauthorised copying of sensitive documents
• It consists of two functions:
Mask Type for Copying* embeds a masking pattern and message within the original printout. If copies are made on Ricoh or non-Ricoh devices the embedded message appears – the author’s name would, for example, help identify the originator
Data Security for Copying - when printing on a Ricoh MFP, if this feature is selected in the driver, all copies made of the original on a Ricoh MFP+ will be greyed out
Document Processes & Protection
Secure Printing - Copy Data Security Watermarking Archiving Print Jobs
*Some digital MFPs may not detect masking patterns+ Requires Copy Data security Unit. Not supported on some fax-enabled configurations. Scanner feature must be deactivated on some scan-enable configurations. Copy reduction ratio less than 50% will be deactivated
Systems Configuration & Devices
MfPs & Printers
Device Management
Network Protection
Monitoring & Auditing
Credentials
Security Solutions Overview
glossary
Case Studies
![Page 18: Your information. Our solutions. A secure combination ... · Your security. Our priority. We appreciate that your business information is a primary asset. If sensitive details end](https://reader034.vdocuments.us/reader034/viewer/2022050118/5f4eb609a6847937ac42b207/html5/thumbnails/18.jpg)
Document Processes & Protection
Capture
Store & Manage
Output
Distribution
User Identification & Authorisation
Authentication
Authorisation
WatermarkingObjeCTIve: • Add an additional layer of visible security that highlights the
sensitivity of a document
rISK: • Unclear if a distributed document is a draft or confidential
– therefore may not be treated with the right level of sensitivity
SOlUTION:• Watermarking driver setting
• Allows user to simply add a message behind the text of a document
• Words such a ‘draft or ‘confidential’ can be used for example in accordance with the security policies of the company
Document Processes & Protection
Secure Printing Copy Data Security - Watermarking Archiving Print Jobs
Systems Configuration & Devices
MfPs & Printers
Device Management
Network Protection
Monitoring & Auditing
Credentials
Security Solutions Overview
glossary
Case Studies
![Page 19: Your information. Our solutions. A secure combination ... · Your security. Our priority. We appreciate that your business information is a primary asset. If sensitive details end](https://reader034.vdocuments.us/reader034/viewer/2022050118/5f4eb609a6847937ac42b207/html5/thumbnails/19.jpg)
Document Processes & Protection
Capture
Store & Manage
Output
Distribution
User Identification & Authorisation
Authentication
Authorisation
Archiving Print JobsObjeCTIve: • Ensure that documents produced are readable for at least
one hundred years
rISK:• Paper documents degrade and become illegible over time
SOlUTION:• Ricoh devices meet the archiving requirement so that
documents produced by these devices are readable for at least one hundred years
• Toner adhesion meets the ISO 11798
Document Processes & Protection
Secure Printing Copy Data Security Watermarking - Archiving Print Jobs
Systems Configuration & Devices
MfPs & Printers
Device Management
Network Protection
Monitoring & Auditing
Credentials
Security Solutions Overview
glossary
Case Studies
![Page 20: Your information. Our solutions. A secure combination ... · Your security. Our priority. We appreciate that your business information is a primary asset. If sensitive details end](https://reader034.vdocuments.us/reader034/viewer/2022050118/5f4eb609a6847937ac42b207/html5/thumbnails/20.jpg)
Document Processes & Protection
Capture
Store & Manage
Output
Distribution
User Identification & Authorisation
Authentication
Authorisation
Control Scan/Fax DestinationsObjeCTIve: • Regulate access to scanning functions in order to control
distribution of confidential documents
rISK: • Non-authorised users attempt to scan or fax documents –
for example, trying to send ‘leaked’ documents outside of the company to a competitor
SOlUTION:• Control destinations for documents that are scanned
or faxed. Delivers documents directly into a document workflow from a Ricoh MFP e.g. to pre-set email addresses or folders
• Easy to use interface on the MFP decreases human error with icon-driven ‘select and go’ scanning process
• When used in conjunction with authentication methods administrators can even create workflows and predefine destinations for a user’s documents e.g.:
- ‘Scan to me’ – scanned documents are automatically forwarded per SMTP to the email address of an authenticated user- this address needs to be looked up in LDAP, SMTP server can be configured centrally
- Files are sent as attachment in MIME coded email message
• Reporting and tracking of distribution activities provides an audit trail
• For those organisations in certain environments who must be able to provide evidence of all data processed; there is an optional feature to store and archive all documents processed on the device for audit and accountability purposes
Document Processes & Protection
- Control Scan/Fax Destinations Secure PDF Sharing Faxing Security Removal of Confidential Text
Systems Configuration & Devices
MfPs & Printers
Device Management
Network Protection
Monitoring & Auditing
Credentials
Security Solutions Overview
glossary
Case Studies
![Page 21: Your information. Our solutions. A secure combination ... · Your security. Our priority. We appreciate that your business information is a primary asset. If sensitive details end](https://reader034.vdocuments.us/reader034/viewer/2022050118/5f4eb609a6847937ac42b207/html5/thumbnails/21.jpg)
Document Processes & Protection
Capture
Store & Manage
Output
Distribution
User Identification & Authorisation
Authentication
Authorisation
Secure PDF SharingObjeCTIve: • Ensure that only the right people can access certain
information
• Protect PDF documents with password and/or permissions control for secure sharing and archiving
rISK: • Information getting into the wrong hands
• Even documents marked with ISMS security classifications can be ignored by malicious actions or subject to human error
• There are high profile examples of documents marked highly confidential being widely circulated - even appearing in newspapers
SOlUTION:• We can provide software to protect sensitive information
with PDF creation that works alongside any organisations’ security policies
• PDFs are encrypted while in transit using SSL
• Users can also set passwords on PDF files with 128-bit secure encryption – requiring others to know the password in order to view, edit or print them
• Users can set the security level of their PDF files directly from Ricoh MFPs or protect electronic files via their desktop with drag and drop ease
• There are two types of password:
- Open Password restricts document accessibility-can only be opened by supplying the password when prompted
- Permissions Password allows users to define how a document is used or modified-provides options to control/disable printing or editing
• Digitally signing of PDFs to confirm authenticity and integrity
• Users can additionally send multiple files in their original formats in an encrypted ‘PDF envelope’ from their desktops
Document Processes & Protection
Control Scan/Fax Destinations - Secure PDF Sharing Faxing Security Removal of Confidential Text
Systems Configuration & Devices
MfPs & Printers
Device Management
Network Protection
Monitoring & Auditing
Credentials
Security Solutions Overview
glossary
Case Studies
![Page 22: Your information. Our solutions. A secure combination ... · Your security. Our priority. We appreciate that your business information is a primary asset. If sensitive details end](https://reader034.vdocuments.us/reader034/viewer/2022050118/5f4eb609a6847937ac42b207/html5/thumbnails/22.jpg)
Document Processes & Protection
Capture
Store & Manage
Output
Distribution
User Identification & Authorisation
Authentication
Authorisation
Faxing SecurityObjeCTIve: • A range of solutions to prevent unauthorised user access or
tapping of phone/fax lines
rISK:• Unauthorised access to a corporate network via fax line
• Illegal tapping of phone lines
• Unauthorised use/abuse of fax
SOlUTION:• If an initial connection is established with a terminal
that does not use G3 or G4 protocols, the MFP will view this as a communication failure and terminate the connection. This prevents access to internal networks via telecommunications lines and ensures that no illegal data can be introduced via these lines
• restricted access: Requires authorised user code - keeps device usage under firm control and deters passers-by from using it
• Can be linked to the Night Timer feature to prevent after-hours access
• Network Authentication limits access to the fax systems, increasing security by monitoring usage
• Access is restricted to users with a Windows domain controller account
• Server Authentication limits access to fax system for scan to email as well as standard faxing, IP faxing and LAN faxing
• Security PIN Code Protection. To prevent exposure of a PIN Code or Personal ID, any character after a certain position in the destination’s dial number is concealed in the display and Communications Report
• Closed Network checks the ID codes of the communicating machines. If they are not identical communication is terminated. This prevents potentially sensitive information being transmitted, intentionally or accidentally to the wrong location. (Requires Ricoh fax systems with closed network capacity)
• Confidential Transmission/reception – enables user to transmit to /receive a passcode-protected mailbox. Messages are only printed after recipient enters correct passcode – providing an enhanced level of security
• Memory lock – retains documents from all or specific senders in the memory. When the Memory Lock ID is entered, the document prints – again this prevents documents sitting on the receive tray for anyone passing to read
• fax to email – a sub-address attached to a fax number allows a fax to be routed direct to recipient’s e-mail on a PC. Maintains confidentiality as only the recipient can view the message
Document Processes & Protection
Control Scan/Fax Destinations Secure PDF Sharing - Faxing Security Removal of Confidential Text
Systems Configuration & Devices
MfPs & Printers
Device Management
Network Protection
Monitoring & Auditing
Credentials
Security Solutions Overview
glossary
Case Studies
![Page 23: Your information. Our solutions. A secure combination ... · Your security. Our priority. We appreciate that your business information is a primary asset. If sensitive details end](https://reader034.vdocuments.us/reader034/viewer/2022050118/5f4eb609a6847937ac42b207/html5/thumbnails/23.jpg)
Document Processes & Protection
Capture
Store & Manage
Output
Distribution
User Identification & Authorisation
Authentication
Authorisation
Removal of Confidential TextObjeCTIve: • The blacking out/redaction of confidential text
• Removal of sensitive information prior to release or publication
• To adhere to industry regulations and Data Protection Policies
rISK: • Documents distributed with sensitive details included
• Time-consuming searching and marking of documents by hand with chance of human error
SOlUTION:In business and law, a document can have certain parts ‘redacted’, involving the removal of sensitive names and details. For example, a court may order that the names of signatories of a petition be redacted to protect their identity. Typically, it has been performed manually however we offer an automated solution.
• Users can redact PDF Normal and Text Searchable PDFs at the desktop using powerful search and redact features. These automatically search documents for specified words then remove information with options to also remove any metadata associated with it
• Redaction codes or text can be placed over the removed information to indicate why the information was redacted
• The redaction workflow can also be directly selected from a Ricoh MFP display. The results are delivered as a searchable PDF file with all the specified information fully redacted
• Images as well as text can be permanently removed from PDF files through redaction
Document Processes & Protection
Control Scan/Fax Destinations Secure PDF Sharing Faxing Security - Removal of Confidential Text
Systems Configuration & Devices
MfPs & Printers
Device Management
Network Protection
Monitoring & Auditing
Credentials
Security Solutions Overview
glossary
Case Studies
![Page 24: Your information. Our solutions. A secure combination ... · Your security. Our priority. We appreciate that your business information is a primary asset. If sensitive details end](https://reader034.vdocuments.us/reader034/viewer/2022050118/5f4eb609a6847937ac42b207/html5/thumbnails/24.jpg)
Document Processes & Protection
Capture
Store & Manage
Output
Distribution
User Identification & Authorisation
Authentication
Authorisation
Systems Configuration & Devices
MfPs & Printers
Device Management
Network Protection
Monitoring & Auditing
User Identification & Authorisation
User Identification & Authorisation
Credentials
Security Solutions Overview
glossary
Case Studies
Managing authorised access on every level.• Whatcanabusinessimplementtopreventunauthorised
system usage and control circulation of sensitive data?
• Howdoyoucontroldistributiondestinationsandmanageauthorised users’ access to certain functions or prevent them from changing specific settings?
On every level, control of access is the key to minimising risk. With our systems, Authentication and Administration work together in identifying users to establish and verify access rights and prevent unauthorised usage. Administrators authorise access to system functions to suit appropriate levels of rights, and to restrict users from accessing or tampering with system settings. Authentication is also used to enable functionality such as secure printing and ‘scan to me’, as well as enabling tracking and monitoring usage by individual or department.
A choice of options such as passwords, authentication cards or biometric identification methods, can be used to permit and manage access for groups or individuals. An organisation’s existing IT infrastructure can also be used for authentication management by integrating into LDAP (Lightweight Directory Access Protocol) or AD (Active Directory) and staff entry ID cards, for example, can be used to access devices.
![Page 25: Your information. Our solutions. A secure combination ... · Your security. Our priority. We appreciate that your business information is a primary asset. If sensitive details end](https://reader034.vdocuments.us/reader034/viewer/2022050118/5f4eb609a6847937ac42b207/html5/thumbnails/25.jpg)
Document Processes & Protection
Capture
Store & Manage
Output
Distribution
User Identification & Authorisation
Authentication
Authorisation
User AuthenticationObjeCTIve: Identify users to verify permissions to perform certain operations or access specific resources:
• Prevent unauthorised system usage or changing and tampering of machine settings
• Control access of system functions
• Identify users to enable secure printing and distribution control such as ‘scan to me’
rISK: 1. Unauthorised person accessing the device
• Risk and Standard control clauses (ISO27002)
• Unauthorised user of print service – uncontrolled resource
- 6.1.4 Authorisation process for information processing facilities
- 15.1.5 Prevention of misuse of information processing facilities
2. Unauthorised distribution of documents
- E.g. Incorrectly assigned owner of scanned document
- 11.5.2 User identification and authentication
3. Different access levels required to prevent inappropriate viewing/usage
SOlUTION:• Users identify themselves at an MFP or printer by
authentication. This prevents unauthorised access, and allows monitoring and management of device usage by user level
- Administrators can control access to device functions – for example by only giving a user access to print and not copy, or only allowing copying in black and white
- Authentication also allows secure release printing and customised destinations for particular users, such as ‘scan to me’
• There are four methods for user authentication – basic and user code (verified against local databases); existing IT infrastructure can be used for authentication by integrating into LDAP (Lightweight Directory Access Protocol) or Active Directory. For increased user friendliness and also to prevent PIN/password being overseen, users can also use ID cards to authenticate (see card authentication)
User Identification & Authorisation
- User Authentication Card Authentication
Systems Configuration & Devices
MfPs & Printers
Device Management
Network Protection
Monitoring & Auditing
Credentials
Security Solutions Overview
glossary
Case Studies
1 of 2
![Page 26: Your information. Our solutions. A secure combination ... · Your security. Our priority. We appreciate that your business information is a primary asset. If sensitive details end](https://reader034.vdocuments.us/reader034/viewer/2022050118/5f4eb609a6847937ac42b207/html5/thumbnails/26.jpg)
Document Processes & Protection
Capture
Store & Manage
Output
Distribution
User Identification & Authorisation
Authentication
Authorisation
User Authentication SOlUTION:1. windows Authentication: verifies the identity of the user
by comparing login credentials (user name and password) against the Active Directory server database.
- Unlimited user accounts
- Suits multi-machine usage, organisations with large user base and ‘hot desking’, roaming profiles
2. lDAP authentication: validates a user against the LDAP server so only those with a valid user name/password can access the global address book
- Unlimited user accounts
- Suits multi-machine usage, organisations with large user base and ‘hot desking’, roaming profiles
3. basic Authentication: verifies a user against the name/password registered locally in the device’s Address Book to allow access.
- Gives 500 user accounts
- User name & password and alpha numeric fields, usage tracking, export/import data, static network user
- Administration roles: Access, network, machine, user, file and engineer access prevention
4. User Code Authentication: Utilises standard User Code system to authenticate the user. PIN code entered by user is compared to registered data in the address book and validated before access is permitted
• A User Code can be assigned according to desired level of access
• It enables system administrators to monitor and manage usage – generate print counter reports by function and User Code
• Both Basic Authentication and User Code Authentication can be used in Windows and non-Windows office environments
OTHer AUTHeNTICATION MeTHODS:
Integration server authentication
• Integration server authentication is used when there is a need to integrate with a specific authentication system such as RADIUS server authentication
User Identification & Authorisation
- User Authentication Card Authentication
Systems Configuration & Devices
MfPs & Printers
Device Management
Network Protection
Monitoring & Auditing
Credentials
Security Solutions Overview
glossary
Case Studies
2 of 2
![Page 27: Your information. Our solutions. A secure combination ... · Your security. Our priority. We appreciate that your business information is a primary asset. If sensitive details end](https://reader034.vdocuments.us/reader034/viewer/2022050118/5f4eb609a6847937ac42b207/html5/thumbnails/27.jpg)
Card AuthenticationObjeCTIve: • Manage and control user access to printers or
MFP functions
• Avoid information leaks by limiting access to email and fax
• Improve security by providing two forms of authentication
• Extend Public Key Infrastructure (PKI) environment
rISK: 1. Unauthorised person accessing the device
• Risk and Standard control clauses (ISO27002)
• Unauthorised user of print service – uncontrolled resource
- 6.1.4 Authorisation process for information processing facilities
- 15.1.5 Prevention of misuse of information processing facilities
2. Unauthorised distribution of documents
- E.g. Incorrectly assigned owner of scanned document
- 11.5.2 User identification and authentication
3. PIN/password being forgotten or disclosed to unauthorised person
4. Different access levels required to prevent inappropriate viewing/usage
SOlUTION:• Use cards for authentication for: user convenience, or to
improve security by providing two forms of authentication; something a user has (the card), and something they know (the card’s PIN)
• User access to a MFP or printer can be permitted by using ID cards
• Documents can be released and printed securely by a swipe of an ID card
• Access to email and fax functions can be controlled, for example by providing predefined destinations according to the status of the individual, to prevent misuse/leakage of information
• Authorised access can be further controlled by setting ‘scan to’ sender details as the ID card owner to prevent spoofing of the sender
• An organisation’s existing log on and entrance access card infrastructure can be utilised for simpler IT management and easier user access
• The access log and job log function on our Device Monitoring & Management tools allow tracking of exactly who, where and when any confidential information is sent
• Use Public Key Infrastructure (PKI) to improve security. Opportunity to extend PKI by digitally signing documents during scanning, using card authentication
Document Processes & Protection
Capture
Store & Manage
Output
Distribution
User Identification & Authorisation
Authentication
Authorisation
User Identification & Authorisation
User Authentication - Card Authentication
Systems Configuration & Devices
MfPs & Printers
Device Management
Network Protection
Monitoring & Auditing
Credentials
Security Solutions Overview
glossary
Case Studies
![Page 28: Your information. Our solutions. A secure combination ... · Your security. Our priority. We appreciate that your business information is a primary asset. If sensitive details end](https://reader034.vdocuments.us/reader034/viewer/2022050118/5f4eb609a6847937ac42b207/html5/thumbnails/28.jpg)
Administrator AuthenticationObjeCTIve: • Control permission level granted to each user to prevent
unauthorised usage of stored information
• Provide authorisation rights and authentication management for administrators
• Identify and delegate management tasks to the administrators based on their username and password
• Reduce workload put on any single administrator
rISK: • Risks and Standard control clauses (ISO27002):
- 6.1.4. Authorisation process for information processing facilities
- 15.1.5 Prevention of misuse of information processing facilities
• Excessive privileges given to any one administrator
SOlUTION:• Up to four administrators can share management of system
settings and user access to devices for separation of duty if required. A separate Supervisor role allows setting/changing of administrator passwords. By sharing the administrative work among different administrators, MFP management workload and responsibilities can be spread evenly and according to areas of expertise
- This provides enhanced security as no one administrator is assigned with excessive privileges
Document Processes & Protection
Capture
Store & Manage
Output
Distribution
User Identification & Authorisation
Authentication
Authorisation
User Identification & Authorisation
- Administrator Authentication User Access Control
Systems Configuration & Devices
MfPs & Printers
Device Management
Network Protection
Monitoring & Auditing
Credentials
Security Solutions Overview
glossary
Case Studies
1 of 2
![Page 29: Your information. Our solutions. A secure combination ... · Your security. Our priority. We appreciate that your business information is a primary asset. If sensitive details end](https://reader034.vdocuments.us/reader034/viewer/2022050118/5f4eb609a6847937ac42b207/html5/thumbnails/29.jpg)
Administrator AuthenticationSOlUTION:• If Administrator Authentication is enabled, the four types
of Administrator privileges are built-in to the machine. These roles can be combined to suit an organisation’s requirements:
- Machine Administrator: Can configure machine settings
- Network Administrator: Network settings such as IP address and SNMP server
can only be specified or changed by the Network Administrator
- file Administrator: Manages access permissions to stored files. The File
Administrator can set restrictions based on passwords that allow only registered and permitted users to view and edit files stored in the document server
- User Administrator: Manages user accounts in the address book. If a user
forgets their password, the User Administrator can delete it and create a new one
- Supervisor: Can delete any administrator password and specify a
new one. The Supervisor cannot configure machine settings or use functions
• Document Management & Electronic Storage: Central repository secured with integrated Role-Based Access Control (RBAC)
• Assignment of individual rights, profiles and roles
• Assignment of roles to groups
• Easy user and group administration and authentication; integration and synchronisation of users/groups in external Directory Services with support for LDAP and Active Directory Services
• Browser-based access can be restricted to read-only access
Document Processes & Protection
Capture
Store & Manage
Output
Distribution
User Identification & Authorisation
Authentication
Authorisation
User Identification & Authorisation
Credentials
Security Solutions Overview
glossary
Case Studies
2 of 2
- Administrator Authentication User Access Control
Systems Configuration & Devices
MfPs & Printers
Device Management
Network Protection
Monitoring & Auditing
![Page 30: Your information. Our solutions. A secure combination ... · Your security. Our priority. We appreciate that your business information is a primary asset. If sensitive details end](https://reader034.vdocuments.us/reader034/viewer/2022050118/5f4eb609a6847937ac42b207/html5/thumbnails/30.jpg)
User Access ControlObjeCTIve:• Document owners can control access to their files stored
on the document server
rISK:• Documents stored within the printer/MFP’s document
server can be accessed by PC users on the network
• Risks and Standard control clauses (ISO27002): Prohibiting unauthorised document circulation
SOlUTION:• Password-Protected Files: Document owner can provide
access to files stored on the document server. Files can be password protected, restricting user access. Passwords can be set by using from four to eight digits
• Specify User Access Level: Four types are available
- 1. Read only: User can print and send stored files
- 2. Edit: In addition to the above, user can change print settings for stored files
- 3. Edit/Delete: Also gives user ability to delete stored files
- 4. Full Control: users can utilise all aspects and control other users access permission
• Enhanced Password Protection: Should anyone attempt to break the password-protected code, access is automatically locked by this feature
Document Processes & Protection
Capture
Store & Manage
Output
Distribution
User Identification & Authorisation
Authentication
Authorisation
User Identification & Authorisation
Credentials
Security Solutions Overview
glossary
Case Studies
Administrator Authentication - User Access Control
Systems Configuration & Devices
MfPs & Printers
Device Management
Network Protection
Monitoring & Auditing
![Page 31: Your information. Our solutions. A secure combination ... · Your security. Our priority. We appreciate that your business information is a primary asset. If sensitive details end](https://reader034.vdocuments.us/reader034/viewer/2022050118/5f4eb609a6847937ac42b207/html5/thumbnails/31.jpg)
Document Processes & Protection
Capture
Store & Manage
Output
Distribution
User Identification & Authorisation
Authentication
Authorisation
Systems Configuration & Devices
MfPs & Printers
Device Management
Network Protection
Monitoring & Auditing
Systems Configuration & Devices
Systems Configuration & Devices
Credentials
Security Solutions Overview
glossary
Case Studies
Helping keep data and devices secure.• Howcanyousafeguardconfidentialinformation
processed and stored on MfPs and printers?
• Areyoursystemsanddevicesabletowithstand potential attacks?
Providing a secure environment for the processing of information is a prime driver in the development of our products and their operating systems. That’s why you’ll find that our latest devices come equipped to protect printed and electronic data against opportunistic or targeted threats.
In fact globally, a number of our devices have achieved the Common Criteria certification which conforms to IEEE 2600.1. The latter is an international standard that defines requirement specifications for office use as well as government where a higher security level is required.
In today’s digital age, devices such as printers and MFPs throughout the industry can store latent images of processing data. There’s also address data and documents intentionally stored on the Hard Disk Drive for printing on demand. This can open up an area of considerable concern, especially when devices eventually leave your site.
The protection offered on our devices includes encryption to make intercepted data indecipherable and the ability to overwrite data to prevent it falling into the wrong hands. RAM-based security can provide an alternative to the Hard Disk Drive for some customers. We also offer services to ensure no information remains on a device at the end of its life.
![Page 32: Your information. Our solutions. A secure combination ... · Your security. Our priority. We appreciate that your business information is a primary asset. If sensitive details end](https://reader034.vdocuments.us/reader034/viewer/2022050118/5f4eb609a6847937ac42b207/html5/thumbnails/32.jpg)
Secure PrintingObjeCTIve: • Maintain confidentiality by suspending document printing
until the authorised user authenticates
• Protect data whilst being processed
rISK: • Hard copy documents left in output trays – anyone passing
by could browse through or remove
• Urgency placed on user to immediately retrieve a sensitive document
• Falls under the following Standard control clauses (ISO27002):
10.7.1 Management of removable media
10.8.1 Information exchange policies and procedures
11.3.3 Clear desk and clear screen policy
• Print data captured whilst in transit
SOlUTION:• Maintain confidentiality by releasing print only when
document owner authenticates at the device. Authentication methods range from a simple PIN to user name and password or an ID card - even using existing entrance access card infrastructure
• In-built device security requires that the authorised user authenticates by entering a password or PIN (Personal Identification Number) at the device control panel
- Available through Ricoh’s advanced print drivers (requires a hard drive which may be optional, depending on model)
- Print jobs can be deleted from the server if not collected by a certain time
- The password used for locked printing can be encrypted to protect against wiretapping
• For further security and added user convenience, we offer a number of solutions that permit single sign-on with existing IT infrastructure or ability to unlock prints by swiping entrance access card for seamless IT management
• To protect data during processing the device functions run as independent processes with specific memory space allocated separately for each module. This makes it impossible to directly access the memory space of any other module. For example, incoming fax data will only be sent to those applications designated for fax operations – this arrangement prevents illegal access to networks and internal programs from an outside line
• Only unique Ricoh protocols are used for the exchange of data internally within applications - this prevents illegal access to any program or data
• Data is encrypted while in transit
• Data is encrypted while waiting for printing
Document Processes & Protection
Capture
Store & Manage
Output
Distribution
User Identification & Authorisation
Authentication
Authorisation
Systems Configuration & Devices
Systems Configuration & Devices
MfPs & Printers
Device Management
Network Protection
Monitoring & Auditing
- Secure Printing Hard Disk Drive Security Security Certification
Credentials
Security Solutions Overview
glossary
Case Studies
![Page 33: Your information. Our solutions. A secure combination ... · Your security. Our priority. We appreciate that your business information is a primary asset. If sensitive details end](https://reader034.vdocuments.us/reader034/viewer/2022050118/5f4eb609a6847937ac42b207/html5/thumbnails/33.jpg)
Hard Disk Drive SecurityObjeCTIve: • Safeguard confidential information by providing effective
management of data processed by and stored on MFPs and printers
rISK: • Hard Disk Drives are essential for the production process
and efficient operation. However they can store a latent image of processing data as well as address data and documents intentionally stored for printing on demand. Without effective management, they can present a possible weakness
• Unauthorised alteration/deletion of software, hardware, other digital resources such as downloadable fonts and images, email/fax address
SOlUTION:We help safeguard your confidential information in a variety of ways. Data Overwrite Security System (DOSS) protects your latent information and works together with encryption because data that’s not overwritten, such as intentionally stored documents and address books, also needs to be protected.
Data Overwrite Security System (DOSS) is supplied as standard on the latest Ricoh MFPs (and an option on printers)
• It allows you to secure the hard drive and make all confidential data unrecoverable by overwriting latent digital images after all copy, scan and print jobs
• Overwrites with random sequences of ones and noughts – can be set to occur from 1-9 times
• The random data overwrite process makes any effort to access and reconstruct print/copy files virtually impossible-preventing information that could fall into the wrong hands
• A simple display panel icon provide visual feedback on the status of the overwrite process
Document Processes & Protection
Capture
Store & Manage
Output
Distribution
User Identification & Authorisation
Authentication
Authorisation
Systems Configuration & Devices
Systems Configuration & Devices
MfPs & Printers
Device Management
Network Protection
Monitoring & Auditing
Secure Printing - Hard Disk Drive Security Security Certification
Credentials
Security Solutions Overview
glossary
Case Studies
1 of 2
![Page 34: Your information. Our solutions. A secure combination ... · Your security. Our priority. We appreciate that your business information is a primary asset. If sensitive details end](https://reader034.vdocuments.us/reader034/viewer/2022050118/5f4eb609a6847937ac42b207/html5/thumbnails/34.jpg)
Hard Disk Drive SecuritySOlUTION:Data Overwrite Security System (DOSS)
• Provides two methods for overwriting the data – Event Driven and Overwrite All
- Event Driven destroys copy, print and scan data immediately after every job is processed (if a job comes in while the system is overwriting the previous one, it automatically halts until the job is completed)
- Overwrite All overwrites the device’s entire hard drive, including stored documents (including setting information, e-mail/Fax address book information, counter information, etc.) - recommended if relocating or discarding a machine
• Select DOSS versions have ISO 15408 certification conforming to IEEE 2600.1 standard. This ISO is an international standard for information security that provides verification of IT security features
Data encryption: Operates in conjunction with our Data Overwrite Security System – providing a multi-layered approach to securing sensitive documents
• Encrypt valuable Information: Encrypts data, such as frequently used documents stored for print on demand for secure semi-permanent storage, so information would be inaccessible if the Hard Disk Drive got into the wrong hands. Available with new devices or as an option on older devices
• Frequently used information such as address books and administrator or user passwords can also be encrypted. Eliminates the danger of a company’s employees, customers or vendors being targets for malicious e-mails or PC virus contamination. Also protects user names/passwords used elsewhere on the network-increasing network security
• This helps keep data typically stored on MFP or printer from being viewed-even if data/devices are removed or stolen. Locks data to prevent recovery
• Encrypts device information rather than destroying it – allows only authorised users access
Document Processes & Protection
Capture
Store & Manage
Output
Distribution
User Identification & Authorisation
Authentication
Authorisation
Systems Configuration & Devices
Systems Configuration & Devices
MfPs & Printers
Device Management
Network Protection
Monitoring & Auditing
Secure Printing - Hard Disk Drive Security Security Certification
Credentials
Security Solutions Overview
glossary
Case Studies
2 of 2
![Page 35: Your information. Our solutions. A secure combination ... · Your security. Our priority. We appreciate that your business information is a primary asset. If sensitive details end](https://reader034.vdocuments.us/reader034/viewer/2022050118/5f4eb609a6847937ac42b207/html5/thumbnails/35.jpg)
Security CertificationAt Ricoh, we have always taken a consistent and global approach to securing information for our customers. Our thought-leadership is clearly demonstrated right from the earliest stages of our hardware and software design for our multifunctional products (MFPs) and printers.
In fact in 2002, we were the first to receive ISO/IEC 15408 Common Criteria certification for a digital MFP device. Then in March 2010, we became the world’s first to obtain Common Criteria certification conforming to IEEE 2600.1 for MFPs for the Japan market. This certification is an international standard for IT security products for office use as well as government, where an even higher level of security is required.
Now our latest devices for the European Middle East and Africa (EMEA) have also achieved this certification. This relates to our MFP products, Aficio MP2851/3351/4001/5001.
Ricoh will continue to obtain Common Criteria certification conforming to IEEE 2600.1 for its MFPs and printers and will pioneer in the development of new security features to help protect printed and electronic data against opportunistic or targeted threats.
SeCUrITY MATTerSAs potential attacks on your information capital increase in sophistication, securing your data environment is even more vital.
Given the importance of this, governing bodies such as the IEEE, the world’s leading professional association for the advancement of technology, are working to implement security guidelines and product standards to help govern the features of printing devices. Ricoh has a lead role in the IEEE working group which analyses the latest security vulnerabilities and prepares methods to combat them.
To date, the group has created the security standard P2600, an international benchmark for the security of MFPs and systems. This helps organisations configure their devices to optimise security specifically for the environment in which they are operating.
Common Criteria (CC) is an international standard for information security. As an international standard, the CC ensures that the security functions are implemented properly and are usable. The Common Criteria certification demonstrates that Ricoh has secure environments (processes from development, manufacturing, delivery, and installation) as a manufacturer that can provide CC-certified products.
The CC certification evaluates whether or not security functions properly work under certain conditions. However the IEEE 2600 includes a document Protection Profile; IEEE specifies the security functions and requirements, which are subject to evaluation according to the CC.
Document Processes & Protection
Capture
Store & Manage
Output
Distribution
User Identification & Authorisation
Authentication
Authorisation
Systems Configuration & Devices
Systems Configuration & Devices
MfPs & Printers
Device Management
Network Protection
Monitoring & Auditing
Secure Printing Hard Disk Drive Security - Security Certification
Credentials
Security Solutions Overview
glossary
Case Studies
![Page 36: Your information. Our solutions. A secure combination ... · Your security. Our priority. We appreciate that your business information is a primary asset. If sensitive details end](https://reader034.vdocuments.us/reader034/viewer/2022050118/5f4eb609a6847937ac42b207/html5/thumbnails/36.jpg)
Security FeaturesObjeCTIve:• Support key security features whilst simplifying all aspects
of installation, monitoring and management of Ricoh networked output systems
SOlUTION: • Restrict User Access. Allows system administrators to
control user privileges through the user management tool
• It activates a menu for review of the devices authorised for use by User Code and User Name
• A simple click accesses a menu that restricts or enables access for individual users
• Change Community Name: To address SNMP (Simple Network Management Protocol) vulnerability, the system administrator can change the Community Name from ‘Public’ to another more secure name
• If utilised, the Community Name for the software must have the identical name as the connected Ricoh output device
• Support of SNMPv3 which encrypts the community name for improved security
Document Processes & Protection
Capture
Store & Manage
Output
Distribution
User Identification & Authorisation
Authentication
Authorisation
Systems Configuration & Devices
Systems Configuration & Devices
MfPs & Printers
Device Management
Network Protection
Monitoring & Auditing
- Security Features
Credentials
Security Solutions Overview
glossary
Case Studies
![Page 37: Your information. Our solutions. A secure combination ... · Your security. Our priority. We appreciate that your business information is a primary asset. If sensitive details end](https://reader034.vdocuments.us/reader034/viewer/2022050118/5f4eb609a6847937ac42b207/html5/thumbnails/37.jpg)
Document Processes & Protection
Capture
Store & Manage
Output
Distribution
User Identification & Authorisation
Authentication
Authorisation
Systems Configuration & Devices
MfPs & Printers
Device Management
Network Protection
Monitoring & Auditing
Network Protection
Credentials
Security Solutions Overview
glossary
Case Studies
Network Protection
Helping keep intruders out.• Couldhackersandothermaliciouspartiesgainwireless
access to your devices?
• Coulddatastreamsandpasswords be intercepted?
• Haveyourunusednetworkportsbeenleftopenandvulnerable?
As potential attacks on your information capital increase in sophistication, securing your data environment is even more vital. That’s why our devices have a range of security specifications that address vulnerabilities in wired and wireless communications.
For example, encryption features work to help prevent hackers and other unauthorised parties from gaining access, by ensuring data is made indecipherable if intercepted. Authorised connections to a device can also be restricted by range of IP addresses via IP filtering.
Additionally, our systems permit the administrator to disable all ports that are not being used. This, in tandem with our other security solutions, works to prevent the theft of passwords or user names and other outside threats, including destruction and falsification of data.
We continuously evaluate all our products during development. We also check for known vulnerability issues as reported by Internet security organisations such as the CERT Coordination Center. Whenever any such issues are found, we provide appropriate countermeasures. Wireless Access Security
Physically Secure Ports Control IP Address Access Communication Protocols Network Authentication Protocol Device Management
![Page 38: Your information. Our solutions. A secure combination ... · Your security. Our priority. We appreciate that your business information is a primary asset. If sensitive details end](https://reader034.vdocuments.us/reader034/viewer/2022050118/5f4eb609a6847937ac42b207/html5/thumbnails/38.jpg)
Wireless Access SecurityObjeCTIve:• Block intruders from tapping into wireless networks
rISK:• Interception of data streams and passwords. Or using
the wireless connection to a device as an entry point into a data network
SOlUTION:• WPA Support (Wi-Fi Protect Access): Used in conjunction
with the IEEE 802.11a/b/g Wireless LAN option, this is a security specification that addresses vulnerabilities in wireless communications
• It provides a high level of assurance that data will remain protected by allowing only authorised users access
• Authentication and encryption features block intruders with wirelessly enabled laptops from tapping into wireless networks
• It prevents the inception of data streams and passwords or from using the wireless connection as an entry point into the customer data network
• 802.1X Wired Authentication provides Network-port based authentication for point-to-point communication between network devices and a LAN port, communication will terminate if the authentication fails
Document Processes & Protection
Capture
Store & Manage
Output
Distribution
User Identification & Authorisation
Authentication
Authorisation
Systems Configuration & Devices
MfPs & Printers
Device Management
Network Protection
Monitoring & Auditing
Network Protection
- Wireless Access Security Physically Secure Ports Control IP Address Access Communication Protocols Network Authentication Protocol Device Management
Credentials
Security Solutions Overview
glossary
Case Studies
![Page 39: Your information. Our solutions. A secure combination ... · Your security. Our priority. We appreciate that your business information is a primary asset. If sensitive details end](https://reader034.vdocuments.us/reader034/viewer/2022050118/5f4eb609a6847937ac42b207/html5/thumbnails/39.jpg)
Physically Secure PortsObjeCTIve:• Prevent unauthorised network access
rISK:• Networked-enabled systems are shipped to customers
with all network ports open to make them easy to install. However opened, unused network ports pose a security risk of access by an unauthorised outsider via, for example, a wireless connection
SOlUTION:• The system administrator can enable/disable IP ports to
control the different network services provided by the print controller to an individual user
• To provide enhanced network security, specific protocols such as SNMP or FTP can be disabled using Web Image Monitor or Smart Device Monitor
• Eliminate outside threats including destruction/falsification of stored data, Denial of Service (DoS) attacks and viruses entering the network via an unused printer or MFP port
• This also prevents theft of user names and passwords
• Ports can be enabled or disabled individually or protocols /ports can be closed automatically based on network security levels set
Document Processes & Protection
Capture
Store & Manage
Output
Distribution
User Identification & Authorisation
Authentication
Authorisation
Systems Configuration & Devices
MfPs & Printers
Device Management
Network Protection
Monitoring & Auditing
Network Protection
Wireless Access Security - Physically Secure Ports Control IP Address Access Communication Protocols Network Authentication Protocol Device Management
Credentials
Security Solutions Overview
glossary
Case Studies
![Page 40: Your information. Our solutions. A secure combination ... · Your security. Our priority. We appreciate that your business information is a primary asset. If sensitive details end](https://reader034.vdocuments.us/reader034/viewer/2022050118/5f4eb609a6847937ac42b207/html5/thumbnails/40.jpg)
Control IP Address AccessObjeCTIve:• IP filtering: authorised connections to the device can be
restricted to ranges of IP addresses
rISK:• Network is accessed by an unauthorised outsider – for
example via a wireless connection
SOlUTION:• IP (Internet Protocol) Address Filtering: Control access
to the device by restricting access to specified IP address ranges. Up to five sets of ranges can be entered
• Additionally, it helps balance output volumes among multiple devices and enhances network security by limiting access to files stored in devices
Document Processes & Protection
Capture
Store & Manage
Output
Distribution
User Identification & Authorisation
Authentication
Authorisation
Systems Configuration & Devices
MfPs & Printers
Device Management
Network Protection
Monitoring & Auditing
Network Protection
Wireless Access Security Physically Secure Ports - Control IP Address Access Communication Protocols Network Authentication Protocol Device Management
Credentials
Security Solutions Overview
glossary
Case Studies
![Page 41: Your information. Our solutions. A secure combination ... · Your security. Our priority. We appreciate that your business information is a primary asset. If sensitive details end](https://reader034.vdocuments.us/reader034/viewer/2022050118/5f4eb609a6847937ac42b207/html5/thumbnails/41.jpg)
Secure Network Data: Communication ProtocolsObjeCTIve:• Encrypt print data through (SSL) Secure Sockets Layer
technology via IPP (Internet Printing Protocol) to make intercepted data indecipherable
rISK:• vulnerability: Interception of data or tapping machine
settings using communication between PC and output device
SOlUTION:Depending on document data or communication methods for it, the protocols for protection will differ. We offer a range of solutions:
• Data Encryption via IPP: An effective way to achieve data security
- Print data communicated between a network PC and MFP can be encrypted using SSL technology via IPP which secures data between workstations and network printers/MFPs. This stops any attempt to tap print data; intercepted data is indecipherable
- The latest Ricoh devices use a longer key length on SSL certificate for secure encryption level: 1024/2048 bit SHA1 for SSL certificate as standard
- By increasing key length, even if data is stolen, it’s hard to be analysed
- Additional functionality disables SSL-v2 and SSL with encryption key length less than 128 bit
• IPsec Communication (PC-Device Communication): a suite of protocols designed to secure IP communications via authentication and encryption of each IP packet in a data stream
- Also includes protocols for cryptographic key establishment
- Prevents documents being viewed from the internal data carrier by unauthorised people and any outsider being able to connect to the MFP from outside the network
• S/MIME for scan to email: Attaches a digital signature and encrypts message contents when scanning and sending by email for data protection against wiretapping
- S/MIME (Secure/Multipurpose Internet Mail Extensions) is a standard for public key encryption and signing of email encapsulated in MIME
- It is an Internet Standard that extends the format of e-mail to support text in character sets other than US-ASCII, non-text attachments, multi-part message bodies and header information in non-ASCII character sets
Document Processes & Protection
Capture
Store & Manage
Output
Distribution
User Identification & Authorisation
Authentication
Authorisation
Systems Configuration & Devices
MfPs & Printers
Device Management
Network Protection
Monitoring & Auditing
Network Protection
Wireless Access Security Physically Secure Ports Control IP Address Access - Communication Protocols Network Authentication Protocol Device Management
Credentials
Security Solutions Overview
glossary
Case Studies
![Page 42: Your information. Our solutions. A secure combination ... · Your security. Our priority. We appreciate that your business information is a primary asset. If sensitive details end](https://reader034.vdocuments.us/reader034/viewer/2022050118/5f4eb609a6847937ac42b207/html5/thumbnails/42.jpg)
Network Authentication ProtocolObjeCTIve:• Provide strong security for users’ passwords
rISK:• Many internet protocols do not provide any password
security
• Hackers employ programs called ‘sniffers’ to extract passwords to access networks
• Sending an unencrypted password over a network is risky and can open it to attack
SOlUTION:• Many Ricoh devices support Kerberos authentication
• Kerberos authentication helps limit risks caused by unencrypted passwords and keeps networks more secure
Document Processes & Protection
Capture
Store & Manage
Output
Distribution
User Identification & Authorisation
Authentication
Authorisation
Systems Configuration & Devices
MfPs & Printers
Device Management
Network Protection
Monitoring & Auditing
Network Protection
Wireless Access Security Physically Secure Ports Control IP Address Access Communication Protocols - Network Authentication Protocol Device Management
Credentials
Security Solutions Overview
glossary
Case Studies
![Page 43: Your information. Our solutions. A secure combination ... · Your security. Our priority. We appreciate that your business information is a primary asset. If sensitive details end](https://reader034.vdocuments.us/reader034/viewer/2022050118/5f4eb609a6847937ac42b207/html5/thumbnails/43.jpg)
Device ManagementObjeCTIve:• Ensuring that device management is carried out in a secure
environment using SNMP
rISK:• Unauthorised users seeing the password and/or device
information
SOlUTION:• SNMP v3 Encrypted Communication: A network
management standard widely used in TCP/IP environments
• Provides a method of managing network hosts such as printers, scanners, workstation or server computers
• Groups bridges and hubs together into a ‘community’ from a centrally-located computer running network management software
• Allows administrators for example to change device settings from a networked PC with encrypted communications to maintain a secure environment
• Also offers user authentication and data encryption that delivers greater security features to protect customer data and network assets
• Prevents unauthorised users from seeing either the password and/or device information
• Uses SSL to communicate with devices
Document Processes & Protection
Capture
Store & Manage
Output
Distribution
User Identification & Authorisation
Authentication
Authorisation
Systems Configuration & Devices
MfPs & Printers
Device Management
Network Protection
Monitoring & Auditing
Network Protection
Wireless Access Security Physically Secure Ports Control IP Address Access Communication Protocols Network Authentication Protocol - Device Management
Credentials
Security Solutions Overview
glossary
Case Studies
![Page 44: Your information. Our solutions. A secure combination ... · Your security. Our priority. We appreciate that your business information is a primary asset. If sensitive details end](https://reader034.vdocuments.us/reader034/viewer/2022050118/5f4eb609a6847937ac42b207/html5/thumbnails/44.jpg)
Document Processes & Protection
Capture
Store & Manage
Output
Distribution
User Identification & Authorisation
Authentication
Authorisation
Systems Configuration & Devices
MfPs & Printers
Device Management
Network Protection
Monitoring & Auditing
Monitoring & Auditing
Credentials
Security Solutions Overview
glossary
Case Studies
Monitoring & Auditing
Helping you keep track and in control.• Areyournetworkeddevicesbeingusedinefficiently
or without permission?
• Doyouneedtoensurethatprinteddocumentsareidentifiable or can be attributed?
• Doyourequireaccurateandcomprehensivetrackingforproof of compliance?
We offer a range of tools that help track, monitor and manage device activity.
This brings the considerable benefits as monitoring provides transparency of use for more effective security of printers and MFPs, as well as enhanced cost control and proof of compliance.
Logging of security-related events such as authentication attempts and setting changes are recorded to provide audit trails. A complete listing of every job executed by the device is stored in the memory. When used together with external authentication modes, it can show which device was used and by whom in tracing unauthorised transmission attempts. Customised reporting can provide easy tracking of output print, copy and fax activities by device, individual project or workgroup.
In short, our tools offer better visibility and control of user access as well as accurate and comprehensive tracking for proof of compliance, and provide access logs by users for audit purposes.
Device Log Management Record Security-Related Events
![Page 45: Your information. Our solutions. A secure combination ... · Your security. Our priority. We appreciate that your business information is a primary asset. If sensitive details end](https://reader034.vdocuments.us/reader034/viewer/2022050118/5f4eb609a6847937ac42b207/html5/thumbnails/45.jpg)
Device Log ManagementObjeCTIve: Audit All Device Activity
• Enable better control of user access and tracking of print, copy and fax activities
• Convenient customised reporting with easy tracking of all document output by user, project or even workgroup (when used with authentication)
• Accurate and comprehensive tracking for proof of compliance and access job log by users for audit purposes
rISK:• Networked devices used inefficiently or without permission
• Printed documents cannot be identified or attributed
(Fundamental ISO27001 clause 4.3.2 Control of documents)
7.2.2. Information labelling and handling
SOlUTION:• Monitoring & Recording via protected logs: Access logs of
registered devices and configure which devices to collect logs from
• A complete listing of every job executed by the device is stored in the memory; enables accurate control of user access and tracking of copy and print information
• Monitor printing/scanning a document/receipt of fax
• When used in conjunction with user authentication modes, allows tracking of device usage by job, user, project or even workgroup. Also enables determination of which specific users may be abusing a device
• Shows which device was used and by whom in tracing unauthorised transmission
• Gives accurate and comprehensive tracking for proof of compliance and access job log by users for audit purposes
• Enables quotas and policies to be created for enhanced management of printers and MFPs for more effective security and greater cost control and sustainability
Document Processes & Protection
Capture
Store & Manage
Output
Distribution
User Identification & Authorisation
Authentication
Authorisation
Systems Configuration & Devices
MfPs & Printers
Device Management
Network Protection
Monitoring & Auditing
Monitoring & Auditing
- Device Log Management Record Security-Related Events
Credentials
Security Solutions Overview
glossary
Case Studies
![Page 46: Your information. Our solutions. A secure combination ... · Your security. Our priority. We appreciate that your business information is a primary asset. If sensitive details end](https://reader034.vdocuments.us/reader034/viewer/2022050118/5f4eb609a6847937ac42b207/html5/thumbnails/46.jpg)
Record Security-Related EventsObjeCTIve: • Monitor and record, via protected logs, any security
relevant events that occur within the MFP or printer
rISK:• Undetected attempts at authenticating or changes made to
security settings
SOlUTION:• Examples of these types of events might include;
successful and unsuccessful authentication attempts, changes in security relevant settings on the device, or changes in the content or state of the device’s internal security or accounting logs
job/Access logsExamples of events/data logged
• Login
• Logout
• Deletion of stored documents
• Log settings changed
• Log data transfer results
• Authentication lock-out
• Firmware update performed
• Change to Time/Date settings
• Authentication password changed
• Change made to Address Book contents
• The log data is encrypted before being saved to the Hard Disk Drive (HDD), which prevents any illegal acquisition or alteration of the data through unauthorised access to the HDD. In addition, the encrypted data is sent to the monitoring tool over an SSL connection
• The MFP or printer does not allow any changes to be made to the log data itself, i.e. the data can only be transferred to the monitoring tool in an unaltered, encrypted state. Therefore, the data cannot be overwritten or modified in any way, even by those with Administrator-level access rights
Document Processes & Protection
Capture
Store & Manage
Output
Distribution
User Identification & Authorisation
Authentication
Authorisation
Systems Configuration & Devices
MfPs & Printers
Device Management
Network Protection
Monitoring & Auditing
Monitoring & Auditing
Device Log Management- Record Security-Related Events
Credentials
Security Solutions Overview
glossary
Case Studies
![Page 47: Your information. Our solutions. A secure combination ... · Your security. Our priority. We appreciate that your business information is a primary asset. If sensitive details end](https://reader034.vdocuments.us/reader034/viewer/2022050118/5f4eb609a6847937ac42b207/html5/thumbnails/47.jpg)
CredentialsRicoh goes further than encouraging businesses to acquire secure devices; it also helps them to carefully examine their actual use. It does this by introducing security solutions whilst securing workflows adhering to existing company policies. Or by introducing new rules to create a secure document environment – protecting against both internal and external threats. This helps by not only reducing the risk of potential security breaches but also maintains trust in your brand.
Ieee2600.1 IT SecurityWithin Ricoh, we treat Information Security as just part of “how we do things”. As evidence of our commitment, we are prominent in the international working party for IEEE2600 which is the functional security standard for print devices.
In 2002, Ricoh were the first to receive ISO/IEC 15408 certification for a digital MFP device. Then in March 2010, we became the world’s first to obtain Common Criteria certification conforming to IEEE 2600.1 for MFPs for the Japan market. This certification is an international standard for IT security products for office use as well as government, where an even higher level of security is required.
Now our latest devices for the European Middle East and Africa (EMEA) market have also achieved this certification. This relates to our MFP products, Aficio MP2851/3351/4001/5001. This is in addition to certification for a number of our Data Overwrite Security System options.
Also certified: Device Management tool: Remote Communication Gate A (technology behind @Remote Office) achieved Common Criteria version 3.1, EAL3 certification in Feb 2011.
Ricoh will continue to obtain Common Criteria certification conforming to IEEE 2600.1 for its MFPs, printers and solutions; and will pioneer in the development of new security features to help protect printed and electronic data against opportunistic or targeted threats.
Device development & on-going monitoring for vulnerabilitiesWe continuously evaluate all our products during development. We also check for known vulnerability issues as reported by Internet security organisations such as the CERT Coordination Center. Whenever any such issues are found, we provide appropriate countermeasures.
best Practice – Our own Information SecurityWe have always taken a consistent and global approach to secure information – for ourselves as well as for our customers. In 2004, we gained ISO 27001 worldwide certification for Information Security management, for our head office and manufacturing sites (which over the following years, was extended for all our individual sites).
This standard covers all aspects of information security and Ricoh is unique in having information security system certified to the standard across all sites.
Document Processes & Protection
Capture
Store & Manage
Output
Distribution
User Identification & Authorisation
Authentication
Authorisation
Systems Configuration & Devices
MfPs & Printers
Device Management
Network Protection
Monitoring & Auditing
Credentials
Credentials
Security Solutions Overview
glossary
Case Studies
![Page 48: Your information. Our solutions. A secure combination ... · Your security. Our priority. We appreciate that your business information is a primary asset. If sensitive details end](https://reader034.vdocuments.us/reader034/viewer/2022050118/5f4eb609a6847937ac42b207/html5/thumbnails/48.jpg)
GlossaryAD - Active Directory
CC - Common Criteria (equivalent to ISO/IEC 15408): is an international standard for information security. The CC certification evaluates whether or not security functions properly work under certain conditions
DOSS - Data Overwrite Security System
HDD – Hard Disk Drive
Ieee 2600: specifies the security functions and requirements (document Protection Profile) which are subject to evaluation according to the CC security standard
IP - Internet Protocol
IPP - Internet Printing Protocol
IPsec - Internet Protocol Security: is a protocol suite for securing Internet Protocol (IP) communications
ISMS – Information Security Management System
Kerberos authentication: computer network authentication protocol
lDAP - lightweight Directory Access Protocol
MfP - Multifunction Product
OCr - Optical Character recognition
PKI - Public Key Infrastructure: is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates
rADIUS - remote Authentication Dial In User Service: is a networking protocol
rbAC - role-based Access Control
SMTP - Simple Mail Transfer Protocol: is an Internet standard for e-mail transmission across Internet Protocol (IP) networks
SSl - Secure Sockets layer: is a cryptographic protocol that provides communication security over the Internet
S/MIMe - Secure/Multipurpose Internet Mail extensions: is a standard for public key encryption and signing of email encapsulated in MIME
SNMP - Simple Network Management Protocol: is an Internet-standard protocol for managing devices on IP networks
TCP - Transmission Control Protocol: is one of the core protocols of the Internet Protocol Suite. TCP is one of the two original components of the suite, complementing the Internet Protocol (IP), and therefore the entire suite is referred to as TCP/IP
wPA - wi-fi Protect Access
Document Processes & Protection
Capture
Store & Manage
Output
Distribution
User Identification & Authorisation
Authentication
Authorisation
Systems Configuration & Devices
MfPs & Printers
Device Management
Network Protection
Monitoring & Auditing
glossary
Credentials
Security Solutions Overview
glossary
Case Studies
![Page 49: Your information. Our solutions. A secure combination ... · Your security. Our priority. We appreciate that your business information is a primary asset. If sensitive details end](https://reader034.vdocuments.us/reader034/viewer/2022050118/5f4eb609a6847937ac42b207/html5/thumbnails/49.jpg)
Document Processes & Protection
Capture
Store & Manage
Output
Distribution
User Identification & Authorisation
Authentication
Authorisation
Systems Configuration & Devices
MfPs & Printers
Device Management
Network Protection
Monitoring & Auditing
Case Studies
Credentials
Security Solutions Overview
glossary
Case Studies
Security In ActionRicoh European Headquarters: Triton StreetRicoh has used its own workflow solutions to safeguard its information and ensure security compliance within its new open plan office in London.
IberdrolaIberdrola, a Fortune 500 company, is a world leader in wind energy and one of Europe’s leading energy suppliers. Iberdrola needed a reliable and effective Managed Document Solution that would grant them control of costs, safeguard information security and give the ability to control their print environment.
Click on an Adobe PDf icon to download the Case Study.
![Page 50: Your information. Our solutions. A secure combination ... · Your security. Our priority. We appreciate that your business information is a primary asset. If sensitive details end](https://reader034.vdocuments.us/reader034/viewer/2022050118/5f4eb609a6847937ac42b207/html5/thumbnails/50.jpg)
Security Solutions OverviewDocument Processes & Protection
Credentials
glossary
Case Studies
Capture
Store & Manage
Electronic Document Management Document Integrity PDF/A for File Preservation
Secure Conversion
Output
Secure Printing Copy Data Security Watermarking Archiving Print Jobs
Distribution
Control Scan/Fax Destinations Secure PDF Sharing Faxing Security Removal of Confidential Text
Systems Configuration & Devices
MfPs & Printers
Secure Printing Hard Disk Drive Security Security Certification
Device Management
Security Features
User Identification & Authorisation
Authentication
User Authentication Card Authentication
Authorisation
Administrator Authentication User Access Control
Network Protection
Wireless Access Security Physically Secure Ports Control IP Address Access Communication Protocols Network Authentication Protocol Device Management
Device Log Management Record Security-Related Events
Monitoring & Auditing
![Page 51: Your information. Our solutions. A secure combination ... · Your security. Our priority. We appreciate that your business information is a primary asset. If sensitive details end](https://reader034.vdocuments.us/reader034/viewer/2022050118/5f4eb609a6847937ac42b207/html5/thumbnails/51.jpg)
www.ricoh-europe.com/securitymatters
Your information. Our solutions. A secure combination.
Ricoh_SecureCombination_Overview_v1.0 October 2011Copyright © 2011 Ricoh Europe PLC. All rights reserved. This brochure, its contents and/or layout may not be modified and/or adapted, copied in part or in whole and/or incorporated into another works without the prior permission of Ricoh Europe PLC.
www.ricoh-europe.com
IT Services Office Solutions Production Printing Managed Document Services