Fuji Xerox Acquires ISO27001 Certification for
Information Security Management
December 15, 2005
| Fuji Xerox Co., Ltd. acquired ISO27001
(ISO/IEC27001) for information security management systems
on December 6, 2005. The certifying body was Japan Audit and
Certification Organization for Information Security (JACO-IS),
and Fuji Xerox was the first company that it certified for
the ISO27001. |
| The certification targeted Fuji Xerox's
Xnet user verification service that was constructed using
its proprietary Public Key Infrastructure (PKI) technology.
Xnet first received the UK-based BS7799-2:2002Note1
Information Security Management System (ISMS) certification
from a Japanese certifying body in January 2002, and further
acquired the domestic ISMS (Ver.2.0.C)Note2
in February 2004. Fuji Xerox received a new certifying inspection
on December 2, 2005, following the switch from the BS7799-2:2002
standard to the ISO27001 (ISO/IEC27001) standard announced
on October 15, 2005, acquiring the new certification only
two months after it became available. |
| Fuji Xerox worked for many years in areas
of quality management such as Total Quality Control (TQC)
and Total Quality Management (TQM), and has leveraged management
systems accumulated over years to augment existing information
security, as well as responded actively to the requests by
certifying bodies in areas where improvement was needed, including
additional management measures and efficacy assessment. In
this way, Fuji Xerox was highly rated for its efforts in improving
information security management systems in the area of PDCA
management cycles, which are required by ISO27001, and a key
reason why the Company acquired certification in such a short
time. |
|
Note1
|
Certification by the United Kingdom
Accreditation Service (UKAS) |
| Note2 |
Certification by the Japan Information
Processing Development Center (JIPDC) |
| Xnet is a proprietary user verification
service for extranet, which was constructed using Fuji Xerox's
PKI technology designed for secure information sharing between
business partners and Fuji Xerox. To prevent data leakage
and tampering of e-mail and network services, Fuji Xerox provides
an electronic verification issuing service, which verifies
individuals and sites specifically chosen via electronic signature
and encrypting, as well as document delivery service, which
opens a secure temporary file location and allows safe delivery
of data files via the Internet. The services and internal
operating expertise offered by Xnet were commercialized as
a service package, and went on sale in November 2001 as Fuji
Xerox Secure Document Exchange Service (SDES). |
| Key Efforts in Information Security at
Fuji Xerox |
| Fuji Xerox began developing information
security protocols from 1999, and aggressively undertook to
bolster information security management within the Company.
In January 2002, Xnet acquired the UK-based BS7799-2:2002,
and further acquired the domestic ISMS (Ver.2.0.C) in February
2004. In September 2005, Fuji Xerox developed proprietary
methods and operating systems in the domestic sales division
and acquired both the BS7799-2:2002 and the ISMS (Ver.2.0.C).
Fuji Xerox provides an SDES service package that utilizes
its expertise, as well as consulting services for information
security. |
| Construction and service provision for
Xnet are vital elements in bolstering information security
for Fuji Xerox and all affiliated companies, and the Company
has begun applying these activities to user verification services
for all Fuji Xerox employees. With this recent certification,
Fuji Xerox will further accelerate efforts in information
security, which will play an increasingly critical role. |
|
|
