User`s guide
Ver 1.20.2
R i c o h A m e r i c a s C o r p o r a t i o n
Page 149
22.7.3.2 Data and Network Security
To protect against loss, corruption, or unauthorized access, the Integrated Cloud Environment’s
systems and procedures are designed and maintained for maximum security of all customer
data. Among the security aspects of the Integrated Cloud Environment production systems and
network are:
Network perimeter defenses to prevent unauthorized access to the system and internal
network, including redundant firewalls and intrusion detection/prevention systems with
24-hour monitoring, and event logging, to identify and respond to potential threats.
Multi-tiered system architecture to limit access and vulnerabilities due to security
breaches.
Redundant and Stripped Storage (RAID 50 - A RAID 50 combines the straight block-level
striping of RAID 0 with the distributed parity of RAID 5) devices to prevent data loss,
ensure integrity, and improve performance.
Continuous data replication to a physically separate storage area network (SAN) within
the Savvis facility (refer to 9.6.4 Savvis Inc.) and a fully documented recovery plan.
Hardened operating system on all production machines with regular security patching
and vulnerability scanning.
Virus protection to prevent malicious data corruption.
22.7.3.3 Systems Support
Integrated Cloud Environment system support is provided by a seasoned team of system and
networking professionals certified in all key components of the physical production systems and
Integrated Cloud Environment application. System personnel are available 24 hours a day, 7
days a week to ensure that the system remains accessible at all times. “Real-Time“ systems
monitoring is implemented to immediately notify the support staff should a problem occur.
Scheduled routine maintenance is performed to ensure the application is running optimally,
and incorporates the latest software updates and upgrades including up-to-date protective
measures, such as virus protection. All Integrated Cloud Environment systems are fully
redundant to minimize the chance data of loss or corruption.
22.7.3.4 Operational and Process Security
To ensure maximum security in all phases of the Integrated Cloud Environment’s development
and support, Ricoh Americas Corporation incorporates a formalized set of “Information Security
Management System (ISMS)” policies, and is ISO 27001 compliant. Developed by the
International Organization for Standardization (ISO), ISO 27001 ensures that the guidelines and
general principles for initiating, implementing, maintaining, and improving information security
management within an organization are maintained. To ensure compliance with defined
procedures, regular audits are conducted.