Xerox is committed to being the leader in multifunction device and printer security. As such, we also are committed to helping customers maintain a secure network environment, particularly as it relates to the use of multifunction products (MFPs) – those that print, copy, fax and scan. Since all MFPs, regardless of vendor, contain hard drives and software, they require security precautions associated with other network peripherals. We introduced the industry’s first office MFP in 1995 and are in the forefront in the development of security features for these systems.
We strongly endorse the internationally recognized ISO 15408 Common Criteria for Information Technology Security Evaluation and have validated more than 50 of our office MFPs to this standard. This gives Xerox one of the industry’s broadest arrays of printers and copiers certified to meet our customers’ strictest security requirements. Our policy and practice is to have an entire multifunction system evaluated – not just individual features or a security kit.
Although we test extensively for security vulnerabilities in our software before we bring a product to market, we recognize that someone with intent and the requisite knowledge may, at times, find a way around security protections. We encourage people to notify us of any network security concerns, and we move immediately to provide a solution. We develop software patches for vulnerabilities and post them at www.xerox.com/security. In addition, we quickly update our manufacturing process to integrate the security fixes.
We manage security throughout the product life cycle from design to development, manufacturing, deployment and, ultimately, to disposal. Security functionality is completely integrated at the individual device level and extends seamlessly to the fleet. State-of-the-art encryption is used extensively to protect customer information, both while at rest in the device and in motion to and from the device. The authentication and authorization features are unmatched in their ability to control usage; yet, they also are easy to use. We put special emphasis on the care and handling of machines that are returned to us after lease expiration or otherwise. Disks in these devices are destroyed or completely remastered to remove any residual customer information before they are reused.