Putting Customers First

Safe Products and Services

Customer Health and Safety

Safety always has been a cornerstone of our work in product development. Our comprehensive Product Safety Plan details our health and safety requirements, and all Xerox imaging equipment is assessed for conformance to these standards. We evaluate all potential health and safety hazards, including the ways different hazards may interact. Furthermore, we take a conservative position on the potential health risks to our employees and customers, always meeting or exceeding government safety regulations.

Customers are encouraged to review product safety information and understand the environmental profile of our devices. User guides contain information regarding safe use as well as any applicable hazard warnings. Our Product Safety Data Sheets (PSDS) offer environmental, health and safety information for each Xerox device. Safety Data Sheets (SDS) identify hazards associated with specific materials and describe how they can be safely handled, used and stored. Both our SDS and product labeling have been updated to meet the requirements of the Globally Harmonized System of Classification and Labeling of Chemicals (GHS) as implemented through regulations in our various markets. Customers can access PSDS and SDS in multiple languages at www.xerox.com/environment.

We have robust processes for tracking regulatory violations and non-conformity with voluntary codes and labels. In 2017, no such instances resulted in fines or sanctions. We also have a comprehensive process in place for tracking customer concerns and other field events. All customer issues, such as incidents involving component failures and other potential safety concerns, are investigated carefully to determine the root cause, as well as monitored to discover trends. Corrective actions are implemented as necessary.

Materials

We have made a long-term commitment to eliminate the use of persistent, bio accumulative and toxic materials throughout our supply chain by applying strict internal standards and tightly managing chemicals. Our supplier requirements periodically are updated as regulations change, and new information becomes available. All new product designs refer to these requirements, and suppliers are expected to verify their compliance with them. Learn more at www.xerox.com/environment.

Toxicologists conduct a comprehensive assessment of new materials in our products to ensure conformance with applicable global registration, hazard communication, and waste handling and disposal requirements. As a result of our stringent requirements, Xerox toners and printing products are non-carcinogenic and non-mutagenic. In addition, these products do not: cause adverse developmental or reproductive effects; pose a toxicity hazard to humans or aquatic species; cause a permanent adverse impact to the skin, eyes or respiratory system; or have the potential to generate federally regulated hazardous waste. We were the first in our industry to evaluate the health effects of toner and have done so for over 30 years.

Our requirements for minimizing toxic materials govern our product design and materials selection. We have re-engineered or eliminated processes to dramatically reduce the use of toxics and heavy metals, and have made substantial progress in eliminating the use of mercury. Mercury-containing lamps that scan images and backlight user displays are being phased out as alternatives become available.

Our safety and supplier processes enable us to meet global regulations governing chemical use. Since 2007, Xerox’s newly launched products have been designed to meet the European Restriction of Hazardous Substances (RoHS) requirements in all markets. However, where regulations allow, some products may contain parts with small amounts of RoHS substances in order to avoid premature disposal of existing parts that have usable life. Similar types of legislation continue to be implemented in many other market regions. Through our proactive regulatory tracking process, we expect to be fully compliant with all aspects of these regulations as the provisions become effective and applicable. In 2017, we reported no issues with noncompliance to RoHS.

Ergonomic Design

We consider the ergonomic aspects of our products from both a user and service standpoint to ensure inclusion and operability. Our design teams take into account all points of human interface, including product’s height, curves and placement of touch screens and paper trays. We also place a high value on the end-user experience through human factors, industrial design and user interface design to promote ease-of-use, ease-of-learning and transfer of learning. Product design teams work directly with customers in our labs to test and continually improve the usability of new products.

Machine Emissions

Consistent with the world’s most stringent ecolabels, we design products to control emissions of chemicals and noise. As a result, current products have achieved chemical emission levels that are well below global regulatory requirements — often at or near the detection limit of our measurement equipment — and are considered to have a negligible impact on customers’ work environments. We publish emissions data for our products on our PSDS.

Toner Study

Xerox concluded two comprehensive investigations that lasted more than three decades on the health risks of inhaling xerographic toner. These studies included assessments of the health of current employees and the causes of death for people who worked for the company between 1960 and 1982. The analysis demonstrated that the health and mortality patterns of Xerox employees were consistent with a healthy working population and, in fact, our employees had a lower rate of disease (i.e., were healthier) than the general population. In October 2010, the mortality study was published in the peer-reviewed Journal of Occupational and Environmental Medicine.

Third-Party Supplies Sold by Xerox

Xerox sells imaging supplies through its distribution network that are manufactured by other companies for use in other Original Equipment Manufacturer (OEM) printers. Manufacturing processes combine patented and patent-pending technology, environmental management principles, and proven waste prevention manufacturing and recycling processes. We thoroughly review these supplies to ensure compliance with appropriate regulatory requirements. In addition, we assess them against our own stringent standards. The results of these reviews ultimately determine which products carry the Xerox brand. Information is provided on Safety Data Sheets (SDS), which meet the requirements of the Globally Harmonized System of Classification and Labeling of Chemicals (GHS) as implemented through regulations in our various markets.

Accessibility and Mobility

In the print industry, Xerox was the first in many ways to design products that are accessible as well as easy to operate by all users, including people with disabilities. Our dedicated team of design professionals upholds that commitment for the products and services we provide.

To make our systems accessible for people with disabilities, Xerox has developed several accessories, such as angled consoles, Braille console labels, magnifying lenses for visually impaired users and “start print” foot switches. We design software for embedded web servers and print drivers to be compatible with screen readers to enable people with visual impairments to operate them. On an ongoing basis, we strive to improve our performance around accessibility and adapt products so that ease of use is not compromised.

Xerox stepped forward in 1998 when Congress amended Section 508 of the U.S. Rehabilitation Act of 1973. We developed solutions to adapt our technology for use by government workers who are disabled. We also established a rigorous process to evaluate our products’ compliance to meet Section 508 accessibility requirements. In the near future, Section 508 rules will change, and new input is expected to come from the European Union and the Far East.

Learn more about our efforts pertaining to Section 508 accessibility requirements.

Our focus on increased mobility has expanded with the anywhere, always-on enterprise. We’re enabling enterprises to manage a complex infrastructure as employees are bringing their own devices to work and demanding the same seamless, secure ability to find, use and print business documents. Xerox technology, such as mobile print solutions, is enhancing easy access to information.

Customer Satisfaction

Our customer experience is the key to our success. By listening to customers and enhancing our work based on their input, we are able to develop both meaningful relationships and quantifiable analytics to continuously improve our programs and processes.

Relationship Surveys

Through relationship surveys, we ask our customers and partners about their experiences working with Xerox. The surveys identify levels of customer satisfaction with our products, services and support. The feedback helps us determine which improvements are most likely to bolster customer value and help differentiate us from the competition. We follow a rigorous management process to ensure customer feedback is addressed at multiple levels with full accountability by the business.

Transactional Surveys

We employ transactional surveys to monitor satisfaction with our products and services. These surveys help us to diagnose root causes of complex issues. Transactional surveys also tell us if we have achieved the objectives of our service-level agreements and if our customers are satisfied with individual interactions.

We offer a survey on our Support & Driver website that identifies customer satisfaction and purpose for visiting the site, as well as gathering verbatim feedback. The participation level is less than one percent of the site visitors, but we can extract from the data areas of opportunities for customer experience on our Support site. We are in the planning cycle to update the user experience to increase the customer’s ability to locate the plethora of content available.

Tracking Customer Satisfaction

Our global customer experience platform includes survey features and functions, as well as advanced analytics capabilities, which drive progress in our customer experience program through better insights and closed-loop follow-up. In addition, the centralized platform provides a basis for governance and measurement process oversight.

Social Media

We have several customer support social media offerings, enhancing the online support experience and providing new ways for customers to engage with Xerox Support in the U.S.

• The Xerox Support Community offers a peer-to-peer forum where customers and other industry professionals can collaborate about Xerox equipment and software. Customers may also access this online community with their mobile devices, enhancing their support experience with social networking on the go.
• The At Your Service blog provides customers with a light hearted and insightful look into equipment features and services.
• Xerox’s latest support news is shared with followers of the @XeroxSupport Twitter handle. Customers may also engage with us for product information and technical assistance.
• The Xerox Support YouTube site is the most recent addition. It contains product videos to help with device questions and edification.

We actively listen to, and engage in, conversations generated by consumers in public forums and social media. This enables us to better understand consumers’ experiences with our products and processes, and their perceptions of our brand. Social media listening focuses on individual, publicly available conversations and provides insight into the impact of our products, processes, people, innovations and communications.

We frequently see an increase in likes and retweets of our blog articles as customers find them very helpful. We listen to our customers and have begun a design effort to improve the customer experience on our Support website. As mentioned, some enhancements include, the Xerox Support YouTube site, the ability to see the service status. More enhancements will be integrated on the site so keep checking to see what’s new.

Xerox Corporate Focus Executive Program

The Xerox Corporate Focus Executive Program fosters relationships with our top corporate accounts. A senior Xerox executive is assigned to collaborate with our account team to understand customer requirements, establish and implement strategic account plans, marshal resources to eliminate customer concerns and build strong, productive customer partnerships that enhance customer satisfaction and accelerate revenue growth.

Executive Customer Care Program

For more than 20 years, our corporate officers have volunteered in rotation as “Customer Care Officer of the Day.” The program provides customers the opportunity to share their concerns with our senior leaders. It also gives our executives a unique opportunity to hear from a broad range of customers first-hand.

The officer, supported by a team of dedicated professional problem solvers, assumes personal responsibility for assisting with any and all customer concerns. The Officer of the Day has three main priorities: listen to the customer, address the customer’s problem and take the necessary action to fix the underlying cause. It is a time-honored commitment to our customer focus.

Data Privacy

At Xerox, we take the utmost care to prevent the unauthorized use or disclosure of information our customers, employees and vendors provide. Our Office of General Counsel works internationally with data privacy experts in our Information Management, Information Technology, Ethics, Risk Management, Corporate Security, Human Resources and Product Development groups to develop, maintain and enforce robust privacy and information security policies and practices at Xerox.

Our success depends directly on the confidence our customers have in the capability, performance and security of our products and services. To ensure this, we have policies and controls in place to provide privacy protection for personally identifiable information maintained by Xerox. Our policies follow industry best practices, including the use of encryption technology and data loss protection software.

Additionally, we research and monitor the data-protection laws in the countries where we do business to ensure that we comply with applicable requirements. For example, we comply with the following international laws where applicable:

• Canadian Personal Information Protection and Electronic Documents Act
• European Union Directive 95/46/EC on the protection of personal data
• EU General Data Protection Regulation (GDPR)
• Applicable U.S. federal and state privacy laws

Adherence to Xerox policies are enforced through a combination of technical and manual safeguards on our systems and facilities, as well as through violations against employees. Annual training regarding ethics, privacy and security is required of all employees. Additional specialized privacy training is required for certain roles, and numerous training programs are available for employees to take on their own initiative. An Ethics hotline (available publicly and intra-company) and an Incident Response hotline (available intra-company) are for reporting alleged violations for investigation by dedicated, cross-disciplinary teams.

Read more about Xerox privacy policies.

Cyber Security

Cyber-attacks pose a threat to our customers, our employees, and our partners — in short, our very business. That’s why we’re always on the alert, working to stop hackers who would deface our website or gain access to sensitive information. We have comprehensive plans to deal with sophisticated threats, such as organized cyber criminals, cyber-espionage groups and even state-sponsored intrusion.

Our cybersecurity strategy has five major components:

Data-centric Protection

We use data segregation, encryption and data-loss-prevention technologies to ensure safe and secure processing and sharing of critical information. In addition, all data is classified according to its sensitivity. This classification process enables us to understand the relative importance of securing each dataset and make an informed business decision about the level and allocation of resources required.

Standards-based Management

By following industry-standard cybersecurity guidelines, we ensure our processes are repeatable, predictable and easily understandable.

Of the numerous cybersecurity control frameworks, we chose to implement both ISO 27000 and the National Institute of Standards & Technology Cybersecurity Framework:

• ISO 27000 Information Security Management System — this international standard defines “requirements for establishing, implementing, maintaining and continually improving an information security management system.” We incorporate ISO 27000 as a normal part of our business processes. Independent auditors have certified many of our systems and data centers as ISO 27000-compliant.
• National Institute of Standards and Technology Cybersecurity Framework — created through collaboration between industry and government, this framework protects networks and infrastructure. The prioritized, flexible and scalable approach helps us manage cybersecurity-related risk in a cost-effective manner. This framework already has proven useful to predict, detect, disrupt or deter, respond and recover valuable data.

Capability maturity assessments performed by independent parties and benchmarking with other companies find our implementation to be sound, relevant and aligned with industry standards.

Continuous Assessment

We utilize a combination of evidence-based assessments, vulnerability scanning and penetration tests to validate that our data protection is effective and to ensure controls are operating properly on an ongoing basis.

Cybersecurity Incident Response

We have emergency response procedures in place throughout our business. If we were to encounter an attempted cybersecurity attack, we would take the following actions:

• Identify whom to notify internally
• Establish a multidiscipline virtual response team
• Implement monitoring protocols and egress prevention
• Estimate the extent of the compromise
• Coordinate with legal counsel and insurance carrier
• If necessary, notify legal authorities

These steps provide a general framework; business units have detailed plans tailored to their needs. We perform tests to assess our operational and managerial readiness on a regular basis.

Cyber Risk Management

Recent high-profile breaches in the media demonstrate that any organization can suffer a cyber attack. When this occurs, there may be costly consequences — such as regulatory fines or purchasing identity-theft monitoring for affected parties. Many companies invest in Errors & Omissions or Cyber Liability Insurance to mitigate this risk.

Many insurance carriers and underwriters assess the level of risk when determining insurance rates. Xerox, as well as other companies, has received reduced premiums and/or more favorable policy limits by implementing effective cybersecurity management.

Cybersecurity is not solely the responsibility of the IT Department. By collaborating across our company, we effectively manage risk, reduce the likelihood, limit the impact of exposure and enable quick recovery from any attack on our infrastructure, networks and systems.