Secure Product Development and Product Security
Our products are developed according to a System Development Lifecycle (SDLC) process, which is an agile-based development process that, among others, models itself with and resembles the processes as defined by the National Institute of Standards and Technology (NIST) and Open Web Application Security Project (OWASP).
Our maintenance and support agreements regularly provide product and security updates for our hardware and software products, as well as our cloud applications. This includes security updates as well for their components until the end of their respective end of support life.
When a product is considered at the end of its life, appropriate security processes allow customers to safely and securely dispose of their confidential and personal data stored in the Canon environment on-premise and in the cloud.
Canon offers security update services remotely or by local Canon service representatives subject to regular maintenance agreements. Our remote interaction with On Remote Service to our products meets ISO27001 standards.
Depending on the product type, product system security updates can also be managed directly by the customer (e.g. by visiting https://downloads.cpp.canon).
For customers operating in critical and highly secured environments in which remote update services are not allowed, Canon offers onsite update services by Canon-trained and certified service engineers. For more information on these onsite services, please contact a local Canon sales or service representative.
Responses to reported vulnerabilities are treated according to our Incident Response Procedure with a team of security experts evaluating vulnerabilities, incidents, and security risks and propose solutions and risk mitigation actions.
Canon PSIRT (Product Security Incident Response Team) is the organization responsible for responding to vulnerabilities that are associated with products and services from Canon Inc..
Advisories and notifications as well as the reporting of security issues for Canon Inc. products, can be found here: https://psirt.canon